[Web] r/o API keys, Pushover integration (can be limited by ACL), other minor changes

master
andryyy 2020-04-10 20:57:01 +02:00
parent ccdb7fcd26
commit 8f4540d5d9
14 changed files with 1670 additions and 1111 deletions

View File

@ -81,8 +81,8 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
</div> </div>
</div> </div>
<legend data-target="#license" class="arrow-toggle" unselectable="on" data-toggle="collapse"> <legend style="cursor:pointer;" data-target="#license" class="arrow-toggle" unselectable="on" data-toggle="collapse">
<span style="font-size:12px" class="arrow rotate glyphicon glyphicon-menu-down"></span> <?=$lang['admin']['guid_and_license'];?> <span style="font-size:12px" class="arrow rotate glyphicon glyphicon-menu-up"></span> <?=$lang['admin']['guid_and_license'];?>
</legend> </legend>
<div id="license" class="collapse in"> <div id="license" class="collapse in">
<form class="form-horizontal" autocapitalize="none" autocorrect="off" role="form" method="post"> <form class="form-horizontal" autocapitalize="none" autocorrect="off" role="form" method="post">
@ -113,40 +113,47 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
</form> </form>
</div> </div>
<legend data-target="#api" class="arrow-toggle" unselectable="on" data-toggle="collapse"> <legend style="margin-top:20px">
<span style="font-size:12px" class="arrow rotate glyphicon glyphicon-menu-down"></span> API <span style="font-size:12px" class="arrow rotate glyphicon glyphicon-wrench"></span> API
</legend> </legend>
<?php <?php
$api = admin_api('get'); $api_ro = admin_api('ro', 'get');
$api_rw = admin_api('rw', 'get');
?> ?>
<div id="api" class="collapse"> <div class="panel-group" id="accordion">
<div class="panel panel-default">
<div class="panel-heading">
<h4 class="panel-title">
<a data-toggle="collapse" data-parent="#accordion" href="#api-ro">
Read-Only Access</a>
</h4>
</div>
<div id="api-ro" class="panel-collapse collapse">
<div class="panel-body">
<form class="form-horizontal" autocapitalize="none" autocorrect="off" role="form" method="post"> <form class="form-horizontal" autocapitalize="none" autocorrect="off" role="form" method="post">
<div class="form-group"> <div class="form-group">
<label class="control-label col-sm-3" for="allow_from"><?=$lang['admin']['api_allow_from'];?>:</label> <label class="control-label col-sm-3" for="allow_from_ro"><?=$lang['admin']['api_allow_from'];?>:</label>
<div class="col-sm-9"> <div class="col-sm-9">
<textarea class="form-control" rows="5" name="allow_from" id="allow_from" <?=($api['skip_ip_check'] == 1) ? 'disabled' : null;?> required><?=htmlspecialchars($api['allow_from']);?></textarea> <textarea class="form-control" rows="2" name="allow_from" id="allow_from_ro" <?=($api_ro['skip_ip_check'] == 1) ? 'disabled' : null;?> required><?=htmlspecialchars($api_ro['allow_from']);?></textarea>
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<div class="col-sm-offset-3 col-sm-9"> <div class="col-sm-offset-3 col-sm-9">
<label> <label>
<input type="checkbox" id="skip_ip_check" name="skip_ip_check" <?=($api['skip_ip_check'] == 1) ? 'checked' : null;?>> <?=$lang['admin']['api_skip_ip_check'];?> <input type="checkbox" name="skip_ip_check" id="skip_ip_check_ro" <?=($api_ro['skip_ip_check'] == 1) ? 'checked' : null;?>> <?=$lang['admin']['api_skip_ip_check'];?>
</label> </label>
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label class="control-label col-sm-3" for="admin_api_key"><?=$lang['admin']['api_key'];?>:</label> <label class="control-label col-sm-3"><?=$lang['admin']['api_key'];?>:</label>
<div class="col-sm-9"> <div class="col-sm-9">
<div class="input-group"> <pre><?=(empty(htmlspecialchars($api_ro['api_key']))) ? '-' : htmlspecialchars($api_ro['api_key']);?></pre>
<span class="input-group-addon">Read-Write</span>
<input type="text" class="form-control" placeholder="-" value="<?=htmlspecialchars($api['api_key']);?>" readonly>
</div>
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<div class="col-sm-offset-3 col-sm-9"> <div class="col-sm-offset-3 col-sm-9">
<label> <label>
<input type="checkbox" name="active" <?=($api['active'] == 1) ? 'checked' : null;?>> <?=$lang['admin']['activate_api'];?> <input type="checkbox" name="active" <?=($api_ro['active'] == 1) ? 'checked' : null;?>> <?=$lang['admin']['activate_api'];?>
</label> </label>
</div> </div>
</div> </div>
@ -154,13 +161,65 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
<div class="col-sm-offset-3 col-sm-9"> <div class="col-sm-offset-3 col-sm-9">
<p class="help-block"><?=$lang['admin']['api_info'];?></p> <p class="help-block"><?=$lang['admin']['api_info'];?></p>
<div class="btn-group"> <div class="btn-group">
<button class="btn btn-default" name="admin_api" type="submit" href="#"><span class="glyphicon glyphicon-check"></span> <?=$lang['admin']['save'];?></button> <button class="btn btn-sm btn-default" name="admin_api[ro]" type="submit" href="#"><span class="glyphicon glyphicon-check"></span> <?=$lang['admin']['save'];?></button>
<button class="btn btn-info" name="admin_api_regen_key" type="submit" href="#"><?=$lang['admin']['regen_api_key'];?></button> <button class="btn btn-sm btn-primary" name="admin_api_regen_key[ro]" type="submit" href="#"><?=$lang['admin']['regen_api_key'];?></button>
</div> </div>
</div> </div>
</div> </div>
</form> </form>
</div> </div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">
<h4 class="panel-title">
<a data-toggle="collapse" data-parent="#accordion" href="#api-rw">
Read-Write Access</a>
</h4>
</div>
<div id="api-rw" class="panel-collapse collapse">
<div class="panel-body">
<form class="form-horizontal" autocapitalize="none" autocorrect="off" role="form" method="post">
<div class="form-group">
<label class="control-label col-sm-3" for="allow_from_rw"><?=$lang['admin']['api_allow_from'];?>:</label>
<div class="col-sm-9">
<textarea class="form-control" rows="2" name="allow_from" id="allow_from_rw" <?=($api_rw['skip_ip_check'] == 1) ? 'disabled' : null;?> required><?=htmlspecialchars($api_rw['allow_from']);?></textarea>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-9">
<label>
<input type="checkbox" name="skip_ip_check" id="skip_ip_check_rw" <?=($api_rw['skip_ip_check'] == 1) ? 'checked' : null;?>> <?=$lang['admin']['api_skip_ip_check'];?>
</label>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-3" for="admin_api_key"><?=$lang['admin']['api_key'];?>:</label>
<div class="col-sm-9">
<pre><?=(empty(htmlspecialchars($api_rw['api_key']))) ? '-' : htmlspecialchars($api_rw['api_key']);?></pre>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-9">
<label>
<input type="checkbox" name="active" <?=($api_rw['active'] == 1) ? 'checked' : null;?>> <?=$lang['admin']['activate_api'];?>
</label>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-9">
<p class="help-block"><?=$lang['admin']['api_info'];?></p>
<div class="btn-group">
<button class="btn btn-sm btn-default" name="admin_api[rw]" type="submit" href="#"><span class="glyphicon glyphicon-check"></span> <?=$lang['admin']['save'];?></button>
<button class="btn btn-sm btn-primary" name="admin_api_regen_key[rw]" type="submit" href="#"><?=$lang['admin']['regen_api_key'];?></button>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div> </div>
</div> </div>

View File

@ -564,6 +564,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
$mailbox = html_entity_decode(rawurldecode($_GET["mailbox"])); $mailbox = html_entity_decode(rawurldecode($_GET["mailbox"]));
$result = mailbox('get', 'mailbox_details', $mailbox); $result = mailbox('get', 'mailbox_details', $mailbox);
$rl = ratelimit('get', 'mailbox', $mailbox); $rl = ratelimit('get', 'mailbox', $mailbox);
$pushover_data = pushover('get', $mailbox);
$quarantine_notification = mailbox('get', 'quarantine_notification', $mailbox); $quarantine_notification = mailbox('get', 'quarantine_notification', $mailbox);
if (!empty($result)) { if (!empty($result)) {
?> ?>
@ -733,6 +734,57 @@ if (isset($_SESSION['mailcow_cc_role'])) {
</div> </div>
</form> </form>
<hr> <hr>
<form data-id="pushover" class="form well" method="post">
<input type="hidden" value="0" name="active">
<div class="row">
<div class="col-sm-1">
<p class="help-block"><a href="https://pushover.net" target="_blank"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAMAAABg3Am1AAACglBMVEUAAAAAAAEAAAAilecFGigAAAAAAAAAAAAAAAANj+c3n+Ypm+oeYI4KWI4MieAtkdQbleoJcLcjmeswmN4Rit4KgdMKUYQJKUAQSnILL0kMNlMSTngimOoNPF0hlOQBBgkNOlkRS3MHIjUhk+IPf8wKLUYsjM0AAAASTngAAAAAAAAPfckbdLIbdrYUWIgegsgce70knfEAAAAknfENOVkGHi8YaaIjnvEdgMUhkuAQSG8aca0hleQUh9YLjOM4nOEMgtMcbaYWa6YemO02ltkKhNktgLodYZEPXJEyi8kKesktfLUzj84cWYMiluckZ5YJXJYeW4Y0k9YKfs4yjs0pc6YHZaUviskLfMkqmugak+cqkNcViNcqeK4Iaq4XRmYGPmYMKDsFJTstgr0LdL0ti84CCQ4BCQ4Qgc8rlt8XjN8shcQsi8wZSGgEP2cRMEUDKkUAAAD///8dmvEamfExo/EXmPEWl/ERlvElnvEsofEjnfETl/Enn/Ezo/E4pvEvovEfm/E1pPEzpPEvofEOlfEpoPEamPEQlfEYmfE6p/EgnPEVlvEroPE3pfE2pfENk/Ern/E3pPEcmfEfmvEnnvBlufT6/P0soPAknPDd7/zs9vzo9PxBqfItofAqoPD9/f3B4/q43/mx2/l/xfZ6w/Vxv/VtvfVgt/RXtPNTsfNEq/L3+/31+v3a7fvR6vvH5fqs2vmc0/jx+P3v9/3h8fzW7PvV7PvL5/q13fmo1/mh1PiY0fiNy/aHyfZ2wfVou/Vdt/RPsPM3oeoQkuowmeAgjdgcgMQbeLrw9/3k8vy74Pm63/mX0PdYtfNNr/Ikm+4wnOchkuAVjOAfdrMVcrOdoJikAAAAcnRSTlMAIQ8IzzweFwf+/fvw8P79+/Xt7e3p6eji4d7U08y8qZyTiIWDgn53bWxqaWBKQ0JBOjUwMCkoJCEfHBkT/vz8/Pv7+vr69/b29PTy7ezm5ubm5N7e29vQ0M/Pv7+4uLW1pqaWloWDg3x7e21mUVFFRUXdPracAAAEbElEQVRIx4WUZbvaQBCFF+ru7u7u7u7u7t4mvVwSoBC0JIUCLRQolLq7u7vr/+nMLkmQyvlwyfPcd86e3ZldUqwyQ/p329J+XfutPQYOLUP+q55rFtQJRvY79+xxlZTUWbKpz7/xrrMr2+3BoNPpdLn2lJQ4HEeqLOr1d7z7XNkesQed4A848G63Oy4Gmg/6Mz542QvZbqe8C/Ig73CLYiYTrtLmT3zfqbIcAR7y4wIqH/B6M9Fo0+Ldb6sM9ph/v4ozPuz12mxRofaAAr7jCNkuoz/jNf9AGHibkBCm51fsGKvxsAGWx4H+jBcEi6V2birDpCL/9Klrd1KHbiSvPWP8V0tTnTfO03iXi57P6WNHOVUf44IFdFDRz6pV5fw8Zy5z3JVH5+R48OwxqDiGvKJIY9R+9JsCuJ5HPg74OVEMpz+nbdEPUHEWeEk6IDUnTC1l5r+f8uffc0cfxc8fS17kLso24SwUPFDA/6DE82xKDOPliJ7n/GGOOyWK9zD9CdjvOfg9Dv6AH+AX04LW9gj2i8W/APx1UbxwCAu+wPmcpgUKL/EHdvtq4uwaZwCuznPJVY5LHhED15G/isd5Hz4eKui/e/du02YoKFeD5mHzHIN/nxEDe25gQQwKorAid04CfyzwL4XutXvl1Pt1guMOwwKPkU8mYIFT8JHK+vv8prpDScUVL+j8s3lOctw1GIhbWHAS+HgKPk7xPM/4UtNAYmzizJkf6NgTb/gM8jePQLsewMdthS3g95tMpT1IhVm6v1s8fYmLeb13Odwp8Fh5KY048y/d14WUrwrb1e/X/rNp73nkD8kWS+wi/MZ4XuetG4mhKubJm3/WNEvi8SHwB56nPKjUam0LBdp9ARwupFemTYudvgN/L1+A/Ko/LGBuS8pPy+YR1fuCTWNKnUyoeUyYx2o2dyEVGmr5xTD42xzvkD16+Pb9WIIH6fmt1r3mbsTY7Bvw+n23naT8BUWh86bz6G/e259UXPUK3gfAxQDlo7Rpx3Geqb2e3wp83SGEdKpB7zvwYbzvT2n65xLwbH6YP+M9C8vA8E1wxLU8gkCbdhXGUyrMgwVrcbzLHonr78lzDvWM3q/C/HtDlXoSUIe3YkblhRPIX4E8Oo/9siLv8dRjV7SBlkdgTXvKS7nzsA/9AfeEuhKq9T8zWIDv1Sd6ETAP4D6/H/1V+1BojvruNa4SZXz4JhY84dV5MOF5agUvu5OsOo+KRpG30KalEnoeDccFlutPZYs38D5n3zcpr1/0fBhfb3DOY1z2tSAgLxWezz6zuoHhfUmOejf6blHQH/sFuJYfcMZX307ytKvRa3ifoV/586P5j+tICtS77BuJxzxYAPZsntX8k3eSIhlajK4p8b7iefCEKs03kD/I2LnxL9ovH+43y4fAv1YrI/mzDBsavAX/UppfzVOrZT/ydxk6lJ047MfLfVbcb6hS9ZEzWxekKQ5WrtPqZg3rV6tWrX6Tle3KQZj/q6KxQnmDoXwFY0VSrN9e8FRXBCTAvwAAAABJRU5ErkJggg==" class="img img-fluid"></a></p>
</div>
<div class="col-sm-10">
<div class="form-group">
<div class="row">
<div class="col-sm-6">
<div class="form-group">
<label for="token">API Token/Key (Application)</label>
<input type="text" class="form-control" name="token" maxlength="30" value="<?=$pushover_data['token'];?>" required>
</div>
</div>
<div class="col-sm-6">
<div class="form-group">
<label for="key">User/Group Key</label>
<input type="text" class="form-control" name="key" maxlength="30" value="<?=$pushover_data['key'];?>" required>
</div>
</div>
<div class="col-sm-6">
<div class="form-group">
<label for="title"><?=$lang['admin']['pushover_title'];?></label>
<input type="text" class="form-control" name="title" value="<?=$pushover_data['title'];?>" placeholder="Mail">
</div>
</div>
<div class="col-sm-6">
<div class="form-group">
<label for="text"><?=$lang['admin']['pushover_text'];?></label>
<input type="text" class="form-control" name="text" value="<?=$pushover_data['text'];?>" placeholder="You've got mail 📧">
</div>
</div>
<div class="col-sm-12">
<div class="checkbox">
<label><input type="checkbox" value="1" name="active" <?=($pushover_data['active']=="1") ? "checked" : null;?>> <?=$lang['edit']['active'];?></label>
</div>
</div>
</div>
</div>
<hr>
<p><?=sprintf($lang['admin']['pushover_info'], $mailbox);?></p>
<div class="btn-group" data-acl="<?=$_SESSION['acl']['pushover'];?>">
<a class="btn btn-sm btn-default" data-action="edit_selected" data-id="pushover" data-item="<?=htmlspecialchars($mailbox);?>" data-api-url='edit/pushover' data-api-attr='{}' href="#"><?=$lang['admin']['save'];?></a>
<a class="btn btn-sm btn-default" data-action="edit_selected" data-id="pushover-test" data-item="<?=htmlspecialchars($mailbox);?>" data-api-url='edit/pushover-test' data-api-attr='{}' href="#"><span class="glyphicon glyphicon-check" aria-hidden="true"></span> <?=$lang['admin']['pushover_verify'];?></a>
<a class="btn btn-sm btn-danger" data-action="edit_selected" data-id="pushover-delete" data-item="<?=htmlspecialchars($mailbox);?>" data-api-url='edit/pushover' data-api-attr='{"delete":"true"}' href="#"><span class="glyphicon glyphicon-trash" aria-hidden="true"></span> <?=$lang['admin']['remove'];?></a>
</div>
</div>
</div>
</form>
<hr>
<form data-id="mboxratelimit" class="form-inline well" method="post"> <form data-id="mboxratelimit" class="form-inline well" method="post">
<div class="row"> <div class="row">
<div class="col-sm-1"> <div class="col-sm-1">

View File

@ -1143,7 +1143,7 @@ function verify_tfa_login($username, $token) {
} }
return false; return false;
} }
function admin_api($action, $data = null) { function admin_api($access, $action, $data = null) {
global $pdo; global $pdo;
global $lang; global $lang;
if ($_SESSION['mailcow_cc_role'] != "admin") { if ($_SESSION['mailcow_cc_role'] != "admin") {
@ -1154,9 +1154,10 @@ function admin_api($action, $data = null) {
); );
return false; return false;
} }
switch ($access) {
case "rw":
switch ($action) { switch ($action) {
case "edit": case "edit":
$regen_key = $data['admin_api_regen_key'];
$active = (isset($data['active'])) ? 1 : 0; $active = (isset($data['active'])) ? 1 : 0;
$skip_ip_check = (isset($data['skip_ip_check'])) ? 1 : 0; $skip_ip_check = (isset($data['skip_ip_check'])) ? 1 : 0;
$allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $data['allow_from'])); $allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $data['allow_from']));
@ -1190,11 +1191,11 @@ function admin_api($action, $data = null) {
strtoupper(bin2hex(random_bytes(3))), strtoupper(bin2hex(random_bytes(3))),
strtoupper(bin2hex(random_bytes(3))) strtoupper(bin2hex(random_bytes(3)))
)); ));
$stmt = $pdo->query("SELECT `api_key` FROM `api`"); $stmt = $pdo->query("SELECT `api_key` FROM `api` WHERE `access` = 'rw'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if (empty($num_results)) { if (empty($num_results)) {
$stmt = $pdo->prepare("INSERT INTO `api` (`api_key`, `skip_ip_check`, `active`, `allow_from`) $stmt = $pdo->prepare("INSERT INTO `api` (`api_key`, `skip_ip_check`, `active`, `allow_from`, `access`)
VALUES (:api_key, :skip_ip_check, :active, :allow_from);"); VALUES (:api_key, :skip_ip_check, :active, :allow_from, 'rw');");
$stmt->execute(array( $stmt->execute(array(
':api_key' => $api_key, ':api_key' => $api_key,
':skip_ip_check' => $skip_ip_check, ':skip_ip_check' => $skip_ip_check,
@ -1204,7 +1205,7 @@ function admin_api($action, $data = null) {
} }
else { else {
if ($skip_ip_check == 0) { if ($skip_ip_check == 0) {
$stmt = $pdo->prepare("UPDATE `api` SET `skip_ip_check` = :skip_ip_check, `active` = :active, `allow_from` = :allow_from ;"); $stmt = $pdo->prepare("UPDATE `api` SET `skip_ip_check` = :skip_ip_check, `active` = :active, `allow_from` = :allow_from WHERE `access` = 'rw';");
$stmt->execute(array( $stmt->execute(array(
':active' => $active, ':active' => $active,
':skip_ip_check' => $skip_ip_check, ':skip_ip_check' => $skip_ip_check,
@ -1212,7 +1213,7 @@ function admin_api($action, $data = null) {
)); ));
} }
else { else {
$stmt = $pdo->prepare("UPDATE `api` SET `skip_ip_check` = :skip_ip_check, `active` = :active ;"); $stmt = $pdo->prepare("UPDATE `api` SET `skip_ip_check` = :skip_ip_check, `active` = :active WHERE `access` = 'rw';");
$stmt->execute(array( $stmt->execute(array(
':active' => $active, ':active' => $active,
':skip_ip_check' => $skip_ip_check ':skip_ip_check' => $skip_ip_check
@ -1228,16 +1229,103 @@ function admin_api($action, $data = null) {
strtoupper(bin2hex(random_bytes(3))), strtoupper(bin2hex(random_bytes(3))),
strtoupper(bin2hex(random_bytes(3))) strtoupper(bin2hex(random_bytes(3)))
)); ));
$stmt = $pdo->prepare("UPDATE `api` SET `api_key` = :api_key"); $stmt = $pdo->prepare("UPDATE `api` SET `api_key` = :api_key WHERE `access` = 'rw'");
$stmt->execute(array( $stmt->execute(array(
':api_key' => $api_key ':api_key' => $api_key
)); ));
break; break;
case "get": case "get":
$stmt = $pdo->query("SELECT * FROM `api`"); $stmt = $pdo->query("SELECT * FROM `api` WHERE `access` = 'rw'");
$apidata = $stmt->fetch(PDO::FETCH_ASSOC); $apidata = $stmt->fetch(PDO::FETCH_ASSOC);
return $apidata; return $apidata;
break; break;
}
case "ro":
switch ($action) {
case "edit":
$active = (isset($data['active'])) ? 1 : 0;
$skip_ip_check = (isset($data['skip_ip_check'])) ? 1 : 0;
$allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $data['allow_from']));
foreach ($allow_from as $key => $val) {
if (empty($val)) {
continue;
}
if (!filter_var($val, FILTER_VALIDATE_IP)) {
$_SESSION['return'][] = array(
'type' => 'warning',
'log' => array(__FUNCTION__, $data),
'msg' => array('ip_invalid', htmlspecialchars($allow_from[$key]))
);
unset($allow_from[$key]);
continue;
}
}
$allow_from = implode(',', array_unique(array_filter($allow_from)));
if (empty($allow_from) && $skip_ip_check == 0) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $data),
'msg' => 'ip_list_empty'
);
return false;
}
$api_key = implode('-', array(
strtoupper(bin2hex(random_bytes(3))),
strtoupper(bin2hex(random_bytes(3))),
strtoupper(bin2hex(random_bytes(3))),
strtoupper(bin2hex(random_bytes(3))),
strtoupper(bin2hex(random_bytes(3)))
));
$stmt = $pdo->query("SELECT `api_key` FROM `api` WHERE `access` = 'ro'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if (empty($num_results)) {
$stmt = $pdo->prepare("INSERT INTO `api` (`api_key`, `skip_ip_check`, `active`, `allow_from`, `access`)
VALUES (:api_key, :skip_ip_check, :active, :allow_from, 'ro');");
$stmt->execute(array(
':api_key' => $api_key,
':skip_ip_check' => $skip_ip_check,
':active' => $active,
':allow_from' => $allow_from
));
}
else {
if ($skip_ip_check == 0) {
$stmt = $pdo->prepare("UPDATE `api` SET `skip_ip_check` = :skip_ip_check, `active` = :active, `allow_from` = :allow_from WHERE `access` = 'ro';");
$stmt->execute(array(
':active' => $active,
':skip_ip_check' => $skip_ip_check,
':allow_from' => $allow_from
));
}
else {
$stmt = $pdo->prepare("UPDATE `api` SET `skip_ip_check` = :skip_ip_check, `active` = :active WHERE `access` = 'ro';");
$stmt->execute(array(
':active' => $active,
':skip_ip_check' => $skip_ip_check
));
}
}
break;
case "regen_key":
$api_key = implode('-', array(
strtoupper(bin2hex(random_bytes(3))),
strtoupper(bin2hex(random_bytes(3))),
strtoupper(bin2hex(random_bytes(3))),
strtoupper(bin2hex(random_bytes(3))),
strtoupper(bin2hex(random_bytes(3)))
));
$stmt = $pdo->prepare("UPDATE `api` SET `api_key` = :api_key WHERE `access` = 'ro'");
$stmt->execute(array(
':api_key' => $api_key
));
break;
case "get":
$stmt = $pdo->query("SELECT * FROM `api` WHERE `access` = 'ro'");
$apidata = $stmt->fetch(PDO::FETCH_ASSOC);
return $apidata;
break;
}
break;
} }
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'success', 'type' => 'success',

View File

@ -3343,6 +3343,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$stmt = $pdo->prepare("SELECT `maxquota`, `quota` FROM `domain` WHERE `domain` = :domain"); $stmt = $pdo->prepare("SELECT `maxquota`, `quota` FROM `domain` WHERE `domain` = :domain");
$stmt->execute(array(':domain' => $row['domain'])); $stmt->execute(array(':domain' => $row['domain']));
$DomainQuota = $stmt->fetch(PDO::FETCH_ASSOC); $DomainQuota = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt = $pdo->prepare("SELECT IFNULL(COUNT(`active`), 0) AS `pushover_active` FROM `pushover` WHERE `username` = :username AND `active` = 1");
$stmt->execute(array(':username' => $_data));
$PushoverActive = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt = $pdo->prepare("SELECT COALESCE(SUM(`quota`), 0) as `in_use` FROM `mailbox` WHERE `kind` NOT REGEXP 'location|thing|group' AND `domain` = :domain AND `username` != :username"); $stmt = $pdo->prepare("SELECT COALESCE(SUM(`quota`), 0) as `in_use` FROM `mailbox` WHERE `kind` NOT REGEXP 'location|thing|group' AND `domain` = :domain AND `username` != :username");
$stmt->execute(array(':domain' => $row['domain'], ':username' => $_data)); $stmt->execute(array(':domain' => $row['domain'], ':username' => $_data));
$MailboxUsage = $stmt->fetch(PDO::FETCH_ASSOC); $MailboxUsage = $stmt->fetch(PDO::FETCH_ASSOC);
@ -3375,6 +3378,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$mailboxdata['percent_in_use'] = ($row['quota'] == 0) ? '- ' : round((intval($row['bytes']) / intval($row['quota'])) * 100); $mailboxdata['percent_in_use'] = ($row['quota'] == 0) ? '- ' : round((intval($row['bytes']) / intval($row['quota'])) * 100);
$mailboxdata['messages'] = $row['messages']; $mailboxdata['messages'] = $row['messages'];
$mailboxdata['spam_aliases'] = $SpamaliasUsage['sa_count']; $mailboxdata['spam_aliases'] = $SpamaliasUsage['sa_count'];
$mailboxdata['pushover_active'] = ($PushoverActive['pushover_active'] == 1) ? $lang['mailbox']['yes'] : $lang['mailbox']['no'];
if ($mailboxdata['percent_in_use'] === '- ') { if ($mailboxdata['percent_in_use'] === '- ') {
$mailboxdata['percent_class'] = "info"; $mailboxdata['percent_class'] = "info";
} }

View File

@ -0,0 +1,175 @@
<?php
function pushover($_action, $_data = null) {
global $pdo;
global $lang;
switch ($_action) {
case 'edit':
if (!isset($_SESSION['acl']['pushover']) || $_SESSION['acl']['pushover'] != "1" ) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data),
'msg' => 'access_denied'
);
return false;
}
if (!is_array($_data['username'])) {
$usernames = array();
$usernames[] = $_data['username'];
}
else {
$usernames = $_data['username'];
}
foreach ($usernames as $username) {
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data),
'msg' => 'access_denied'
);
continue;
}
$delete = $_data['delete'];
if ($delete == "true") {
$stmt = $pdo->prepare("DELETE FROM `pushover` WHERE `username` = :username");
$stmt->execute(array(
':username' => $username
));
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data, $_data),
'msg' => 'pushover_settings_edited'
);
continue;
}
$key = $_data['key'];
$token = $_data['token'];
if (!ctype_alnum($key) || strlen($key) != 30) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_data),
'msg' => 'pushover_key'
);
continue;
}
if (!ctype_alnum($token) || strlen($token) != 30) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data, $_data),
'msg' => 'pushover_token'
);
continue;
}
$title = $_data['title'];
$text = $_data['text'];
$active = intval($_data['active']);
$stmt = $pdo->prepare("REPLACE INTO `pushover` (`username`, `key`, `token`, `title`, `text`, `active`)
VALUES (:username, :key, :token, :title, :text, :active)");
$stmt->execute(array(
':username' => $username,
':key' => $key,
':token' => $token,
':title' => $title,
':text' => $text,
':active' => $active
));
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data, $_data),
'msg' => 'pushover_settings_edited'
);
}
break;
case 'get':
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data),
'msg' => 'access_denied'
);
return false;
}
$stmt = $pdo->prepare("SELECT * FROM `pushover` WHERE `username` = :username");
$stmt->execute(array(
':username' => $_data
));
$data = $stmt->fetch(PDO::FETCH_ASSOC);
if (empty($data)) {
return false;
}
else {
return $data;
}
break;
case 'test':
if (!isset($_SESSION['acl']['pushover']) || $_SESSION['acl']['pushover'] != "1" ) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data),
'msg' => 'access_denied'
);
return false;
}
if (!is_array($_data['username'])) {
$usernames = array();
$usernames[] = $_data['username'];
}
else {
$usernames = $_data['username'];
}
foreach ($usernames as $username) {
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data),
'msg' => 'access_denied'
);
continue;
}
$stmt = $pdo->prepare("SELECT * FROM `pushover`
WHERE `username` = :username");
$stmt->execute(array(
':username' => $username
));
$api_data = $stmt->fetch(PDO::FETCH_ASSOC);
if (!empty($api_data)) {
$title = (!empty($api_data['title'])) ? $api_data['title'] : 'Mail';
$text = (!empty($api_data['text'])) ? $api_data['text'] : 'You\'ve got mail 📧';
curl_setopt_array($ch = curl_init(), array(
CURLOPT_URL => "https://api.pushover.net/1/users/validate.json",
CURLOPT_POSTFIELDS => array(
"token" => $api_data['token'],
"user" => $api_data['key']
),
CURLOPT_SAFE_UPLOAD => true,
CURLOPT_RETURNTRANSFER => true,
));
$result = curl_exec($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpcode == 200) {
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data),
'msg' => sprintf('Pushover API OK (%d): %s', $httpcode, $result)
);
}
else {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data),
'msg' => sprintf('Pushover API ERR (%d): %s', $httpcode, $result)
);
}
}
else {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data),
'msg' => 'pushover_credentials_missing'
);
return false;
}
}
break;
}
}

View File

@ -3,7 +3,7 @@ function init_db_schema() {
try { try {
global $pdo; global $pdo;
$db_version = "03042020_0915"; $db_version = "09042020_1403";
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'"); $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@ -374,6 +374,7 @@ function init_db_schema() {
"syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'", "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
"eas_reset" => "TINYINT(1) NOT NULL DEFAULT '0'", "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
"sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '1'", "sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
"pushover" => "TINYINT(1) NOT NULL DEFAULT '0'",
// quarantine is for quarantine actions, todo: rename // quarantine is for quarantine actions, todo: rename
"quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'", "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
"quarantine_attachments" => "TINYINT(1) NOT NULL DEFAULT '1'", "quarantine_attachments" => "TINYINT(1) NOT NULL DEFAULT '1'",
@ -534,6 +535,7 @@ function init_db_schema() {
"sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'", "sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
"app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'", "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
"bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'", "bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
"pushover" => "TINYINT(1) NOT NULL DEFAULT '0'",
"filters" => "TINYINT(1) NOT NULL DEFAULT '1'", "filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
"ratelimit" => "TINYINT(1) NOT NULL DEFAULT '1'", "ratelimit" => "TINYINT(1) NOT NULL DEFAULT '1'",
"spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'", "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
@ -830,6 +832,22 @@ function init_db_schema() {
), ),
"attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC" "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
), ),
"pushover" => array(
"cols" => array(
"username" => "VARCHAR(255) NOT NULL",
"key" => "VARCHAR(255) NOT NULL",
"token" => "VARCHAR(255) NOT NULL",
"title" => "TEXT",
"text" => "TEXT",
"active" => "TINYINT(1) NOT NULL DEFAULT '1'"
),
"keys" => array(
"primary" => array(
"" => array("username")
)
),
"attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
),
"sogo_user_profile" => array( "sogo_user_profile" => array(
"cols" => array( "cols" => array(
"c_uid" => "VARCHAR(255) NOT NULL", "c_uid" => "VARCHAR(255) NOT NULL",

View File

@ -230,6 +230,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.dkim.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.fwdhost.inc.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.fwdhost.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.mailq.inc.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.mailq.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.oauth2.inc.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.oauth2.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.pushover.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.ratelimit.inc.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.ratelimit.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.transports.inc.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.transports.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.rspamd.inc.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.rspamd.inc.php';

View File

@ -57,6 +57,12 @@ if (!empty($_SERVER['HTTP_X_API_KEY'])) {
$_SESSION['mailcow_cc_username'] = 'API'; $_SESSION['mailcow_cc_username'] = 'API';
$_SESSION['mailcow_cc_role'] = 'admin'; $_SESSION['mailcow_cc_role'] = 'admin';
$_SESSION['mailcow_cc_api'] = true; $_SESSION['mailcow_cc_api'] = true;
if ($api_return['api_key'] == 'rw') {
$_SESSION['mailcow_cc_api_access'] = 'rw';
}
else {
$_SESSION['mailcow_cc_api_access'] = 'ro';
}
} }
else { else {
$redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']); $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);

View File

@ -100,17 +100,26 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admi
if (isset($_POST["reset_main_logo"])) { if (isset($_POST["reset_main_logo"])) {
customize('delete', 'main_logo'); customize('delete', 'main_logo');
} }
// API and license cannot be controlled by API // Some actions will not be available via API
if (isset($_POST["license_validate_now"])) { if (isset($_POST["license_validate_now"])) {
license('verify'); license('verify');
} }
if (isset($_POST["admin_api"])) { if (isset($_POST["admin_api"])) {
admin_api('edit', $_POST); if (isset($_POST["admin_api"]["ro"])) {
admin_api('ro', 'edit', $_POST);
}
elseif (isset($_POST["admin_api"]["rw"])) {
admin_api('rw', 'edit', $_POST);
}
} }
if (isset($_POST["admin_api_regen_key"])) { if (isset($_POST["admin_api_regen_key"])) {
admin_api('regen_key', $_POST); if (isset($_POST["admin_api_regen_key"]["ro"])) {
admin_api('ro', 'regen_key', $_POST);
}
elseif (isset($_POST["admin_api_regen_key"]["rw"])) {
admin_api('rw', 'regen_key', $_POST);
}
} }
// Not available via API
if (isset($_POST["rspamd_ui"])) { if (isset($_POST["rspamd_ui"])) {
rspamd_ui('edit', $_POST); rspamd_ui('edit', $_POST);
} }

View File

@ -45,6 +45,24 @@ jQuery(function($){
mailcow_alert_box('Regex OK', 'success'); mailcow_alert_box('Regex OK', 'success');
$('button[data-id="' + regex_map_id + '"]').attr({"disabled": false}); $('button[data-id="' + regex_map_id + '"]').attr({"disabled": false});
} }
});
$('.btn-api-ro').click(function() {
$('#api_rw').hide()
$('#api_ro').show()
$(this).addClass('active')
$('.btn-api-rw, .btn-api-hide').removeClass('active')
});
$('.btn-api-rw').click(function() {
$('#api_ro').hide()
$('#api_rw').show()
$(this).addClass('active')
$('.btn-api-ro, .btn-api-hide').removeClass('active')
});
$('.btn-api-hide').click(function() {
$('#api_ro').hide()
$('#api_rw').hide()
$(this).addClass('active')
$('.btn-api-ro, .btn-api-rw').removeClass('active')
}); });
$('.textarea-code').on('keyup', function() { $('.textarea-code').on('keyup', function() {
$('.submit_rspamd_regex').attr({"disabled": true}); $('.submit_rspamd_regex').attr({"disabled": true});
@ -360,13 +378,22 @@ jQuery(function($){
draw_transport_maps(); draw_transport_maps();
draw_queue(); draw_queue();
// API IP check toggle // API IP check toggle
$("#skip_ip_check").click(function( event ) { $("#skip_ip_check_ro").click(function( event ) {
$("#skip_ip_check").not(this).prop('checked', false); $("#skip_ip_check_ro").not(this).prop('checked', false);
if ($("#skip_ip_check:checked").length > 0) { if ($("#skip_ip_check_ro:checked").length > 0) {
$('#allow_from').prop('disabled', true); $('#allow_from_ro').prop('disabled', true);
} }
else { else {
$("#allow_from").removeAttr('disabled'); $("#allow_from_ro").removeAttr('disabled');
}
});
$("#skip_ip_check_rw").click(function( event ) {
$("#skip_ip_check_rw").not(this).prop('checked', false);
if ($("#skip_ip_check_rw:checked").length > 0) {
$('#allow_from_rw').prop('disabled', true);
}
else {
$("#allow_from_rw").removeAttr('disabled');
} }
}); });
// Relayhost // Relayhost

View File

@ -1,17 +1,8 @@
<?php <?php
/* /*
edit/alias => POST data: see /api
{
address: {a, b, c}, (where a, b, c represent alias addresses)
active: 1 (0 or 1)
}
delete/alias => POST data:
{
address: {a, b, c}, (where a, b, c represent alias addresses)
}
*/ */
header('Content-Type: application/json'); header('Content-Type: application/json');
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
error_reporting(0); error_reporting(0);
@ -103,6 +94,14 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
switch ($action) { switch ($action) {
case "add": case "add":
if ($_SESSION['mailcow_cc_api_access'] == 'ro' || isset($_SESSION['pending_mailcow_cc_username'])) {
http_response_code(403);
echo json_encode(array(
'type' => 'error',
'msg' => 'API read/write access denied'
));
exit();
}
function process_add_return($return) { function process_add_return($return) {
$generic_failure = json_encode(array( $generic_failure = json_encode(array(
'type' => 'error', 'type' => 'error',
@ -136,6 +135,7 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
)); ));
exit(); exit();
} }
switch ($category) { switch ($category) {
case "time_limited_alias": case "time_limited_alias":
process_add_return(mailbox('add', 'time_limited_alias', $attr)); process_add_return(mailbox('add', 'time_limited_alias', $attr));
@ -235,7 +235,44 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
)); ));
exit(); exit();
} }
if (!isset($_SESSION['pending_mailcow_cc_username'])) {
switch ($category) { switch ($category) {
case "u2f-registration":
header('Content-Type: application/javascript');
if (($_SESSION["mailcow_cc_role"] == "admin" || $_SESSION["mailcow_cc_role"] == "domainadmin") && $_SESSION["mailcow_cc_username"] == $object) {
list($req, $sigs) = $u2f->getRegisterData(get_u2f_registrations($object));
$_SESSION['regReq'] = json_encode($req);
$_SESSION['regSigs'] = json_encode($sigs);
echo 'var req = ' . json_encode($req) . ';';
echo 'var registeredKeys = ' . json_encode($sigs) . ';';
echo 'var appId = req.appId;';
echo 'var registerRequests = [{version: req.version, challenge: req.challenge}];';
}
else {
return;
}
break;
case "u2f-authentication":
header('Content-Type: application/javascript');
if (isset($_SESSION['pending_mailcow_cc_username']) && $_SESSION['pending_mailcow_cc_username'] == $object) {
$auth_data = $u2f->getAuthenticateData(get_u2f_registrations($object));
$challenge = $auth_data[0]->challenge;
$appId = $auth_data[0]->appId;
foreach ($auth_data as $each) {
$key = array(); // Empty array
$key['version'] = $each->version;
$key['keyHandle'] = $each->keyHandle;
$registeredKey[] = $key;
}
$_SESSION['authReq'] = json_encode($auth_data);
echo 'var appId = "' . $appId . '";';
echo 'var challenge = ' . json_encode($challenge) . ';';
echo 'var registeredKeys = ' . json_encode($registeredKey) . ';';
}
else {
return;
}
break;
case "rspamd": case "rspamd":
switch ($object) { switch ($object) {
case "actions": case "actions":
@ -1096,42 +1133,6 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
break; break;
} }
break; break;
case "u2f-registration":
header('Content-Type: application/javascript');
if (($_SESSION["mailcow_cc_role"] == "admin" || $_SESSION["mailcow_cc_role"] == "domainadmin") && $_SESSION["mailcow_cc_username"] == $object) {
list($req, $sigs) = $u2f->getRegisterData(get_u2f_registrations($object));
$_SESSION['regReq'] = json_encode($req);
$_SESSION['regSigs'] = json_encode($sigs);
echo 'var req = ' . json_encode($req) . ';';
echo 'var registeredKeys = ' . json_encode($sigs) . ';';
echo 'var appId = req.appId;';
echo 'var registerRequests = [{version: req.version, challenge: req.challenge}];';
}
else {
return;
}
break;
case "u2f-authentication":
header('Content-Type: application/javascript');
if (isset($_SESSION['pending_mailcow_cc_username']) && $_SESSION['pending_mailcow_cc_username'] == $object) {
$auth_data = $u2f->getAuthenticateData(get_u2f_registrations($object));
$challenge = $auth_data[0]->challenge;
$appId = $auth_data[0]->appId;
foreach ($auth_data as $each) {
$key = array(); // Empty array
$key['version'] = $each->version;
$key['keyHandle'] = $each->keyHandle;
$registeredKey[] = $key;
}
$_SESSION['authReq'] = json_encode($auth_data);
echo 'var appId = "' . $appId . '";';
echo 'var challenge = ' . json_encode($challenge) . ';';
echo 'var registeredKeys = ' . json_encode($registeredKey) . ';';
}
else {
return;
}
break;
case "dkim": case "dkim":
switch ($object) { switch ($object) {
default: default:
@ -1210,8 +1211,17 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
)); ));
exit(); exit();
} }
}
break; break;
case "delete": case "delete":
if ($_SESSION['mailcow_cc_api_access'] == 'ro' || isset($_SESSION['pending_mailcow_cc_username'])) {
http_response_code(403);
echo json_encode(array(
'type' => 'error',
'msg' => 'API read/write access denied'
));
exit();
}
function process_delete_return($return) { function process_delete_return($return) {
$generic_failure = json_encode(array( $generic_failure = json_encode(array(
'type' => 'error', 'type' => 'error',
@ -1338,6 +1348,14 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
} }
break; break;
case "edit": case "edit":
if ($_SESSION['mailcow_cc_api_access'] == 'ro' || isset($_SESSION['pending_mailcow_cc_username'])) {
http_response_code(403);
echo json_encode(array(
'type' => 'error',
'msg' => 'API read/write access denied'
));
exit();
}
function process_edit_return($return) { function process_edit_return($return) {
$generic_failure = json_encode(array( $generic_failure = json_encode(array(
'type' => 'error', 'type' => 'error',
@ -1376,6 +1394,12 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
case "bcc": case "bcc":
process_edit_return(bcc('edit', array_merge(array('id' => $items), $attr))); process_edit_return(bcc('edit', array_merge(array('id' => $items), $attr)));
break; break;
case "pushover":
process_edit_return(pushover('edit', array_merge(array('username' => $items), $attr)));
break;
case "pushover-test":
process_edit_return(pushover('test', array_merge(array('username' => $items), $attr)));
break;
case "oauth2-client": case "oauth2-client":
process_edit_return(oauth2('edit', 'client', array_merge(array('id' => $items), $attr))); process_edit_return(oauth2('edit', 'client', array_merge(array('id' => $items), $attr)));
break; break;

View File

@ -24,6 +24,9 @@
"apps": "Apps" "apps": "Apps"
}, },
"danger": { "danger": {
"pushover_token": "Pushover Token hat das falsche Format",
"pushover_key": "Pushover Key hat das falsche Format",
"pushover_credentials_missing": "Pushover Token und/oder Key fehlen",
"invalid_filter_type": "Ungültiger Filtertyp", "invalid_filter_type": "Ungültiger Filtertyp",
"file_open_error": "Datei kann nicht zum Schreiben geöffnet werden", "file_open_error": "Datei kann nicht zum Schreiben geöffnet werden",
"transport_dest_exists": "Transport Maps Ziel \"%s\" existiert bereits", "transport_dest_exists": "Transport Maps Ziel \"%s\" existiert bereits",
@ -135,6 +138,7 @@
"extra_acl_invalid_domain": "Externe Absenderadresse \"%s\" verwendet eine ungültige Domain" "extra_acl_invalid_domain": "Externe Absenderadresse \"%s\" verwendet eine ungültige Domain"
}, },
"success": { "success": {
"pushover_settings_edited": "Pushover Konfiguration gespeichert, bitte den Zugang im Anschluss verifizieren.",
"global_filter_written": "Filterdatei wurde erfolreich geschrieben", "global_filter_written": "Filterdatei wurde erfolreich geschrieben",
"learned_ham": "ID %s wurde erfolreich als Ham gelernt", "learned_ham": "ID %s wurde erfolreich als Ham gelernt",
"verified_totp_login": "TOTP Anmeldung verifiziert", "verified_totp_login": "TOTP Anmeldung verifiziert",
@ -224,8 +228,17 @@
"quota_exceeded_scope": "Domain-Quota erschöpft: Es können nur noch unlimiterte Mailboxen in dieser Domain erstellt werden." "quota_exceeded_scope": "Domain-Quota erschöpft: Es können nur noch unlimiterte Mailboxen in dieser Domain erstellt werden."
}, },
"user": { "user": {
"pushover_info": "Push-Benachrichtungen werden angewendet auf alle nicht-Spam Nachrichten zugestellt an <b>%s</b>, einschließlich Alias-Adressen (shared, non-shared, tagged).",
"verify": "Verifizieren",
"pushover_verify": "Verbindung verifizieren",
"title": "Title",
"pushover_title": "Notification Titel",
"text": "Text",
"pushover_text": "Notification Text ({SUBJECT} entspricht dem Mail-Betreff)",
"last_mail_login": "Letzter Mail-Login",
"last_mail_login": "Letzter Mail-Login", "last_mail_login": "Letzter Mail-Login",
"no_last_login": "Keine letzte UI Anmeldung gespeichert", "no_last_login": "Keine letzte UI Anmeldung gespeichert",
"save": "Änderungen speichern",
"generate": "generieren", "generate": "generieren",
"apple_connection_profile": "Apple Verbindungsprofil", "apple_connection_profile": "Apple Verbindungsprofil",
"apple_connection_profile_mailonly": "Dieses Verbindungsprofil beinhaltet IMAP und SMTP Konfigurationen für ein Apple Gerät.", "apple_connection_profile_mailonly": "Dieses Verbindungsprofil beinhaltet IMAP und SMTP Konfigurationen für ein Apple Gerät.",
@ -334,6 +347,13 @@
"spam_score_reset": "Auf Server-Standard zurücksetzen" "spam_score_reset": "Auf Server-Standard zurücksetzen"
}, },
"admin": { "admin": {
"pushover_info": "Push-Benachrichtungen werden angewendet auf alle nicht-Spam Nachrichten zugestellt an <b>%s</b>, einschließlich Alias-Adressen (shared, non-shared, tagged).",
"verify": "Verifizieren",
"pushover_verify": "Verbindung verifizieren",
"title": "Title",
"pushover_title": "Notification Titel",
"text": "Text",
"pushover_text": "Notification Text ({SUBJECT} entspricht dem Mail-Betreff)",
"spamfilter": "Spamfilter", "spamfilter": "Spamfilter",
"domain_s": "Domain(s)", "domain_s": "Domain(s)",
"rspamd-com_settings": "Ein Name wird automatisch generiert. Beispielinhalte zur Einsicht stehen nachstehend bereit. Siehe auch <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd docs</a>", "rspamd-com_settings": "Ein Name wird automatisch generiert. Beispielinhalte zur Einsicht stehen nachstehend bereit. Siehe auch <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd docs</a>",
@ -858,6 +878,7 @@
"relayhost_wrapped_tls_info": "Bitte <b>keine</b> TLS-wrapped Ports verwenden (etwa SMTPS via Port 465/tcp).<br>\r\nDer Transport wird stattdessen STARTTLS anfordern, um TLS zu verwenden. TLS kann unter \"TLS Policy Maps\" erzwungen werden." "relayhost_wrapped_tls_info": "Bitte <b>keine</b> TLS-wrapped Ports verwenden (etwa SMTPS via Port 465/tcp).<br>\r\nDer Transport wird stattdessen STARTTLS anfordern, um TLS zu verwenden. TLS kann unter \"TLS Policy Maps\" erzwungen werden."
}, },
"acl": { "acl": {
"pushover": "Pushover",
"spam_alias": "Temporäre E-Mail Aliasse", "spam_alias": "Temporäre E-Mail Aliasse",
"tls_policy": "Verschlüsselungsrichtlinie", "tls_policy": "Verschlüsselungsrichtlinie",
"spam_score": "Spam-Bewertung", "spam_score": "Spam-Bewertung",

View File

@ -30,6 +30,9 @@
"unlimited_quota_acl": "Unlimited quota prohibited by ACL", "unlimited_quota_acl": "Unlimited quota prohibited by ACL",
"mysql_error": "MySQL error: %s", "mysql_error": "MySQL error: %s",
"redis_error": "Redis error: %s", "redis_error": "Redis error: %s",
"pushover_token": "Pushover token has a wrong format",
"pushover_key": "Pushover key has a wrong format",
"pushover_credentials_missing": "Pushover token and or key missing",
"unknown_tfa_method": "Unknown TFA method", "unknown_tfa_method": "Unknown TFA method",
"totp_verification_failed": "TOTP verification failed", "totp_verification_failed": "TOTP verification failed",
"u2f_verification_failed": "U2F verification failed: %s", "u2f_verification_failed": "U2F verification failed: %s",
@ -135,6 +138,7 @@
"extra_acl_invalid_domain": "External sender \"%s\" uses an invalid domain" "extra_acl_invalid_domain": "External sender \"%s\" uses an invalid domain"
}, },
"success": { "success": {
"pushover_settings_edited": "Pushover settings successfully set, please verify credentials.",
"global_filter_written": "Filter was successfully written to file", "global_filter_written": "Filter was successfully written to file",
"learned_ham": "Successfully learned ID % as ham", "learned_ham": "Successfully learned ID % as ham",
"verified_totp_login": "Verified TOTP login", "verified_totp_login": "Verified TOTP login",
@ -221,11 +225,19 @@
"hash_not_found": "Hash not found or already deleted", "hash_not_found": "Hash not found or already deleted",
"fuzzy_learn_error": "Fuzzy hash learn error: %s", "fuzzy_learn_error": "Fuzzy hash learn error: %s",
"ip_invalid": "Skipped invalid IP: %s", "ip_invalid": "Skipped invalid IP: %s",
"quota_exceeded_scope": "Domain quota exceeded: Only unlimited/unrated mailboxes can be created in this domain scope." "quota_exceeded_scope": "Domain quota exceeded: Only unlimited mailboxes can be created in this domain scope."
}, },
"user": { "user": {
"pushover_info": "Push notification settings will apply to all clean (non-spam) mail delivered to <b>%s</b> including aliases (shared, non-shared, tagged).",
"verify": "Verify",
"pushover_verify": "Verify credentials",
"title": "Title",
"pushover_title": "Notification title",
"text": "Text",
"pushover_text": "Notification text ({SUBJECT} will be replaced by mail subject)",
"no_last_login": "No last UI login information", "no_last_login": "No last UI login information",
"last_mail_login": "Last mail login", "last_mail_login": "Last mail login",
"save": "Save changes",
"apple_connection_profile": "Apple connection profile", "apple_connection_profile": "Apple connection profile",
"apple_connection_profile_mailonly": "This connection profile includes IMAP and SMTP configuration parameters for an Apple device.", "apple_connection_profile_mailonly": "This connection profile includes IMAP and SMTP configuration parameters for an Apple device.",
"apple_connection_profile_complete": "This connection profile includes IMAP and SMTP parameters as well as CalDAV (calendars) and CardDAV (contacts) pathes for an Apple device.", "apple_connection_profile_complete": "This connection profile includes IMAP and SMTP parameters as well as CalDAV (calendars) and CardDAV (contacts) pathes for an Apple device.",
@ -334,6 +346,13 @@
"spam_score_reset": "Reset to server default" "spam_score_reset": "Reset to server default"
}, },
"admin": { "admin": {
"pushover_info": "Push notification settings will apply to all clean (non-spam) mail delivered to <b>%s</b> including aliases (shared, non-shared, tagged).",
"verify": "Verify",
"pushover_verify": "Verify credentials",
"title": "Title",
"pushover_title": "Notification title",
"text": "Text",
"pushover_text": "Notification text ({SUBJECT} will be replaced by mail subject)",
"spamfilter": "Spam filter", "spamfilter": "Spam filter",
"domain": "Domain", "domain": "Domain",
"domain_s": "Domain/s", "domain_s": "Domain/s",
@ -857,6 +876,7 @@
"relayhost_wrapped_tls_info": "Please do <b>not</b> use TLS-wrapped ports (mostly used on port 465).<br>\r\nUse any non-wrapped port and issue STARTTLS. A TLS policy to enforce TLS can be created in \"TLS policy maps\"." "relayhost_wrapped_tls_info": "Please do <b>not</b> use TLS-wrapped ports (mostly used on port 465).<br>\r\nUse any non-wrapped port and issue STARTTLS. A TLS policy to enforce TLS can be created in \"TLS policy maps\"."
}, },
"acl": { "acl": {
"pushover": "Pushover",
"spam_alias": "Temporary aliases", "spam_alias": "Temporary aliases",
"tls_policy": "TLS policy", "tls_policy": "TLS policy",
"spam_score": "Spam score", "spam_score": "Spam score",

View File

@ -76,6 +76,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
$_SESSION['return_to'] = $_SERVER['REQUEST_URI']; $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
$username = $_SESSION['mailcow_cc_username']; $username = $_SESSION['mailcow_cc_username'];
$mailboxdata = mailbox('get', 'mailbox_details', $username); $mailboxdata = mailbox('get', 'mailbox_details', $username);
$pushover_data = pushover('get', $username);
$clientconfigstr = "host=" . urlencode($mailcow_hostname) . "&email=" . urlencode($username) . "&name=" . urlencode($mailboxdata['name']) . "&ui=" . urlencode(strtok($_SERVER['HTTP_HOST'], ':')) . "&port=" . urlencode($autodiscover_config['caldav']['port']); $clientconfigstr = "host=" . urlencode($mailcow_hostname) . "&email=" . urlencode($username) . "&name=" . urlencode($mailboxdata['name']) . "&ui=" . urlencode(strtok($_SERVER['HTTP_HOST'], ':')) . "&port=" . urlencode($autodiscover_config['caldav']['port']);
if ($autodiscover_config['useEASforOutlook'] == 'yes') if ($autodiscover_config['useEASforOutlook'] == 'yes')
@ -101,6 +102,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
<li role="presentation"><a href="#Spamfilter" aria-controls="Spamfilter" role="tab" data-toggle="tab"><?=$lang['user']['spamfilter'];?></a></li> <li role="presentation"><a href="#Spamfilter" aria-controls="Spamfilter" role="tab" data-toggle="tab"><?=$lang['user']['spamfilter'];?></a></li>
<li role="presentation"><a href="#Syncjobs" aria-controls="Syncjobs" role="tab" data-toggle="tab"><?=$lang['user']['sync_jobs'];?></a></li> <li role="presentation"><a href="#Syncjobs" aria-controls="Syncjobs" role="tab" data-toggle="tab"><?=$lang['user']['sync_jobs'];?></a></li>
<li role="presentation"><a href="#AppPasswds" aria-controls="AppPasswds" role="tab" data-toggle="tab"><?=$lang['user']['app_passwds'];?></a></li> <li role="presentation"><a href="#AppPasswds" aria-controls="AppPasswds" role="tab" data-toggle="tab"><?=$lang['user']['app_passwds'];?></a></li>
<li role="presentation"><a href="#Pushover" aria-controls="Pushover" role="tab" data-toggle="tab">Pushover API</a></li>
</ul> </ul>
<hr> <hr>
@ -472,6 +474,59 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
</div> </div>
</div> </div>
<div role="tabpanel" class="tab-pane" id="Pushover">
<form data-id="pushover" class="form well" method="post">
<input type="hidden" value="0" name="active">
<div class="row">
<div class="col-sm-1">
<p class="help-block"><a href="https://pushover.net" target="_blank"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAMAAABg3Am1AAACglBMVEUAAAAAAAEAAAAilecFGigAAAAAAAAAAAAAAAANj+c3n+Ypm+oeYI4KWI4MieAtkdQbleoJcLcjmeswmN4Rit4KgdMKUYQJKUAQSnILL0kMNlMSTngimOoNPF0hlOQBBgkNOlkRS3MHIjUhk+IPf8wKLUYsjM0AAAASTngAAAAAAAAPfckbdLIbdrYUWIgegsgce70knfEAAAAknfENOVkGHi8YaaIjnvEdgMUhkuAQSG8aca0hleQUh9YLjOM4nOEMgtMcbaYWa6YemO02ltkKhNktgLodYZEPXJEyi8kKesktfLUzj84cWYMiluckZ5YJXJYeW4Y0k9YKfs4yjs0pc6YHZaUviskLfMkqmugak+cqkNcViNcqeK4Iaq4XRmYGPmYMKDsFJTstgr0LdL0ti84CCQ4BCQ4Qgc8rlt8XjN8shcQsi8wZSGgEP2cRMEUDKkUAAAD///8dmvEamfExo/EXmPEWl/ERlvElnvEsofEjnfETl/Enn/Ezo/E4pvEvovEfm/E1pPEzpPEvofEOlfEpoPEamPEQlfEYmfE6p/EgnPEVlvEroPE3pfE2pfENk/Ern/E3pPEcmfEfmvEnnvBlufT6/P0soPAknPDd7/zs9vzo9PxBqfItofAqoPD9/f3B4/q43/mx2/l/xfZ6w/Vxv/VtvfVgt/RXtPNTsfNEq/L3+/31+v3a7fvR6vvH5fqs2vmc0/jx+P3v9/3h8fzW7PvV7PvL5/q13fmo1/mh1PiY0fiNy/aHyfZ2wfVou/Vdt/RPsPM3oeoQkuowmeAgjdgcgMQbeLrw9/3k8vy74Pm63/mX0PdYtfNNr/Ikm+4wnOchkuAVjOAfdrMVcrOdoJikAAAAcnRSTlMAIQ8IzzweFwf+/fvw8P79+/Xt7e3p6eji4d7U08y8qZyTiIWDgn53bWxqaWBKQ0JBOjUwMCkoJCEfHBkT/vz8/Pv7+vr69/b29PTy7ezm5ubm5N7e29vQ0M/Pv7+4uLW1pqaWloWDg3x7e21mUVFFRUXdPracAAAEbElEQVRIx4WUZbvaQBCFF+ru7u7u7u7u7t4mvVwSoBC0JIUCLRQolLq7u7vr/+nMLkmQyvlwyfPcd86e3ZldUqwyQ/p329J+XfutPQYOLUP+q55rFtQJRvY79+xxlZTUWbKpz7/xrrMr2+3BoNPpdLn2lJQ4HEeqLOr1d7z7XNkesQed4A848G63Oy4Gmg/6Mz542QvZbqe8C/Ig73CLYiYTrtLmT3zfqbIcAR7y4wIqH/B6M9Fo0+Ldb6sM9ph/v4ozPuz12mxRofaAAr7jCNkuoz/jNf9AGHibkBCm51fsGKvxsAGWx4H+jBcEi6V2birDpCL/9Klrd1KHbiSvPWP8V0tTnTfO03iXi57P6WNHOVUf44IFdFDRz6pV5fw8Zy5z3JVH5+R48OwxqDiGvKJIY9R+9JsCuJ5HPg74OVEMpz+nbdEPUHEWeEk6IDUnTC1l5r+f8uffc0cfxc8fS17kLso24SwUPFDA/6DE82xKDOPliJ7n/GGOOyWK9zD9CdjvOfg9Dv6AH+AX04LW9gj2i8W/APx1UbxwCAu+wPmcpgUKL/EHdvtq4uwaZwCuznPJVY5LHhED15G/isd5Hz4eKui/e/du02YoKFeD5mHzHIN/nxEDe25gQQwKorAid04CfyzwL4XutXvl1Pt1guMOwwKPkU8mYIFT8JHK+vv8prpDScUVL+j8s3lOctw1GIhbWHAS+HgKPk7xPM/4UtNAYmzizJkf6NgTb/gM8jePQLsewMdthS3g95tMpT1IhVm6v1s8fYmLeb13Odwp8Fh5KY048y/d14WUrwrb1e/X/rNp73nkD8kWS+wi/MZ4XuetG4mhKubJm3/WNEvi8SHwB56nPKjUam0LBdp9ARwupFemTYudvgN/L1+A/Ko/LGBuS8pPy+YR1fuCTWNKnUyoeUyYx2o2dyEVGmr5xTD42xzvkD16+Pb9WIIH6fmt1r3mbsTY7Bvw+n23naT8BUWh86bz6G/e259UXPUK3gfAxQDlo7Rpx3Geqb2e3wp83SGEdKpB7zvwYbzvT2n65xLwbH6YP+M9C8vA8E1wxLU8gkCbdhXGUyrMgwVrcbzLHonr78lzDvWM3q/C/HtDlXoSUIe3YkblhRPIX4E8Oo/9siLv8dRjV7SBlkdgTXvKS7nzsA/9AfeEuhKq9T8zWIDv1Sd6ETAP4D6/H/1V+1BojvruNa4SZXz4JhY84dV5MOF5agUvu5OsOo+KRpG30KalEnoeDccFlutPZYs38D5n3zcpr1/0fBhfb3DOY1z2tSAgLxWezz6zuoHhfUmOejf6blHQH/sFuJYfcMZX307ytKvRa3ifoV/586P5j+tICtS77BuJxzxYAPZsntX8k3eSIhlajK4p8b7iefCEKs03kD/I2LnxL9ovH+43y4fAv1YrI/mzDBsavAX/UppfzVOrZT/ydxk6lJ047MfLfVbcb6hS9ZEzWxekKQ5WrtPqZg3rV6tWrX6Tle3KQZj/q6KxQnmDoXwFY0VSrN9e8FRXBCTAvwAAAABJRU5ErkJggg==" class="img img-fluid"></a></p>
</div>
<div class="col-sm-10">
<div class="form-group">
<div class="row">
<div class="col-sm-6">
<div class="form-group">
<label for="token">API Token/Key (Application)</label>
<input type="text" class="form-control" name="token" maxlength="30" value="<?=$pushover_data['token'];?>" required>
</div>
</div>
<div class="col-sm-6">
<div class="form-group">
<label for="key">User/Group Key</label>
<input type="text" class="form-control" name="key" maxlength="30" value="<?=$pushover_data['key'];?>" required>
</div>
</div>
<div class="col-sm-6">
<div class="form-group">
<label for="title"><?=$lang['user']['pushover_title'];?></label>
<input type="text" class="form-control" name="title" value="<?=$pushover_data['title'];?>" placeholder="Mail">
</div>
</div>
<div class="col-sm-6">
<div class="form-group">
<label for="text"><?=$lang['user']['pushover_text'];?></label>
<input type="text" class="form-control" name="text" value="<?=$pushover_data['text'];?>" placeholder="You've got mail 📧">
</div>
</div>
<div class="col-sm-12">
<div class="checkbox">
<label><input type="checkbox" value="1" name="active" <?=($pushover_data['active']=="1") ? "checked" : null;?>> <?=$lang['edit']['active'];?></label>
</div>
</div>
</div>
</div>
<hr>
<p><?=sprintf($lang['user']['pushover_info'], $username);?></p>
<div class="btn-group" data-acl="<?=$_SESSION['acl']['pushover'];?>">
<a class="btn btn-sm btn-default" data-action="edit_selected" data-id="pushover" data-item="<?=htmlspecialchars($username);?>" data-api-url='edit/pushover' data-api-attr='{}' href="#"><?=$lang['user']['save'];?></a>
<a class="btn btn-sm btn-default" data-action="edit_selected" data-id="pushover-test" data-item="<?=htmlspecialchars($username);?>" data-api-url='edit/pushover-test' data-api-attr='{}' href="#"><span class="glyphicon glyphicon-check" aria-hidden="true"></span> <?=$lang['user']['pushover_verify'];?></a>
<a class="btn btn-sm btn-danger" data-action="edit_selected" data-id="pushover-delete" data-item="<?=htmlspecialchars($username);?>" data-api-url='edit/pushover' data-api-attr='{"delete":"true"}' href="#"><span class="glyphicon glyphicon-trash" aria-hidden="true"></span> <?=$lang['user']['remove'];?></a>
</div>
</div>
</div>
</form>
</div>
<div role="tabpanel" class="tab-pane" id="AppPasswds"> <div role="tabpanel" class="tab-pane" id="AppPasswds">
<p><?=$lang['user']['app_hint'];?></p> <p><?=$lang['user']['app_hint'];?></p>
<div class="table-responsive"> <div class="table-responsive">