diff --git a/data/web/admin.php b/data/web/admin.php index ce3deb69..d97bc141 100644 --- a/data/web/admin.php +++ b/data/web/admin.php @@ -261,7 +261,7 @@ $tfa_data = get_tfa(); else { ?>
-
+

↳ Alias-Domain:

diff --git a/data/web/autodiscover.php b/data/web/autodiscover.php index 391b4a93..f5bcbf8f 100644 --- a/data/web/autodiscover.php +++ b/data/web/autodiscover.php @@ -74,7 +74,7 @@ if ($login_role === "user") { $redis->lTrim('AUTODISCOVER_LOG', 0, 100); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'msg' => 'Redis: '.$e ); @@ -128,7 +128,7 @@ if ($login_role === "user") { $redis->lTrim('AUTODISCOVER_LOG', 0, 100); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'msg' => 'Redis: '.$e ); diff --git a/data/web/edit.php b/data/web/edit.php index d605d3f4..1efbbed3 100644 --- a/data/web/edit.php +++ b/data/web/edit.php @@ -28,6 +28,12 @@ if (isset($_SESSION['mailcow_cc_role'])) {
+
+ +
+ +
+
@@ -636,23 +642,23 @@ if (isset($_SESSION['mailcow_cc_role'])) { $result = bcc('details', $bcc); if (!empty($result)) { ?> -

BCC map

+


- +
- - BCC destination must be a single valid email address. + +
- +
diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php index d7b80723..cdef8e0b 100644 --- a/data/web/inc/footer.inc.php +++ b/data/web/inc/footer.inc.php @@ -29,7 +29,7 @@ $(window).load(function() { }); $(document).ready(function() { window.mailcow_alert_box = function(message, type) { - msg = $('').html(message).text(); + msg = $('').text(message).text(); if (type == 'danger') { auto_hide = 0; $('#' + localStorage.getItem("add_modal")).modal('show'); @@ -42,9 +42,11 @@ $(document).ready(function() { - mailcow_alert_box(, ); + mailcow_alert_box(, ); diff --git a/data/web/inc/functions.address_rewriting.inc.php b/data/web/inc/functions.address_rewriting.inc.php index ce10d676..36fc4946 100644 --- a/data/web/inc/functions.address_rewriting.inc.php +++ b/data/web/inc/functions.address_rewriting.inc.php @@ -8,7 +8,7 @@ function bcc($_action, $_data = null, $attr = null) { switch ($_action) { case 'add': if (!isset($_SESSION['acl']['bcc_maps']) || $_SESSION['acl']['bcc_maps'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => 'access_denied' @@ -20,7 +20,7 @@ function bcc($_action, $_data = null, $attr = null) { $active = intval($_data['active']); $type = $_data['type']; if ($type != 'sender' && $type != 'rcpt') { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => 'invalid_bcc_map_type' @@ -28,7 +28,7 @@ function bcc($_action, $_data = null, $attr = null) { return false; } if (empty($bcc_dest)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => 'bcc_empty' @@ -37,7 +37,7 @@ function bcc($_action, $_data = null, $attr = null) { } if (is_valid_domain_name($local_dest)) { if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $local_dest)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => 'access_denied' @@ -49,7 +49,7 @@ function bcc($_action, $_data = null, $attr = null) { } elseif (filter_var($local_dest, FILTER_VALIDATE_EMAIL)) { if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $local_dest)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => 'access_denied' @@ -66,29 +66,21 @@ function bcc($_action, $_data = null, $attr = null) { return false; } if (!filter_var($bcc_dest, FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => 'bcc_must_be_email' ); return false; } - try { - $stmt = $pdo->prepare("SELECT `id` FROM `bcc_maps` - WHERE `local_dest` = :local_dest AND `type` = :type"); - $stmt->execute(array(':local_dest' => $local_dest_sane, ':type' => $type)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + + $stmt = $pdo->prepare("SELECT `id` FROM `bcc_maps` + WHERE `local_dest` = :local_dest AND `type` = :type"); + $stmt->execute(array(':local_dest' => $local_dest_sane, ':type' => $type)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('bcc_exists', htmlspecialchars($local_dest_sane), $type) @@ -107,14 +99,14 @@ function bcc($_action, $_data = null, $attr = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('mysql_error', $e) ); return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => 'bcc_saved' @@ -122,7 +114,7 @@ function bcc($_action, $_data = null, $attr = null) { break; case 'edit': if (!isset($_SESSION['acl']['bcc_maps']) || $_SESSION['acl']['bcc_maps'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => 'access_denied' @@ -139,53 +131,45 @@ function bcc($_action, $_data = null, $attr = null) { $type = (!empty($_data['type'])) ? $_data['type'] : $is_now['type']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } $active = intval($_data['active']); if (!filter_var($bcc_dest, FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), - 'msg' => 'bcc_must_be_email' + 'msg' => array('bcc_must_be_email', $bcc_dest) ); - return false; + continue; } if (empty($bcc_dest)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), - 'msg' => 'bcc_empty' + 'msg' => array('bcc_must_be_email', $bcc_dest) ); - return false; + continue; } try { $stmt = $pdo->prepare("SELECT `id` FROM `bcc_maps` WHERE `local_dest` = :local_dest AND `type` = :type"); $stmt->execute(array(':local_dest' => $local_dest, ':type' => $type)); $id_now = $stmt->fetch(PDO::FETCH_ASSOC)['id']; - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } - if (isset($id_now) && $id_now != $id) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data, $_attr), - 'msg' => array('bcc_exists', htmlspecialchars($local_dest), $type) - ); - return false; - } - try { + + if (isset($id_now) && $id_now != $id) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_data, $_attr), + 'msg' => array('bcc_exists', htmlspecialchars($local_dest), $type) + ); + continue; + } + $stmt = $pdo->prepare("UPDATE `bcc_maps` SET `bcc_dest` = :bcc_dest, `active` = :active, `type` = :type WHERE `id`= :id"); $stmt->execute(array( ':bcc_dest' => $bcc_dest, @@ -195,45 +179,37 @@ function bcc($_action, $_data = null, $attr = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('mysql_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data, $_attr), + 'msg' => array('bcc_edited', $bcc_dest) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data, $_attr), - 'msg' => 'bcc_edited' - ); break; case 'details': $bccdata = array(); $id = intval($_data); - try { - $stmt = $pdo->prepare("SELECT `id`, - `local_dest`, - `bcc_dest`, - `active` AS `active_int`, - CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, - `type`, - `created`, - `domain`, - `modified` FROM `bcc_maps` - WHERE `id` = :id"); - $stmt->execute(array(':id' => $id)); - $bccdata = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + + $stmt = $pdo->prepare("SELECT `id`, + `local_dest`, + `bcc_dest`, + `active` AS `active_int`, + CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, + `type`, + `created`, + `domain`, + `modified` FROM `bcc_maps` + WHERE `id` = :id"); + $stmt->execute(array(':id' => $id)); + $bccdata = $stmt->fetch(PDO::FETCH_ASSOC); + if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $bccdata['domain'])) { $bccdata = null; return false; @@ -244,18 +220,10 @@ function bcc($_action, $_data = null, $attr = null) { $bccdata = array(); $all_items = array(); $id = intval($_data); - try { - $stmt = $pdo->query("SELECT `id`, `domain` FROM `bcc_maps`"); - $all_items = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + + $stmt = $pdo->query("SELECT `id`, `domain` FROM `bcc_maps`"); + $all_items = $stmt->fetchAll(PDO::FETCH_ASSOC); + foreach ($all_items as $i) { if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $i['domain'])) { $bccdata[] = $i['id']; @@ -275,31 +243,30 @@ function bcc($_action, $_data = null, $attr = null) { $stmt->execute(array(':id' => $id)); $domain = $stmt->fetch(PDO::FETCH_ASSOC)['domain']; if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } $stmt = $pdo->prepare("DELETE FROM `bcc_maps` WHERE `id`= :id"); $stmt->execute(array(':id' => $id)); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('mysql_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data, $_attr), + 'msg' => array('bcc_deleted', $id) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data, $_attr), - 'msg' => array('bcc_deleted', implode(', ', $ids)) - ); - return true; break; } } @@ -325,7 +292,7 @@ function recipient_map($_action, $_data = null, $attr = null) { $old_dest_sane = $old_dest; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('invalid_recipient_map_old', htmlspecialchars($old_dest)) @@ -333,7 +300,7 @@ function recipient_map($_action, $_data = null, $attr = null) { return false; } if (!filter_var($new_dest, FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('invalid_recipient_map_new', htmlspecialchars($new_dest)) @@ -345,7 +312,7 @@ function recipient_map($_action, $_data = null, $attr = null) { $old_dests_existing[] = recipient_map('details', $rmap)['recipient_map_old']; } if (in_array($old_dest_sane, $old_dests_existing)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('recipient_map_entry_exists', htmlspecialchars($old_dest)) @@ -362,14 +329,14 @@ function recipient_map($_action, $_data = null, $attr = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('mysql_error', $e) ); return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('recipient_map_entry_saved', htmlspecialchars($old_dest_sane)) @@ -388,12 +355,12 @@ function recipient_map($_action, $_data = null, $attr = null) { } } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } if (is_valid_domain_name($old_dest)) { $old_dest_sane = '@' . idn_to_ascii($old_dest); @@ -402,21 +369,21 @@ function recipient_map($_action, $_data = null, $attr = null) { $old_dest_sane = $old_dest; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('invalid_recipient_map_old', htmlspecialchars($old_dest)) ); - return false; + continue; } $active = intval($_data['active']); if (!filter_var($new_dest, FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('invalid_recipient_map_new', htmlspecialchars($new_dest)) ); - return false; + continue; } $rmaps = recipient_map('get'); foreach ($rmaps as $rmap) { @@ -424,12 +391,12 @@ function recipient_map($_action, $_data = null, $attr = null) { } if (in_array($old_dest_sane, $old_dests_existing) && recipient_map('details', $id)['recipient_map_old'] != $old_dest_sane) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('recipient_map_entry_exists', htmlspecialchars($old_dest_sane)) ); - return false; + continue; } try { $stmt = $pdo->prepare("UPDATE `recipient_maps` SET @@ -445,61 +412,45 @@ function recipient_map($_action, $_data = null, $attr = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('mysql_error', $e) ); return false; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data, $_attr), + 'msg' => array('recipient_map_entry_saved', htmlspecialchars($old_dest_sane)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data, $_attr), - 'msg' => array('recipient_map_entry_saved', htmlspecialchars($old_dest)) - ); break; case 'details': $mapdata = array(); $id = intval($_data); - try { - $stmt = $pdo->prepare("SELECT `id`, - `old_dest` AS `recipient_map_old`, - `new_dest` AS `recipient_map_new`, - `active` AS `active_int`, - CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, - `created`, - `modified` FROM `recipient_maps` - WHERE `id` = :id"); - $stmt->execute(array(':id' => $id)); - $mapdata = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + + $stmt = $pdo->prepare("SELECT `id`, + `old_dest` AS `recipient_map_old`, + `new_dest` AS `recipient_map_new`, + `active` AS `active_int`, + CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, + `created`, + `modified` FROM `recipient_maps` + WHERE `id` = :id"); + $stmt->execute(array(':id' => $id)); + $mapdata = $stmt->fetch(PDO::FETCH_ASSOC); + return $mapdata; break; case 'get': $mapdata = array(); $all_items = array(); $id = intval($_data); - try { - $stmt = $pdo->query("SELECT `id` FROM `recipient_maps`"); - $all_items = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + + $stmt = $pdo->query("SELECT `id` FROM `recipient_maps`"); + $all_items = $stmt->fetchAll(PDO::FETCH_ASSOC); + foreach ($all_items as $i) { $mapdata[] = $i['id']; } @@ -517,7 +468,7 @@ function recipient_map($_action, $_data = null, $attr = null) { $stmt->execute(array(':id' => $id)); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data, $_attr), 'msg' => array('mysql_error', $e) @@ -525,7 +476,7 @@ function recipient_map($_action, $_data = null, $attr = null) { return false; } } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'msg' => array('recipient_map_entry_deleted', htmlspecialchars($old_dest)) ); diff --git a/data/web/inc/functions.autoconfiguration.inc.php b/data/web/inc/functions.autoconfiguration.inc.php deleted file mode 100644 index bd3dd10b..00000000 --- a/data/web/inc/functions.autoconfiguration.inc.php +++ /dev/null @@ -1,119 +0,0 @@ - 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data), - 'msg' => 'access_denied' - ); - return false; - } - switch ($_type) { - case 'autodiscover': - $objects = (array)$_data['object']; - foreach ($objects as $object) { - if (is_valid_domain_name($object) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) { - $exclude_regex = (isset($_data['exclude_regex'])) ? $_data['exclude_regex'] : null; - $exclude_regex = (isset($_data['exclude_regex'])) ? $_data['exclude_regex'] : null; - try { - $stmt = $pdo->prepare("SELECT COUNT(`domain`) AS `domain_c` FROM `autodiscover` - WHERE `domain` = :domain"); - $stmt->execute(array(':domain' => $object)); - $num_results = $stmt->fetchColumn(); - if ($num_results > 0) { - $stmt = $pdo->prepare("SELECT COUNT(`domain`) AS `domain_c` FROM `autodiscover` - WHERE `domain` = :domain"); - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data), - 'msg' => array('mysql_error', $e) - ); - return false; - } - } - elseif (filter_var($object, FILTER_VALIDATE_EMAIL) === true && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) { - - } - } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data), - 'msg' => array('domain_modified', htmlspecialchars(implode(', ', $objects))) - ); - break; - } - break; - case 'get': - switch ($_type) { - case 'autodiscover': - $autodiscover = array(); - if (is_valid_domain_name($_data) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { - try { - $stmt = $pdo->prepare("SELECT * FROM `autodiscover` - WHERE `domain` = :domain"); - $stmt->execute(array(':domain' => $_data)); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $autodiscover['mailbox'] = $row['mailbox']; - $autodiscover['domain'] = $row['domain']; - $autodiscover['service'] = $row['service']; - $autodiscover['exclude_regex'] = $row['exclude_regex']; - $autodiscover['created'] = $row['created']; - $autodiscover['modified'] = $row['modified']; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data), - 'msg' => array('mysql_error', $e) - ); - return false; - } - } - elseif (filter_var($_data, FILTER_VALIDATE_EMAIL) === true && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { - try { - $stmt = $pdo->prepare("SELECT * FROM `autodiscover` - WHERE `mailbox` = :mailbox"); - $stmt->execute(array(':mailbox' => $_data)); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $autodiscover['mailbox'] = $row['mailbox']; - $autodiscover['domain'] = $row['domain']; - $autodiscover['service'] = $row['service']; - $autodiscover['exclude_regex'] = $row['exclude_regex']; - $autodiscover['created'] = $row['created']; - $autodiscover['modified'] = $row['modified']; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data), - 'msg' => array('mysql_error', $e) - ); - return false; - } - } - return $autodiscover; - break; - } - break; - case 'reset': - switch ($_type) { - case 'autodiscover': - if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") { - return false; - } - break; - } - break; - } -} diff --git a/data/web/inc/functions.customize.inc.php b/data/web/inc/functions.customize.inc.php index 8fb928fa..a737bdbc 100644 --- a/data/web/inc/functions.customize.inc.php +++ b/data/web/inc/functions.customize.inc.php @@ -5,7 +5,7 @@ function customize($_action, $_item, $_data = null) { switch ($_action) { case 'add': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => 'access_denied' @@ -17,7 +17,7 @@ function customize($_action, $_item, $_data = null) { if (in_array($_data['main_logo']['type'], array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png', 'image/svg+xml'))) { try { if (file_exists($_data['main_logo']['tmp_name']) !== true) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => 'img_tmp_missing' @@ -26,7 +26,7 @@ function customize($_action, $_item, $_data = null) { } $image = new Imagick($_data['main_logo']['tmp_name']); if ($image->valid() !== true) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => 'img_invalid' @@ -36,7 +36,7 @@ function customize($_action, $_item, $_data = null) { $image->destroy(); } catch (ImagickException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => 'img_invalid' @@ -45,7 +45,7 @@ function customize($_action, $_item, $_data = null) { } } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => 'invalid_mime_type' @@ -56,14 +56,14 @@ function customize($_action, $_item, $_data = null) { $redis->Set('MAIN_LOGO', 'data:' . $_data['main_logo']['type'] . ';base64,' . base64_encode(file_get_contents($_data['main_logo']['tmp_name']))); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => array('redis_error', $e) ); return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => 'upload_success' @@ -73,7 +73,7 @@ function customize($_action, $_item, $_data = null) { break; case 'edit': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => 'access_denied' @@ -93,7 +93,7 @@ function customize($_action, $_item, $_data = null) { $redis->set('APP_LINKS', json_encode($out)); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => array('redis_error', $e) @@ -101,7 +101,7 @@ function customize($_action, $_item, $_data = null) { return false; } } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => 'app_links' @@ -119,14 +119,14 @@ function customize($_action, $_item, $_data = null) { $redis->set('HELP_TEXT', $help_text); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => array('redis_error', $e) ); return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => 'ui_texts' @@ -136,7 +136,7 @@ function customize($_action, $_item, $_data = null) { break; case 'delete': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => 'access_denied' @@ -147,7 +147,7 @@ function customize($_action, $_item, $_data = null) { case 'main_logo': try { if ($redis->del('MAIN_LOGO')) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => 'reset_main_logo' @@ -156,7 +156,7 @@ function customize($_action, $_item, $_data = null) { } } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => array('redis_error', $e) @@ -173,7 +173,7 @@ function customize($_action, $_item, $_data = null) { $app_links = json_decode($redis->get('APP_LINKS'), true); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => array('redis_error', $e) @@ -187,7 +187,7 @@ function customize($_action, $_item, $_data = null) { return $redis->get('MAIN_LOGO'); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => array('redis_error', $e) @@ -204,7 +204,7 @@ function customize($_action, $_item, $_data = null) { return $data; } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => array('redis_error', $e) @@ -222,7 +222,7 @@ function customize($_action, $_item, $_data = null) { return $image->identifyImage(); } catch (ImagickException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_item, $_data), 'msg' => 'imagick_exception' diff --git a/data/web/inc/functions.dkim.inc.php b/data/web/inc/functions.dkim.inc.php index 8099d2f8..17bac738 100644 --- a/data/web/inc/functions.dkim.inc.php +++ b/data/web/inc/functions.dkim.inc.php @@ -6,7 +6,7 @@ function dkim($_action, $_data = null) { switch ($_action) { case 'add': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => 'access_denied' @@ -17,7 +17,7 @@ function dkim($_action, $_data = null) { $dkim_selector = (isset($_data['dkim_selector'])) ? $_data['dkim_selector'] : 'dkim'; $domain = $_data['domain']; if (!is_valid_domain_name($domain) || !is_numeric($key_length)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => 'dkim_domain_or_sel_invalid' @@ -25,7 +25,7 @@ function dkim($_action, $_data = null) { return false; } if ($redis->hGet('DKIM_PUB_KEYS', $domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => 'dkim_domain_or_sel_invalid' @@ -33,7 +33,7 @@ function dkim($_action, $_data = null) { return false; } if (!ctype_alnum($dkim_selector)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => 'dkim_domain_or_sel_invalid' @@ -58,7 +58,7 @@ function dkim($_action, $_data = null) { $redis->hSet('DKIM_SELECTORS', $domain, $dkim_selector); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => array('redis_error', $e) @@ -72,7 +72,7 @@ function dkim($_action, $_data = null) { $redis->hSet('DKIM_PRIV_KEYS', $dkim_selector . '.' . $domain, trim($privKey)); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => array('redis_error', $e) @@ -80,7 +80,7 @@ function dkim($_action, $_data = null) { return false; } } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => 'dkim_added' @@ -88,7 +88,7 @@ function dkim($_action, $_data = null) { return true; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => 'dkim_domain_or_sel_invalid' @@ -98,7 +98,7 @@ function dkim($_action, $_data = null) { break; case 'import': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => 'access_denied' @@ -109,7 +109,7 @@ function dkim($_action, $_data = null) { $private_key_normalized = preg_replace('~\r\n?~', "\n", $private_key_input); $private_key = openssl_pkey_get_private($private_key_normalized); if ($ssl_error = openssl_error_string()) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => array('private_key_error', $ssl_error) @@ -126,7 +126,7 @@ function dkim($_action, $_data = null) { $dkim_selector = (isset($_data['dkim_selector'])) ? $_data['dkim_selector'] : 'dkim'; $domain = $_data['domain']; if (!is_valid_domain_name($domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => 'dkim_domain_or_sel_invalid' @@ -134,7 +134,7 @@ function dkim($_action, $_data = null) { return false; } if ($redis->hGet('DKIM_PUB_KEYS', $domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => 'dkim_domain_or_sel_invalid' @@ -142,7 +142,7 @@ function dkim($_action, $_data = null) { return false; } if (!ctype_alnum($dkim_selector)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => 'dkim_domain_or_sel_invalid' @@ -155,7 +155,7 @@ function dkim($_action, $_data = null) { $redis->hSet('DKIM_PRIV_KEYS', $dkim_selector . '.' . $domain, $private_key_normalized); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => array('redis_error', $e) @@ -168,14 +168,14 @@ function dkim($_action, $_data = null) { try { } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => array('redis_error', $e) ); return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => 'dkim_added' @@ -215,7 +215,7 @@ function dkim($_action, $_data = null) { break; case 'blind': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => 'access_denied' @@ -231,7 +231,7 @@ function dkim($_action, $_data = null) { case 'delete': $domains = (array)$_data['domains']; if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => 'access_denied' @@ -240,12 +240,12 @@ function dkim($_action, $_data = null) { } foreach ($domains as $domain) { if (!is_valid_domain_name($domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), - 'msg' => 'dkim_domain_or_sel_invalid' + 'msg' => array('dkim_domain_or_sel_invalid', $domain) ); - return false; + continue; } try { $selector = $redis->hGet('DKIM_SELECTORS', $domain); @@ -254,19 +254,19 @@ function dkim($_action, $_data = null) { $redis->hDel('DKIM_SELECTORS', $domain); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data), 'msg' => array('redis_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data), + 'msg' => array('dkim_removed', htmlspecialchars($domain)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data), - 'msg' => array('dkim_removed', htmlspecialchars(implode(', ', $domains))) - ); break; } } \ No newline at end of file diff --git a/data/web/inc/functions.docker.inc.php b/data/web/inc/functions.docker.inc.php index cac2db78..dbd26375 100644 --- a/data/web/inc/functions.docker.inc.php +++ b/data/web/inc/functions.docker.inc.php @@ -158,19 +158,19 @@ function docker($action, $service_name = null, $attr1 = null, $attr2 = null, $ex if ($response === false) { $err = curl_error($curl); curl_close($curl); - logger(array('return' => array( + logger(array('return' => array(array( 'type' => 'danger', 'log' => array(__FUNCTION__, $action, $service_name, $attr1, $attr2, $extra_headers), 'msg' => $err, - ))); + )))); return $err; } else { curl_close($curl); - logger(array('return' => array( + logger(array('return' => array(array( 'type' => 'success', 'log' => array(__FUNCTION__, $action, $service_name, $attr1, $attr2, $extra_headers), - ))); + )))); if (empty($response)) { return true; } diff --git a/data/web/inc/functions.domain_admin.inc.php b/data/web/inc/functions.domain_admin.inc.php index 3c631d08..86cec621 100644 --- a/data/web/inc/functions.domain_admin.inc.php +++ b/data/web/inc/functions.domain_admin.inc.php @@ -14,7 +14,7 @@ function domain_admin($_action, $_data = null) { $domains = (array)$_data['domains']; $active = intval($_data['active']); if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -22,7 +22,7 @@ function domain_admin($_action, $_data = null) { return false; } if (empty($domains)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'domain_invalid' @@ -30,40 +30,32 @@ function domain_admin($_action, $_data = null) { return false; } if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'username_invalid' ); return false; } - try { - $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` - WHERE `username` = :username"); - $stmt->execute(array(':username' => $username)); - $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - - $stmt = $pdo->prepare("SELECT `username` FROM `admin` - WHERE `username` = :username"); - $stmt->execute(array(':username' => $username)); - $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - - $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins` - WHERE `username` = :username"); - $stmt->execute(array(':username' => $username)); - $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); - return false; - } + + $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` + WHERE `username` = :username"); + $stmt->execute(array(':username' => $username)); + $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + + $stmt = $pdo->prepare("SELECT `username` FROM `admin` + WHERE `username` = :username"); + $stmt->execute(array(':username' => $username)); + $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + + $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins` + WHERE `username` = :username"); + $stmt->execute(array(':username' => $username)); + $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + foreach ($num_results as $num_results_each) { if ($num_results_each != 0) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('object_exists', htmlspecialchars($username)) @@ -73,7 +65,7 @@ function domain_admin($_action, $_data = null) { } if (!empty($password) && !empty($password2)) { if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'password_complexity' @@ -81,7 +73,7 @@ function domain_admin($_action, $_data = null) { return false; } if ($password != $password2) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'password_mismatch' @@ -91,7 +83,7 @@ function domain_admin($_action, $_data = null) { $password_hashed = hash_password($password); foreach ($domains as $domain) { if (!is_valid_domain_name($domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'domain_invalid' @@ -110,7 +102,7 @@ function domain_admin($_action, $_data = null) { } catch (PDOException $e) { domain_admin('delete', $username); - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) @@ -128,7 +120,7 @@ function domain_admin($_action, $_data = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) @@ -137,14 +129,14 @@ function domain_admin($_action, $_data = null) { } } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'password_empty' ); return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('domain_admin_added', htmlspecialchars($username)) @@ -152,7 +144,7 @@ function domain_admin($_action, $_data = null) { break; case 'edit': if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -177,44 +169,44 @@ function domain_admin($_action, $_data = null) { $username_new = (!empty($_data['username_new'])) ? $_data['username_new'] : $is_now['username']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' ); - return false; + continue; } $password = $_data['password']; $password2 = $_data['password2']; - if (!empty($domains)) { - foreach ($domains as $domain) { + foreach ($domains as $i => &$domain) { if (!is_valid_domain_name($domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'domain_invalid' + 'msg' => array('domain_invalid', htmlspecialchars($domain)) ); - return false; + unset($domains[$i]); + continue; } } } if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username_new))) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'username_invalid' + 'msg' => array('username_invalid', $username_new) ); - return false; + continue; } if ($username_new != $username) { if (!empty(domain_admin('details', $username_new)['username'])) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'username_invalid' + 'msg' => array('username_invalid', $username_new) ); - return false; + continue; } } try { @@ -224,12 +216,12 @@ function domain_admin($_action, $_data = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) ); - return false; + continue; } if (!empty($domains)) { @@ -245,32 +237,32 @@ function domain_admin($_action, $_data = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) ); - return false; + continue; } } } if (!empty($password) && !empty($password2)) { if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'password_complexity' ); - return false; + continue; } if ($password != $password2) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'password_mismatch' ); - return false; + continue; } $password_hashed = hash_password($password); try { @@ -291,12 +283,12 @@ function domain_admin($_action, $_data = null) { } } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) ); - return false; + continue; } } else { @@ -317,20 +309,21 @@ function domain_admin($_action, $_data = null) { } } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) ); - return false; + continue; } } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => array('domain_admin_modified', htmlspecialchars($username)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('domain_admin_modified', htmlspecialchars(implode(', ', $usernames))) - ); + return true; } // Domain administrator // Can only edit itself @@ -344,8 +337,9 @@ function domain_admin($_action, $_data = null) { WHERE `username` = :user"); $stmt->execute(array(':user' => $username)); $row = $stmt->fetch(PDO::FETCH_ASSOC); + if (!verify_hash($row['password'], $password_old)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -355,7 +349,7 @@ function domain_admin($_action, $_data = null) { if (!empty($password_new2) && !empty($password_new)) { if ($password_new2 != $password_new) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'password_mismatch' @@ -363,7 +357,7 @@ function domain_admin($_action, $_data = null) { return false; } if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password_new)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'password_complexity' @@ -379,7 +373,7 @@ function domain_admin($_action, $_data = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) @@ -387,8 +381,7 @@ function domain_admin($_action, $_data = null) { return false; } } - - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('domain_admin_modified', htmlspecialchars($username)) @@ -397,7 +390,7 @@ function domain_admin($_action, $_data = null) { break; case 'delete': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -407,12 +400,12 @@ function domain_admin($_action, $_data = null) { $usernames = (array)$_data['username']; foreach ($usernames as $username) { if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'username_invalid' + 'msg' => array('username_invalid', $username) ); - return false; + continue; } try { $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username"); @@ -425,50 +418,43 @@ function domain_admin($_action, $_data = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => array('domain_admin_removed', htmlspecialchars($username)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('domain_admin_removed', htmlspecialchars(implode(', ', $usernames))) - ); break; case 'get': $domainadmins = array(); if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' ); return false; } - try { - $stmt = $pdo->query("SELECT DISTINCT - `username` - FROM `domain_admins` - WHERE `username` IN ( - SELECT `username` FROM `admin` - WHERE `superadmin`!='1' - )"); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while ($row = array_shift($rows)) { - $domainadmins[] = $row['username']; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); + + $stmt = $pdo->query("SELECT DISTINCT + `username` + FROM `domain_admins` + WHERE `username` IN ( + SELECT `username` FROM `admin` + WHERE `superadmin`!='1' + )"); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row = array_shift($rows)) { + $domainadmins[] = $row['username']; } + return $domainadmins; break; case 'details': @@ -484,61 +470,54 @@ function domain_admin($_action, $_data = null) { if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $_data))) { return false; } - try { - $stmt = $pdo->prepare("SELECT - `tfa`.`active` AS `tfa_active_int`, - CASE `tfa`.`active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `tfa_active`, - `domain_admins`.`username`, - `domain_admins`.`created`, - `domain_admins`.`active` AS `active_int`, - CASE `domain_admins`.`active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` - FROM `domain_admins` - LEFT OUTER JOIN `tfa` ON `tfa`.`username`=`domain_admins`.`username` - WHERE `domain_admins`.`username`= :domain_admin"); - $stmt->execute(array( - ':domain_admin' => $_data - )); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - if (empty($row)) { - return false; - } - $domainadmindata['username'] = $row['username']; - $domainadmindata['tfa_active'] = $row['tfa_active']; - $domainadmindata['active'] = $row['active']; - $domainadmindata['tfa_active_int'] = $row['tfa_active_int']; - $domainadmindata['active_int'] = $row['active_int']; - $domainadmindata['modified'] = $row['created']; - // GET SELECTED - $stmt = $pdo->prepare("SELECT `domain` FROM `domain` - WHERE `domain` IN ( - SELECT `domain` FROM `domain_admins` - WHERE `username`= :domain_admin)"); - $stmt->execute(array(':domain_admin' => $_data)); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $domainadmindata['selected_domains'][] = $row['domain']; - } - // GET UNSELECTED - $stmt = $pdo->prepare("SELECT `domain` FROM `domain` - WHERE `domain` NOT IN ( - SELECT `domain` FROM `domain_admins` - WHERE `username`= :domain_admin)"); - $stmt->execute(array(':domain_admin' => $_data)); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $domainadmindata['unselected_domains'][] = $row['domain']; - } - if (!isset($domainadmindata['unselected_domains'])) { - $domainadmindata['unselected_domains'] = ""; - } + + $stmt = $pdo->prepare("SELECT + `tfa`.`active` AS `tfa_active_int`, + CASE `tfa`.`active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `tfa_active`, + `domain_admins`.`username`, + `domain_admins`.`created`, + `domain_admins`.`active` AS `active_int`, + CASE `domain_admins`.`active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` + FROM `domain_admins` + LEFT OUTER JOIN `tfa` ON `tfa`.`username`=`domain_admins`.`username` + WHERE `domain_admins`.`username`= :domain_admin"); + $stmt->execute(array( + ':domain_admin' => $_data + )); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + if (empty($row)) { + return false; } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); + $domainadmindata['username'] = $row['username']; + $domainadmindata['tfa_active'] = $row['tfa_active']; + $domainadmindata['active'] = $row['active']; + $domainadmindata['tfa_active_int'] = $row['tfa_active_int']; + $domainadmindata['active_int'] = $row['active_int']; + $domainadmindata['modified'] = $row['created']; + // GET SELECTED + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` + WHERE `domain` IN ( + SELECT `domain` FROM `domain_admins` + WHERE `username`= :domain_admin)"); + $stmt->execute(array(':domain_admin' => $_data)); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $domainadmindata['selected_domains'][] = $row['domain']; } + // GET UNSELECTED + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` + WHERE `domain` NOT IN ( + SELECT `domain` FROM `domain_admins` + WHERE `username`= :domain_admin)"); + $stmt->execute(array(':domain_admin' => $_data)); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $domainadmindata['unselected_domains'][] = $row['domain']; + } + if (!isset($domainadmindata['unselected_domains'])) { + $domainadmindata['unselected_domains'] = ""; + } + return $domainadmindata; break; } diff --git a/data/web/inc/functions.fail2ban.inc.php b/data/web/inc/functions.fail2ban.inc.php index 668e41cb..166606ef 100644 --- a/data/web/inc/functions.fail2ban.inc.php +++ b/data/web/inc/functions.fail2ban.inc.php @@ -80,7 +80,7 @@ function fail2ban($_action, $_data = null) { } } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('redis_error', $e) @@ -91,7 +91,7 @@ function fail2ban($_action, $_data = null) { break; case 'edit': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -101,29 +101,39 @@ function fail2ban($_action, $_data = null) { if (isset($_data['action']) && !empty($_data['network'])) { $networks = (array) $_data['network']; foreach ($networks as $network) { - if ($_data['action'] == "unban") { - if (valid_network($network)) { - $redis->hSet('F2B_QUEUE_UNBAN', $network, 1); + try { + if ($_data['action'] == "unban") { + if (valid_network($network)) { + $redis->hSet('F2B_QUEUE_UNBAN', $network, 1); + } + } + elseif ($_data['action'] == "whitelist") { + if (valid_network($network)) { + $redis->hSet('F2B_WHITELIST', $network, 1); + $redis->hDel('F2B_BLACKLIST', $network, 1); + $redis->hSet('F2B_QUEUE_UNBAN', $network, 1); + } + } + elseif ($_data['action'] == "blacklist") { + if (valid_network($network)) { + $redis->hSet('F2B_BLACKLIST', $network, 1); + } } } - elseif ($_data['action'] == "whitelist") { - if (valid_network($network)) { - $redis->hSet('F2B_WHITELIST', $network, 1); - $redis->hDel('F2B_BLACKLIST', $network, 1); - $redis->hSet('F2B_QUEUE_UNBAN', $network, 1); - } - } - elseif ($_data['action'] == "blacklist") { - if (valid_network($network)) { - $redis->hSet('F2B_BLACKLIST', $network, 1); - } + catch (RedisException $e) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => array('redis_error', $e) + ); + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => array('object_modified', htmlspecialchars($network)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('object_modified', htmlspecialchars(implode(', ', $networks))) - ); return true; } $is_now = fail2ban('get'); @@ -137,7 +147,7 @@ function fail2ban($_action, $_data = null) { $bl = (isset($_data['blacklist'])) ? $_data['blacklist'] : $is_now['blacklist']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -178,14 +188,14 @@ function fail2ban($_action, $_data = null) { } } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('redis_error', $e) ); return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'f2b_modified' diff --git a/data/web/inc/functions.fwdhost.inc.php b/data/web/inc/functions.fwdhost.inc.php index f16834ea..5c511f4f 100644 --- a/data/web/inc/functions.fwdhost.inc.php +++ b/data/web/inc/functions.fwdhost.inc.php @@ -8,7 +8,7 @@ function fwdhost($_action, $_data = null) { case 'add': global $lang; if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -28,7 +28,7 @@ function fwdhost($_action, $_data = null) { $hosts = get_outgoing_hosts_best_guess($host); } if (empty($hosts)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('invalid_host', htmlspecialchars($host)) @@ -46,7 +46,7 @@ function fwdhost($_action, $_data = null) { } } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('redis_error', $e) @@ -54,7 +54,7 @@ function fwdhost($_action, $_data = null) { return false; } } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('forwarding_host_added', htmlspecialchars(implode(', ', $hosts))) @@ -63,7 +63,7 @@ function fwdhost($_action, $_data = null) { case 'edit': global $lang; if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -77,12 +77,12 @@ function fwdhost($_action, $_data = null) { $keep_spam = (isset($_data['keep_spam'])) ? $_data['keep_spam'] : $is_now['keep_spam']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' ); - return false; + continue; } try { if ($keep_spam == 1) { @@ -93,19 +93,19 @@ function fwdhost($_action, $_data = null) { } } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('redis_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => array('object_modified', htmlspecialchars($fwdhost)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('object_modified', htmlspecialchars(implode(', ', $fwdhosts))) - ); break; case 'delete': $hosts = (array)$_data['forwardinghost']; @@ -115,19 +115,19 @@ function fwdhost($_action, $_data = null) { $redis->hDel('KEEP_SPAM', $host); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('redis_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => array('forwarding_host_removed', htmlspecialchars($host)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('forwarding_host_removed', htmlspecialchars(implode(', ', $hosts))) - ); break; case 'get': if ($_SESSION['mailcow_cc_role'] != "admin") { @@ -148,7 +148,7 @@ function fwdhost($_action, $_data = null) { } } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('redis_error', $e) @@ -170,7 +170,7 @@ function fwdhost($_action, $_data = null) { } } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('redis_error', $e) diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index d99661cb..a44cf7eb 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -5,64 +5,81 @@ function hash_password($password) { } function last_login($user) { global $pdo; - try { - $stmt = $pdo->prepare('SELECT `remote`, `time` FROM `logs` - WHERE JSON_EXTRACT(`call`, "$[0]") = "check_login" - AND JSON_EXTRACT(`call`, "$[1]") = :user - AND `type` = "success" ORDER BY `time` DESC LIMIT 1'); - $stmt->execute(array(':user' => $user)); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - if (!empty($row)) { - return $row; - } - else { - return false; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $username, $role, $domain), - 'msg' => array('mysql_error', $e) - ); + $stmt = $pdo->prepare('SELECT `remote`, `time` FROM `logs` + WHERE JSON_EXTRACT(`call`, "$[0]") = "check_login" + AND JSON_EXTRACT(`call`, "$[1]") = :user + AND `type` = "success" ORDER BY `time` DESC LIMIT 1'); + $stmt->execute(array(':user' => $user)); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + if (!empty($row)) { + return $row; + } + else { return false; } } function logger($_data = false) { + /* + logger() will be called as last function + To manually log a message, logger needs to be called like below. + + logger(array( + 'return' => array( + array( + 'type' => 'danger', + 'log' => array(__FUNCTION__), + 'msg' => $err + ) + ) + )); + + These messages will not be printed as alert box. + To do so, push them to $_SESSION['return'] and do not call logger as they will be included automatically: + + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $user, '*'), + 'msg' => $err + ); + */ global $pdo; if (!$_data) { $_data = $_SESSION; } if (!empty($_data['return'])) { - $type = $_data['return']['type']; - $msg = json_encode($_data['return']['msg'], JSON_UNESCAPED_UNICODE); - $call = json_encode($_data['return']['log'], JSON_UNESCAPED_UNICODE); - if (!empty($_SESSION["dual-login"]["username"])) { - $user = $_SESSION["dual-login"]["username"] . ' => ' . $_SESSION['mailcow_cc_username']; - $role = $_SESSION["dual-login"]["role"] . ' => ' . $_SESSION['mailcow_cc_role']; - } - elseif (!empty($_SESSION['mailcow_cc_username'])) { - $user = $_SESSION['mailcow_cc_username']; - $role = $_SESSION['mailcow_cc_role']; - } - else { - $user = 'unauthenticated'; - $role = 'unauthenticated'; + $task = substr(strtoupper(md5(uniqid(rand(), true))), 0, 6); + foreach ($_data['return'] as $return) { + $type = $return['type']; + $msg = json_encode($return['msg'], JSON_UNESCAPED_UNICODE); + $call = json_encode($return['log'], JSON_UNESCAPED_UNICODE); + if (!empty($_SESSION["dual-login"]["username"])) { + $user = $_SESSION["dual-login"]["username"] . ' => ' . $_SESSION['mailcow_cc_username']; + $role = $_SESSION["dual-login"]["role"] . ' => ' . $_SESSION['mailcow_cc_role']; + } + elseif (!empty($_SESSION['mailcow_cc_username'])) { + $user = $_SESSION['mailcow_cc_username']; + $role = $_SESSION['mailcow_cc_role']; + } + else { + $user = 'unauthenticated'; + $role = 'unauthenticated'; + } + $stmt = $pdo->prepare("INSERT INTO `logs` (`type`, `task`, `msg`, `call`, `user`, `role`, `remote`, `time`) VALUES + (:type, :task, :msg, :call, :user, :role, :remote, UNIX_TIMESTAMP())"); + $stmt->execute(array( + ':type' => $type, + ':task' => $task, + ':call' => $call, + ':msg' => $msg, + ':user' => $user, + ':role' => $role, + ':remote' => get_remote_ip() + )); } } else { return true; } - $stmt = $pdo->prepare("INSERT INTO `logs` (`type`, `msg`, `call`, `user`, `role`, `remote`, `time`) VALUES - (:type, :msg, :call, :user, :role, :remote, UNIX_TIMESTAMP())"); - $stmt->execute(array( - ':type' => $type, - ':call' => $call, - ':msg' => $msg, - ':user' => $user, - ':role' => $role, - ':remote' => get_remote_ip() - )); } function hasDomainAccess($username, $role, $domain) { global $pdo; @@ -75,25 +92,15 @@ function hasDomainAccess($username, $role, $domain) { if ($role != 'admin' && $role != 'domainadmin' && $role != 'user') { return false; } - try { - $stmt = $pdo->prepare("SELECT `domain` FROM `domain_admins` - WHERE ( - `active`='1' - AND `username` = :username - AND (`domain` = :domain1 OR `domain` = (SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain2)) - ) - OR 'admin' = :role"); - $stmt->execute(array(':username' => $username, ':domain1' => $domain, ':domain2' => $domain, ':role' => $role)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $username, $role, $domain), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("SELECT `domain` FROM `domain_admins` + WHERE ( + `active`='1' + AND `username` = :username + AND (`domain` = :domain1 OR `domain` = (SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain2)) + ) + OR 'admin' = :role"); + $stmt->execute(array(':username' => $username, ':domain1' => $domain, ':domain2' => $domain, ':role' => $role)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); if (!empty($num_results)) { return true; } @@ -110,18 +117,12 @@ function hasMailboxObjectAccess($username, $role, $object) { if ($username == $object) { return true; } - try { - $stmt = $pdo->prepare("SELECT `domain` FROM `mailbox` WHERE `username` = :object"); - $stmt->execute(array(':object' => $object)); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - if (isset($row['domain']) && hasDomainAccess($username, $role, $row['domain'])) { - return true; - } - } - catch(PDOException $e) { - error_log($e); - return false; - } + $stmt = $pdo->prepare("SELECT `domain` FROM `mailbox` WHERE `username` = :object"); + $stmt->execute(array(':object' => $object)); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + if (isset($row['domain']) && hasDomainAccess($username, $role, $row['domain'])) { + return true; + } return false; } function pem_to_der($pem_key) { @@ -193,25 +194,30 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) { function alertbox_log_parser($_data){ global $lang; if (isset($_data['return'])) { - // Get type - $type = $_data['return']['type']; - // If a lang[type][msg] string exists, use it as message - if (is_string($lang[$_data['return']['type']][$_data['return']['msg']])) { - $msg = $lang[$_data['return']['type']][$_data['return']['msg']]; + foreach ($_data['return'] as $return) { + // Get type + $type = $return['type']; + // If a lang[type][msg] string exists, use it as message + if (is_string($lang[$return['type']][$return['msg']])) { + $msg = $lang[$return['type']][$return['msg']]; + } + // If msg is an array, use first element as language string and run printf on it with remaining array elements + elseif (is_array($return['msg'])) { + $msg = array_shift($return['msg']); + $msg = vsprintf( + $lang[$return['type']][$msg], + $return['msg'] + ); + } + // If none applies, use msg as returned message + else { + $msg = $return['msg']; + } + $log_array[] = array('msg' => json_encode($msg), 'type' => json_encode($type)); } - // If msg is an array, use first element as language string and run printf on it with remaining array elements - elseif (is_array($_data['return']['msg'])) { - $msg = array_shift($_data['return']['msg']); - $msg = vsprintf( - $lang[$_data['return']['type']][$msg], - $_data['return']['msg'] - ); + if (!empty($log_array)) { + return $log_array; } - // If none applies, use msg as returned message - else { - $msg = $_data['return']['msg']; - } - return array('msg' => json_encode($msg), 'type' => json_encode($type)); } return false; } @@ -260,7 +266,7 @@ function check_login($user, $pass) { global $pdo; global $redis; if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $user, '*'), 'msg' => 'malformed_username' @@ -280,7 +286,7 @@ function check_login($user, $pass) { $_SESSION['pending_mailcow_cc_role'] = "admin"; $_SESSION['pending_tfa_method'] = get_tfa($user)['name']; unset($_SESSION['ldelay']); - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'info', 'log' => array(__FUNCTION__, $user, '*'), 'msg' => 'awaiting_tfa_confirmation' @@ -289,7 +295,7 @@ function check_login($user, $pass) { } else { unset($_SESSION['ldelay']); - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $user, '*'), 'msg' => array('logged_in_as', $user) @@ -311,7 +317,7 @@ function check_login($user, $pass) { $_SESSION['pending_mailcow_cc_role'] = "domainadmin"; $_SESSION['pending_tfa_method'] = get_tfa($user)['name']; unset($_SESSION['ldelay']); - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'info', 'log' => array(__FUNCTION__, $user, '*'), 'msg' => 'awaiting_tfa_confirmation' @@ -323,7 +329,7 @@ function check_login($user, $pass) { // Reactivate TFA if it was set to "deactivate TFA for next login" $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user"); $stmt->execute(array(':user' => $user)); - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $user, '*'), 'msg' => array('logged_in_as', $user) @@ -341,7 +347,7 @@ function check_login($user, $pass) { foreach ($rows as $row) { if (verify_hash($row['password'], $pass) !== false) { unset($_SESSION['ldelay']); - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $user, '*'), 'msg' => array('logged_in_as', $user) @@ -359,7 +365,7 @@ function check_login($user, $pass) { $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']); error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']); } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $user, '*'), 'msg' => 'login_failed' @@ -390,7 +396,7 @@ function set_acl() { $_SESSION = array_merge($_SESSION, $acl); } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'info', 'log' => array(__FUNCTION__), 'msg' => 'set_acl_failed' @@ -433,7 +439,7 @@ function edit_admin_account($_data) { !isset($_data_log['admin_pass']) ?: $_data_log['admin_pass'] = '*'; !isset($_data_log['admin_pass2']) ?: $_data_log['admin_pass2'] = '*'; if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'access_denied' @@ -445,7 +451,7 @@ function edit_admin_account($_data) { $password = $_data['admin_pass']; $password2 = $_data['admin_pass2']; if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'username_invalid' @@ -454,7 +460,7 @@ function edit_admin_account($_data) { } if (!empty($password) && !empty($password2)) { if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'password_complexity' @@ -462,7 +468,7 @@ function edit_admin_account($_data) { return false; } if ($password != $password2) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'password_mismatch' @@ -482,7 +488,7 @@ function edit_admin_account($_data) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('mysql_error', $e) @@ -501,7 +507,7 @@ function edit_admin_account($_data) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('mysql_error', $e) @@ -516,7 +522,7 @@ function edit_admin_account($_data) { $stmt->execute(array(':username1' => $username, ':username2' => $username_now)); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('mysql_error', $e) @@ -524,7 +530,7 @@ function edit_admin_account($_data) { return false; } $_SESSION['mailcow_cc_username'] = $username; - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'admin_modified' @@ -552,7 +558,7 @@ function edit_user_account($_data) { $role = $_SESSION['mailcow_cc_role']; $password_old = $_data['user_old_pass']; if (filter_var($username, FILTER_VALIDATE_EMAIL === false) || $role != 'user') { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'access_denied' @@ -569,7 +575,7 @@ function edit_user_account($_data) { $stmt->execute(array(':user' => $username)); $row = $stmt->fetch(PDO::FETCH_ASSOC); if (!verify_hash($row['password'], $password_old)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'access_denied' @@ -579,7 +585,7 @@ function edit_user_account($_data) { if (isset($password_new) && isset($password_new2)) { if (!empty($password_new2) && !empty($password_new)) { if ($password_new2 != $password_new) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'password_mismatch' @@ -587,7 +593,7 @@ function edit_user_account($_data) { return false; } if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password_new)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'password_complexity' @@ -603,7 +609,7 @@ function edit_user_account($_data) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('mysql_error', $e) @@ -613,7 +619,7 @@ function edit_user_account($_data) { } } update_sogo_static_view(); - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('mailbox_modified', htmlspecialchars($username)) @@ -628,73 +634,63 @@ function user_get_alias_details($username) { if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { return false; } - try { - $data['address'] = $username; - $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(`address` SEPARATOR ', '), '✘') AS `shared_aliases` FROM `alias` - WHERE `goto` REGEXP :username_goto - AND `address` NOT LIKE '@%' - AND `goto` != :username_goto2 - AND `address` != :username_address"); - $stmt->execute(array( - ':username_goto' => '(^|,)'.$username.'($|,)', - ':username_goto2' => $username, - ':username_address' => $username - )); - $run = $stmt->fetchAll(PDO::FETCH_ASSOC); - while ($row = array_shift($run)) { - $data['shared_aliases'] = $row['shared_aliases']; - } - $stmt = $pdo->prepare("SELECT GROUP_CONCAT(`address` SEPARATOR ', ') AS `direct_aliases` FROM `alias` - WHERE `goto` = :username_goto - AND `address` NOT LIKE '@%' - AND `address` != :username_address"); - $stmt->execute( - array( - ':username_goto' => $username, - ':username_address' => $username - )); - $run = $stmt->fetchAll(PDO::FETCH_ASSOC); - while ($row = array_shift($run)) { - $data['direct_aliases'][] = $row['direct_aliases']; - } - $stmt = $pdo->prepare("SELECT GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ', ') AS `ad_alias` FROM `mailbox` - LEFT OUTER JOIN `alias_domain` on `target_domain` = `domain` - WHERE `username` = :username ;"); - $stmt->execute(array(':username' => $username)); - $run = $stmt->fetchAll(PDO::FETCH_ASSOC); - while ($row = array_shift($run)) { - $data['direct_aliases'][] = $row['ad_alias']; - } - $data['direct_aliases'] = implode(', ', array_filter($data['direct_aliases'])); - $data['direct_aliases'] = empty($data['direct_aliases']) ? '✘' : $data['direct_aliases']; - $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(`send_as` SEPARATOR ', '), '✘') AS `send_as` FROM `sender_acl` WHERE `logged_in_as` = :username AND `send_as` NOT LIKE '@%';"); - $stmt->execute(array(':username' => $username)); - $run = $stmt->fetchAll(PDO::FETCH_ASSOC); - while ($row = array_shift($run)) { - $data['aliases_also_send_as'] = $row['send_as']; - } - $stmt = $pdo->prepare("SELECT IFNULL(CONCAT(GROUP_CONCAT(DISTINCT `send_as` SEPARATOR ', '), ', ', GROUP_CONCAT(DISTINCT CONCAT('@',`alias_domain`) SEPARATOR ', ')), '✘') AS `send_as` FROM `sender_acl` LEFT JOIN `alias_domain` ON `alias_domain`.`target_domain` = TRIM(LEADING '@' FROM `send_as`) WHERE `logged_in_as` = :username AND `send_as` LIKE '@%';"); - $stmt->execute(array(':username' => $username)); - $run = $stmt->fetchAll(PDO::FETCH_ASSOC); - while ($row = array_shift($run)) { - $data['aliases_send_as_all'] = $row['send_as']; - } - $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(`address` SEPARATOR ', '), '✘') as `address` FROM `alias` WHERE `goto` REGEXP :username AND `address` LIKE '@%';"); - $stmt->execute(array(':username' => '(^|,)'.$username.'($|,)')); - $run = $stmt->fetchAll(PDO::FETCH_ASSOC); - while ($row = array_shift($run)) { - $data['is_catch_all'] = $row['address']; - } - return $data; + $data['address'] = $username; + $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(`address` SEPARATOR ', '), '✘') AS `shared_aliases` FROM `alias` + WHERE `goto` REGEXP :username_goto + AND `address` NOT LIKE '@%' + AND `goto` != :username_goto2 + AND `address` != :username_address"); + $stmt->execute(array( + ':username_goto' => '(^|,)'.$username.'($|,)', + ':username_goto2' => $username, + ':username_address' => $username + )); + $run = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row = array_shift($run)) { + $data['shared_aliases'] = $row['shared_aliases']; } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $username), - 'msg' => array('mysql_error', $e) - ); - return false; + $stmt = $pdo->prepare("SELECT GROUP_CONCAT(`address` SEPARATOR ', ') AS `direct_aliases` FROM `alias` + WHERE `goto` = :username_goto + AND `address` NOT LIKE '@%' + AND `address` != :username_address"); + $stmt->execute( + array( + ':username_goto' => $username, + ':username_address' => $username + )); + $run = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row = array_shift($run)) { + $data['direct_aliases'][] = $row['direct_aliases']; } + $stmt = $pdo->prepare("SELECT GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ', ') AS `ad_alias` FROM `mailbox` + LEFT OUTER JOIN `alias_domain` on `target_domain` = `domain` + WHERE `username` = :username ;"); + $stmt->execute(array(':username' => $username)); + $run = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row = array_shift($run)) { + $data['direct_aliases'][] = $row['ad_alias']; + } + $data['direct_aliases'] = implode(', ', array_filter($data['direct_aliases'])); + $data['direct_aliases'] = empty($data['direct_aliases']) ? '✘' : $data['direct_aliases']; + $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(`send_as` SEPARATOR ', '), '✘') AS `send_as` FROM `sender_acl` WHERE `logged_in_as` = :username AND `send_as` NOT LIKE '@%';"); + $stmt->execute(array(':username' => $username)); + $run = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row = array_shift($run)) { + $data['aliases_also_send_as'] = $row['send_as']; + } + $stmt = $pdo->prepare("SELECT IFNULL(CONCAT(GROUP_CONCAT(DISTINCT `send_as` SEPARATOR ', '), ', ', GROUP_CONCAT(DISTINCT CONCAT('@',`alias_domain`) SEPARATOR ', ')), '✘') AS `send_as` FROM `sender_acl` LEFT JOIN `alias_domain` ON `alias_domain`.`target_domain` = TRIM(LEADING '@' FROM `send_as`) WHERE `logged_in_as` = :username AND `send_as` LIKE '@%';"); + $stmt->execute(array(':username' => $username)); + $run = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row = array_shift($run)) { + $data['aliases_send_as_all'] = $row['send_as']; + } + $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(`address` SEPARATOR ', '), '✘') as `address` FROM `alias` WHERE `goto` REGEXP :username AND `address` LIKE '@%';"); + $stmt->execute(array(':username' => '(^|,)'.$username.'($|,)')); + $run = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row = array_shift($run)) { + $data['is_catch_all'] = $row['address']; + } + return $data; } function is_valid_domain_name($domain_name) { if (empty($domain_name)) { @@ -716,7 +712,7 @@ function set_tfa($_data) { $username = $_SESSION['mailcow_cc_username']; if ($_SESSION['mailcow_cc_role'] != "domainadmin" && $_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'access_denied' @@ -728,7 +724,7 @@ function set_tfa($_data) { $stmt->execute(array(':user' => $username)); $row = $stmt->fetch(PDO::FETCH_ASSOC); if (!verify_hash($row['password'], $_data["confirm_password"])) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'access_denied' @@ -743,7 +739,7 @@ function set_tfa($_data) { $yubico_key = $_data['yubico_key']; $yubi = new Auth_Yubico($yubico_id, $yubico_key); if (!$yubi) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'access_denied' @@ -751,7 +747,7 @@ function set_tfa($_data) { return false; } if (!ctype_alnum($_data["otp_token"]) || strlen($_data["otp_token"]) != 44) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'tfa_token_invalid' @@ -760,7 +756,7 @@ function set_tfa($_data) { } $yauth = $yubi->verify($_data["otp_token"]); if (PEAR::isError($yauth)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('yotp_verification_failed', $yauth->getMessage()) @@ -780,14 +776,14 @@ function set_tfa($_data) { $stmt->execute(array(':key_id' => $key_id, ':username' => $username, ':secret' => $yubico_id . ':' . $yubico_key . ':' . $yubico_modhex_id)); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('mysql_error', $e) ); return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('object_modified', htmlspecialchars($username)) @@ -801,7 +797,7 @@ function set_tfa($_data) { $stmt->execute(array(':username' => $username)); $stmt = $pdo->prepare("INSERT INTO `tfa` (`username`, `key_id`, `authmech`, `keyHandle`, `publicKey`, `certificate`, `counter`, `active`) VALUES (?, ?, 'u2f', ?, ?, ?, ?, '1')"); $stmt->execute(array($username, $key_id, $reg->keyHandle, $reg->publicKey, $reg->certificate, $reg->counter)); - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('object_modified', $username) @@ -809,7 +805,7 @@ function set_tfa($_data) { $_SESSION['regReq'] = null; } catch (Exception $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('u2f_verification_failed', $e->getMessage()) @@ -828,21 +824,21 @@ function set_tfa($_data) { $stmt->execute(array($username, $key_id, $_POST['totp_secret'])); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('mysql_error', $e) ); return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('object_modified', $username) ); } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'totp_verification_failed' @@ -855,14 +851,14 @@ function set_tfa($_data) { $stmt->execute(array(':username' => $username)); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('mysql_error', $e) ); return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('object_modified', htmlspecialchars($username)) @@ -880,7 +876,7 @@ function unset_tfa_key($_data) { $username = $_SESSION['mailcow_cc_username']; if ($_SESSION['mailcow_cc_role'] != "domainadmin" && $_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'access_denied' @@ -889,7 +885,7 @@ function unset_tfa_key($_data) { } try { if (!is_numeric($id)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'access_denied' @@ -901,7 +897,7 @@ function unset_tfa_key($_data) { $stmt->execute(array(':username' => $username)); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ($row['keys'] == "1") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => 'last_key' @@ -910,14 +906,14 @@ function unset_tfa_key($_data) { } $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username AND `id` = :id"); $stmt->execute(array(':username' => $username, ':id' => $id)); - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('object_modified', $username) ); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_data_log), 'msg' => array('mysql_error', $e) @@ -1004,7 +1000,7 @@ function verify_tfa_login($username, $token) { switch ($row["authmech"]) { case "yubi_otp": if (!ctype_alnum($token) || strlen($token) != 44) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $username, '*'), 'msg' => array('yotp_verification_failed', 'token length error') @@ -1023,7 +1019,7 @@ function verify_tfa_login($username, $token) { $yubi = new Auth_Yubico($yubico_auth[0], $yubico_auth[1]); $yauth = $yubi->verify($token); if (PEAR::isError($yauth)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $username, '*'), 'msg' => array('yotp_verification_failed', $yauth->getMessage()) @@ -1032,14 +1028,14 @@ function verify_tfa_login($username, $token) { } else { $_SESSION['tfa_id'] = $row['id']; - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $username, '*'), 'msg' => 'verified_yotp_login' ); return true; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $username, '*'), 'msg' => array('yotp_verification_failed', 'unknown') @@ -1053,7 +1049,7 @@ function verify_tfa_login($username, $token) { $stmt->execute(array($reg->counter, $reg->id)); $_SESSION['tfa_id'] = $reg->id; $_SESSION['authReq'] = null; - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $username, '*'), 'msg' => 'verified_u2f_login' @@ -1061,7 +1057,7 @@ function verify_tfa_login($username, $token) { return true; } catch (Exception $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $username, '*'), 'msg' => array('u2f_verification_failed', $e->getMessage()) @@ -1069,7 +1065,7 @@ function verify_tfa_login($username, $token) { $_SESSION['regReq'] = null; return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $username, '*'), 'msg' => array('u2f_verification_failed', 'unknown') @@ -1089,14 +1085,14 @@ function verify_tfa_login($username, $token) { $row = $stmt->fetch(PDO::FETCH_ASSOC); if ($tfa->verifyCode($row['secret'], $_POST['token']) === true) { $_SESSION['tfa_id'] = $row['id']; - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $username, '*'), 'msg' => 'verified_totp_login' ); return true; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $username, '*'), 'msg' => 'totp_verification_failed' @@ -1104,7 +1100,7 @@ function verify_tfa_login($username, $token) { return false; } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $username, '*'), 'msg' => array('mysql_error', $e) @@ -1113,7 +1109,7 @@ function verify_tfa_login($username, $token) { } break; default: - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $username, '*'), 'msg' => 'unknown_tfa_method' @@ -1127,7 +1123,7 @@ function admin_api($action, $data = null) { global $pdo; global $lang; if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__), 'msg' => 'access_denied' @@ -1147,7 +1143,7 @@ function admin_api($action, $data = null) { } $allow_from = implode(',', array_unique(array_filter($allow_from))); if (empty($allow_from)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $data), 'msg' => 'ip_list_empty' @@ -1187,7 +1183,7 @@ function admin_api($action, $data = null) { )); break; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $data), 'msg' => 'admin_modified' @@ -1196,7 +1192,7 @@ function admin_api($action, $data = null) { function rspamd_ui($action, $data = null) { global $lang; if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__), 'msg' => 'access_denied' @@ -1208,7 +1204,7 @@ function rspamd_ui($action, $data = null) { $rspamd_ui_pass = $data['rspamd_ui_pass']; $rspamd_ui_pass2 = $data['rspamd_ui_pass2']; if (empty($rspamd_ui_pass) || empty($rspamd_ui_pass2)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, '*', '*'), 'msg' => 'password_empty' @@ -1216,7 +1212,7 @@ function rspamd_ui($action, $data = null) { return false; } if ($rspamd_ui_pass != $rspamd_ui_pass2) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, '*', '*'), 'msg' => 'password_mismatch' @@ -1224,7 +1220,7 @@ function rspamd_ui($action, $data = null) { return false; } if (strlen($rspamd_ui_pass) < 6) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, '*', '*'), 'msg' => 'rspamd_ui_pw_length' @@ -1234,7 +1230,7 @@ function rspamd_ui($action, $data = null) { $docker_return = docker('post', 'rspamd-mailcow', 'exec', array('cmd' => 'worker_password', 'raw' => $rspamd_ui_pass), array('Content-Type: application/json')); if ($docker_return_array = json_decode($docker_return, true)) { if ($docker_return_array['type'] == 'success') { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, '*', '*'), 'msg' => 'rspamd_ui_pw_set' @@ -1242,7 +1238,7 @@ function rspamd_ui($action, $data = null) { return true; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => $docker_return_array['type'], 'log' => array(__FUNCTION__, '*', '*'), 'msg' => $docker_return_array['msg'] @@ -1251,7 +1247,7 @@ function rspamd_ui($action, $data = null) { } } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, '*', '*'), 'msg' => 'unknown' @@ -1269,20 +1265,11 @@ function get_admin_details() { if ($_SESSION['mailcow_cc_role'] != 'admin') { return false; } - try { - $stmt = $pdo->query("SELECT `admin`.`username`, `api`.`active` AS `api_active`, `api`.`api_key`, `api`.`allow_from` FROM `admin` - INNER JOIN `api` ON `admin`.`username` = `api`.`username` - WHERE `admin`.`superadmin`='1' - AND `admin`.`active`='1'"); - $data = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__), - 'msg' => array('mysql_error', $e) - ); - } + $stmt = $pdo->query("SELECT `admin`.`username`, `api`.`active` AS `api_active`, `api`.`api_key`, `api`.`allow_from` FROM `admin` + INNER JOIN `api` ON `admin`.`username` = `api`.`username` + WHERE `admin`.`superadmin`='1' + AND `admin`.`active`='1'"); + $data = $stmt->fetch(PDO::FETCH_ASSOC); return $data; } function get_u2f_registrations($username) { @@ -1313,37 +1300,19 @@ function get_logs($container, $lines = false) { // SQL if ($container == "mailcow-ui") { if (isset($from) && isset($to)) { - try { - $stmt = $pdo->prepare("SELECT * FROM `logs` ORDER BY `id` DESC LIMIT :from, :to"); - $stmt->execute(array( - ':from' => $from - 1, - ':to' => $to - )); - $data = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__), - 'msg' => array('mysql_error', $e) - ); - } + $stmt = $pdo->prepare("SELECT * FROM `logs` ORDER BY `id` DESC LIMIT :from, :to"); + $stmt->execute(array( + ':from' => $from - 1, + ':to' => $to + )); + $data = $stmt->fetchAll(PDO::FETCH_ASSOC); } else { - try { - $stmt = $pdo->prepare("SELECT * FROM `logs` ORDER BY `id` DESC LIMIT :lines"); - $stmt->execute(array( - ':lines' => $lines + 1, - )); - $data = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__), - 'msg' => array('mysql_error', $e) - ); - } + $stmt = $pdo->prepare("SELECT * FROM `logs` ORDER BY `id` DESC LIMIT :lines"); + $stmt->execute(array( + ':lines' => $lines + 1, + )); + $data = $stmt->fetchAll(PDO::FETCH_ASSOC); } if (is_array($data)) { return $data; diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php index d0d1cd1a..82481cc3 100644 --- a/data/web/inc/functions.mailbox.inc.php +++ b/data/web/inc/functions.mailbox.inc.php @@ -11,7 +11,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { switch ($_type) { case 'time_limited_alias': if (!isset($_SESSION['acl']['spam_alias']) || $_SESSION['acl']['spam_alias'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -20,7 +20,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } if (isset($_data['username']) && filter_var($_data['username'], FILTER_VALIDATE_EMAIL)) { if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data['username'])) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -35,47 +35,27 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $username = $_SESSION['mailcow_cc_username']; } if (!is_numeric($_data["validity"]) || $_data["validity"] > 672) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'validity_missing' ); return false; } - try { - $stmt = $pdo->prepare("SELECT `domain` FROM `mailbox` WHERE `username` = :username"); - $stmt->execute(array(':username' => $_SESSION['mailcow_cc_username'])); - $domain = $stmt->fetch(PDO::FETCH_ASSOC)['domain']; - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("SELECT `domain` FROM `mailbox` WHERE `username` = :username"); + $stmt->execute(array(':username' => $_SESSION['mailcow_cc_username'])); + $domain = $stmt->fetch(PDO::FETCH_ASSOC)['domain']; $validity = strtotime("+".$_data["validity"]." hour"); $letters = 'abcefghijklmnopqrstuvwxyz1234567890'; $random_name = substr(str_shuffle($letters), 0, 24); - try { - $stmt = $pdo->prepare("INSERT INTO `spamalias` (`address`, `goto`, `validity`) VALUES - (:address, :goto, :validity)"); - $stmt->execute(array( - ':address' => $random_name . '@' . $domain, - ':goto' => $username, - ':validity' => $validity - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } - $_SESSION['return'] = array( + $stmt = $pdo->prepare("INSERT INTO `spamalias` (`address`, `goto`, `validity`) VALUES + (:address, :goto, :validity)"); + $stmt->execute(array( + ':address' => $random_name . '@' . $domain, + ':goto' => $username, + ':validity' => $validity + )); + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('mailbox_modified', htmlspecialchars($_SESSION['mailcow_cc_username'])) @@ -84,7 +64,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { case 'filter': $sieve = new Sieve\SieveParser(); if (!isset($_SESSION['acl']['filters']) || $_SESSION['acl']['filters'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -93,7 +73,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } if (isset($_data['username']) && filter_var($_data['username'], FILTER_VALIDATE_EMAIL)) { if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data['username'])) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -108,7 +88,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $username = $_SESSION['mailcow_cc_username']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'no_user_defined' @@ -120,7 +100,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $script_desc = $_data['script_desc']; $filter_type = $_data['filter_type']; if (empty($script_data)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'script_empty' @@ -131,7 +111,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $sieve->parse($script_data); } catch (Exception $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('sieve_error', $e->getMessage()) @@ -139,7 +119,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if (empty($script_data) || empty($script_desc)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'value_missing' @@ -147,7 +127,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if ($filter_type != 'postfilter' && $filter_type != 'prefilter') { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'filter_type' @@ -156,46 +136,26 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } if (!empty($active)) { $script_name = 'active'; - try { - $stmt = $pdo->prepare("UPDATE `sieve_filters` SET `script_name` = 'inactive' WHERE `username` = :username AND `filter_type` = :filter_type"); - $stmt->execute(array( - ':username' => $username, - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - ':filter_type' => $filter_type - )); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("UPDATE `sieve_filters` SET `script_name` = 'inactive' WHERE `username` = :username AND `filter_type` = :filter_type"); + $stmt->execute(array( + ':username' => $username, + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + ':filter_type' => $filter_type + )); } else { $script_name = 'inactive'; } - try { - $stmt = $pdo->prepare("INSERT INTO `sieve_filters` (`username`, `script_data`, `script_desc`, `script_name`, `filter_type`) - VALUES (:username, :script_data, :script_desc, :script_name, :filter_type)"); - $stmt->execute(array( - ':username' => $username, - ':script_data' => $script_data, - ':script_desc' => $script_desc, - ':script_name' => $script_name, - ':filter_type' => $filter_type - )); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } - $_SESSION['return'] = array( + $stmt = $pdo->prepare("INSERT INTO `sieve_filters` (`username`, `script_data`, `script_desc`, `script_name`, `filter_type`) + VALUES (:username, :script_data, :script_desc, :script_name, :filter_type)"); + $stmt->execute(array( + ':username' => $username, + ':script_data' => $script_data, + ':script_desc' => $script_desc, + ':script_name' => $script_name, + ':filter_type' => $filter_type + )); + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('mailbox_modified', $username) @@ -203,7 +163,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { break; case 'syncjob': if (!isset($_SESSION['acl']['syncjobs']) || $_SESSION['acl']['syncjobs'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -212,7 +172,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } if (isset($_data['username']) && filter_var($_data['username'], FILTER_VALIDATE_EMAIL)) { if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data['username'])) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -227,7 +187,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $username = $_SESSION['mailcow_cc_username']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'no_user_defined' @@ -270,7 +230,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $maxbytespersecond = "0"; } if (!filter_var($port1, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 65535)))) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -278,7 +238,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if (!filter_var($mins_interval, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 3600)))) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -286,7 +246,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if (!is_valid_domain_name($host1)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -294,7 +254,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if ($enc1 != "TLS" && $enc1 != "SSL" && $enc1 != "PLAIN") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -302,72 +262,52 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if (@preg_match("/" . $exclude . "/", null) === false) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); return false; } - try { - $stmt = $pdo->prepare("SELECT '1' FROM `imapsync` - WHERE `user2` = :user2 AND `user1` = :user1 AND `host1` = :host1"); - $stmt->execute(array(':user1' => $user1, ':user2' => $username, ':host1' => $host1)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("SELECT '1' FROM `imapsync` + WHERE `user2` = :user2 AND `user1` = :user1 AND `host1` = :host1"); + $stmt->execute(array(':user1' => $user1, ':user2' => $username, ':host1' => $host1)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); if ($num_results != 0) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('object_exists', htmlspecialchars($host1 . ' / ' . $user1)) ); return false; } - try { - $stmt = $pdo->prepare("INSERT INTO `imapsync` (`user2`, `exclude`, `delete1`, `delete2`, `timeout1`, `timeout2`, `automap`, `skipcrossduplicates`, `maxbytespersecond`, `subscribeall`, `maxage`, `subfolder2`, `host1`, `authmech1`, `user1`, `password1`, `mins_interval`, `port1`, `enc1`, `delete2duplicates`, `custom_params`, `active`) - VALUES (:user2, :exclude, :delete1, :delete2, :timeout1, :timeout2, :automap, :skipcrossduplicates, :maxbytespersecond, :subscribeall, :maxage, :subfolder2, :host1, :authmech1, :user1, :password1, :mins_interval, :port1, :enc1, :delete2duplicates, :custom_params, :active)"); - $stmt->execute(array( - ':user2' => $username, - ':custom_params' => $custom_params, - ':exclude' => $exclude, - ':maxage' => $maxage, - ':delete1' => $delete1, - ':delete2' => $delete2, - ':timeout1' => $timeout1, - ':timeout2' => $timeout2, - ':automap' => $automap, - ':skipcrossduplicates' => $skipcrossduplicates, - ':maxbytespersecond' => $maxbytespersecond, - ':subscribeall' => $subscribeall, - ':subfolder2' => $subfolder2, - ':host1' => $host1, - ':authmech1' => 'PLAIN', - ':user1' => $user1, - ':password1' => $password1, - ':mins_interval' => $mins_interval, - ':port1' => $port1, - ':enc1' => $enc1, - ':delete2duplicates' => $delete2duplicates, - ':active' => $active, - )); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } - $_SESSION['return'] = array( + $stmt = $pdo->prepare("INSERT INTO `imapsync` (`user2`, `exclude`, `delete1`, `delete2`, `timeout1`, `timeout2`, `automap`, `skipcrossduplicates`, `maxbytespersecond`, `subscribeall`, `maxage`, `subfolder2`, `host1`, `authmech1`, `user1`, `password1`, `mins_interval`, `port1`, `enc1`, `delete2duplicates`, `custom_params`, `active`) + VALUES (:user2, :exclude, :delete1, :delete2, :timeout1, :timeout2, :automap, :skipcrossduplicates, :maxbytespersecond, :subscribeall, :maxage, :subfolder2, :host1, :authmech1, :user1, :password1, :mins_interval, :port1, :enc1, :delete2duplicates, :custom_params, :active)"); + $stmt->execute(array( + ':user2' => $username, + ':custom_params' => $custom_params, + ':exclude' => $exclude, + ':maxage' => $maxage, + ':delete1' => $delete1, + ':delete2' => $delete2, + ':timeout1' => $timeout1, + ':timeout2' => $timeout2, + ':automap' => $automap, + ':skipcrossduplicates' => $skipcrossduplicates, + ':maxbytespersecond' => $maxbytespersecond, + ':subscribeall' => $subscribeall, + ':subfolder2' => $subfolder2, + ':host1' => $host1, + ':authmech1' => 'PLAIN', + ':user1' => $user1, + ':password1' => $password1, + ':mins_interval' => $mins_interval, + ':port1' => $port1, + ':enc1' => $enc1, + ':delete2duplicates' => $delete2duplicates, + ':active' => $active, + )); + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('mailbox_modified', $username) @@ -375,7 +315,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { break; case 'domain': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -390,7 +330,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $restart_sogo = $_data['restart_sogo']; $quota = $_data['quota']; if ($maxquota > $quota) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'mailbox_quota_exceeds_domain_quota' @@ -398,7 +338,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if ($maxquota == "0" || empty($maxquota)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'maxquota_empty' @@ -410,7 +350,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $backupmx = intval($_data['backupmx']); ($relay_all_recipients == 1) ? $backupmx = '1' : null; if (!is_valid_domain_name($domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'domain_invalid' @@ -419,7 +359,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } foreach (array($quota, $maxquota, $mailboxes, $aliases) as $data) { if (!is_numeric($data)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('object_is_not_numeric', htmlspecialchars($data)) @@ -427,26 +367,16 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } } - try { - $stmt = $pdo->prepare("SELECT `domain` FROM `domain` - WHERE `domain` = :domain"); - $stmt->execute(array(':domain' => $domain)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` - WHERE `alias_domain` = :domain"); - $stmt->execute(array(':domain' => $domain)); - $num_results = $num_results + count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` + WHERE `domain` = :domain"); + $stmt->execute(array(':domain' => $domain)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` + WHERE `alias_domain` = :domain"); + $stmt->execute(array(':domain' => $domain)); + $num_results = $num_results + count($stmt->fetchAll(PDO::FETCH_ASSOC)); if ($num_results != 0) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('domain_exists', htmlspecialchars($domain)) @@ -454,65 +384,62 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if ($domain == getenv('MAILCOW_HOSTNAME')) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'domain_cannot_match_hostname' ); return false; } + $stmt = $pdo->prepare("INSERT INTO `domain` (`domain`, `description`, `aliases`, `mailboxes`, `maxquota`, `quota`, `backupmx`, `active`, `relay_all_recipients`) + VALUES (:domain, :description, :aliases, :mailboxes, :maxquota, :quota, :backupmx, :active, :relay_all_recipients)"); + $stmt->execute(array( + ':domain' => $domain, + ':description' => $description, + ':aliases' => $aliases, + ':mailboxes' => $mailboxes, + ':maxquota' => $maxquota, + ':quota' => $quota, + ':backupmx' => $backupmx, + ':active' => $active, + ':relay_all_recipients' => $relay_all_recipients + )); try { - $stmt = $pdo->prepare("INSERT INTO `domain` (`domain`, `description`, `aliases`, `mailboxes`, `maxquota`, `quota`, `backupmx`, `active`, `relay_all_recipients`) - VALUES (:domain, :description, :aliases, :mailboxes, :maxquota, :quota, :backupmx, :active, :relay_all_recipients)"); - $stmt->execute(array( - ':domain' => $domain, - ':description' => $description, - ':aliases' => $aliases, - ':mailboxes' => $mailboxes, - ':maxquota' => $maxquota, - ':quota' => $quota, - ':backupmx' => $backupmx, - ':active' => $active, - ':relay_all_recipients' => $relay_all_recipients - )); - try { - $redis->hSet('DOMAIN_MAP', $domain, 1); - } - catch (RedisException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('redis_error', $e) - ); - return false; - } - if (!empty($restart_sogo)) { - $restart_reponse = json_decode(docker('post', 'sogo-mailcow', 'restart'), true); - if ($restart_reponse['type'] == "success") { - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('domain_added', htmlspecialchars($domain)) - ); - } - else { - $_SESSION['return'] = array( - 'type' => 'warning', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'domain_added_sogo_failed' - ); - } - } + $redis->hSet('DOMAIN_MAP', $domain, 1); } - catch (PDOException $e) { - mailbox('delete', 'domain', array('domain' => $domain)); - $_SESSION['return'] = array( + catch (RedisException $e) { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) + 'msg' => array('redis_error', $e) ); return false; } + if (!empty($restart_sogo)) { + $restart_reponse = json_decode(docker('post', 'sogo-mailcow', 'restart'), true); + if ($restart_reponse['type'] == "success") { + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('domain_added', htmlspecialchars($domain)) + ); + return true; + } + else { + $_SESSION['return'][] = array( + 'type' => 'warning', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => 'domain_added_sogo_failed' + ); + return false; + } + } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('domain_added', htmlspecialchars($domain)) + ); + return true; break; case 'alias': $addresses = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['address'])); @@ -522,7 +449,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $goto_spam = intval($_data['goto_spam']); $goto_ham = intval($_data['goto_ham']); if (empty($addresses[0])) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'alias_empty' @@ -530,7 +457,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if (empty($gotos[0]) && ($goto_null + $goto_spam + $goto_ham == 0)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'goto_empty' @@ -547,7 +474,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $goto = "ham@localhost"; } else { - foreach ($gotos as &$goto) { + foreach ($gotos as $i => &$goto) { if (empty($goto)) { continue; } @@ -560,23 +487,26 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $stmt->execute(array(':goto' => $goto)); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); if ($num_results != 0) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'goto_invalid' + 'msg' => array('goto_invalid', htmlspecialchars($goto)) ); - return false; + unset($gotos[$i]); + continue; } if (!filter_var($goto, FILTER_VALIDATE_EMAIL) === true) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'goto_invalid' + 'msg' => array('goto_invalid', htmlspecialchars($goto)) ); - return false; + unset($gotos[$i]); + continue; } } $gotos = array_filter($gotos); + if (empty($gotos)) { return false; } $goto = implode(",", $gotos); } foreach ($addresses as $address) { @@ -589,6 +519,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $domain = idn_to_ascii(substr(strstr($address, '@'), 1)); $local_part = strstr($address, '@', true); $address = $local_part.'@'.$domain; + $domaindata = mailbox('get', 'domain_details', $domain); + if (is_array($domaindata) && $domaindata['aliases_left'] == "0") { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => 'max_alias_exceeded' + ); + return false; + } $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `address`= :address OR `address` IN ( SELECT `username` FROM `mailbox`, `alias_domain` @@ -602,70 +541,39 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { )); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); if ($num_results != 0) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('is_alias_or_mailbox', htmlspecialchars($address)) ); return false; } - $domaindata = mailbox('get', 'domain_details', $domain); - if (is_array($domaindata) && $domaindata['aliases_left'] == "0") { - $_SESSION['return'] = array( + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` + WHERE `domain`= :domain1 OR `domain` = (SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain2)"); + $stmt->execute(array(':domain1' => $domain, ':domain2' => $domain)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results == 0) { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'max_alias_exceeded' + 'msg' => array('domain_not_found', htmlspecialchars($domain)) ); return false; } - try { - $stmt = $pdo->prepare("SELECT `domain` FROM `domain` - WHERE `domain`= :domain1 OR `domain` = (SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain2)"); - $stmt->execute(array(':domain1' => $domain, ':domain2' => $domain)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results == 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('domain_not_found', htmlspecialchars($domain)) - ); - return false; - } - $stmt = $pdo->prepare("SELECT `address` FROM `alias` - WHERE `address`= :address"); - $stmt->execute(array(':address' => $address)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('is_alias_or_mailbox', htmlspecialchars($address)) - ); - return false; - } - $stmt = $pdo->prepare("SELECT `address` FROM `spamalias` - WHERE `address`= :address"); - $stmt->execute(array(':address' => $address)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('is_spam_alias', htmlspecialchars($address)) - ); - return false; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( + $stmt = $pdo->prepare("SELECT `address` FROM `spamalias` + WHERE `address`= :address"); + $stmt->execute(array(':address' => $address)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) + 'msg' => array('is_spam_alias', htmlspecialchars($address)) ); return false; } if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'alias_invalid' @@ -673,60 +581,45 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); return false; } - try { - $stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `active`) - VALUES (:address, :goto, :domain, :active)"); - if (!filter_var($address, FILTER_VALIDATE_EMAIL) === true) { - $stmt->execute(array( - ':address' => '@'.$domain, - ':goto' => $goto, - ':domain' => $domain, - ':active' => $active - )); - } - else { - $stmt->execute(array( - ':address' => $address, - ':goto' => $goto, - ':domain' => $domain, - ':active' => $active - )); - } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'alias_added' - ); + $stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `active`) + VALUES (:address, :goto, :domain, :active)"); + if (!filter_var($address, FILTER_VALIDATE_EMAIL) === true) { + $stmt->execute(array( + ':address' => '@'.$domain, + ':goto' => $goto, + ':domain' => $domain, + ':active' => $active + )); } - catch (PDOException $e) { - mailbox('delete', 'alias', array('address' => $address)); - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + else { + $stmt->execute(array( + ':address' => $address, + ':goto' => $goto, + ':domain' => $domain, + ':active' => $active + )); } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('alias_added', $address) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'alias_added' - ); break; case 'alias_domain': $active = intval($_data['active']); $alias_domains = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['alias_domain'])); + $alias_domains = array_filter($alias_domains); $target_domain = idn_to_ascii(strtolower(trim($_data['target_domain']))); if (!is_valid_domain_name($target_domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'target_domain_invalid' @@ -734,100 +627,79 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $target_domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); return false; } - foreach ($alias_domains as $alias_domain) { + foreach ($alias_domains as $i => &$alias_domain) { $alias_domain = idn_to_ascii(strtolower(trim($alias_domain))); if (!is_valid_domain_name($alias_domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'alias_domain_invalid' + 'msg' => array('alias_domain_invalid', htmlspecialchars(alias_domain)) ); - return false; + continue; } if ($alias_domain == $target_domain) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'aliasd_targetd_identical' + 'msg' => array('aliasd_targetd_identical', htmlspecialchars($target_domain)) ); - return false; + continue; } - try { - $stmt = $pdo->prepare("SELECT `domain` FROM `domain` - WHERE `domain`= :target_domain"); - $stmt->execute(array(':target_domain' => $target_domain)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results == 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'targetd_not_found' - ); - return false; - } - $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `alias_domain`= :alias_domain - UNION - SELECT `domain` FROM `domain` WHERE `domain`= :alias_domain_in_domain"); - $stmt->execute(array(':alias_domain' => $alias_domain, ':alias_domain_in_domain' => $alias_domain)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'alias_domain_invalid' - ); - return false; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` + WHERE `domain`= :target_domain"); + $stmt->execute(array(':target_domain' => $target_domain)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results == 0) { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) + 'msg' => array('targetd_not_found', htmlspecialchars($target_domain)) ); - return false; + continue; } - try { - $stmt = $pdo->prepare("INSERT INTO `alias_domain` (`alias_domain`, `target_domain`, `active`) - VALUES (:alias_domain, :target_domain, :active)"); - $stmt->execute(array( - ':alias_domain' => $alias_domain, - ':target_domain' => $target_domain, - ':active' => $active - )); - } - catch (PDOException $e) { - mailbox('delete', 'alias_domain', array('alias_domain' => $alias_domain)); - $_SESSION['return'] = array( + $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `alias_domain`= :alias_domain + UNION + SELECT `domain` FROM `domain` WHERE `domain`= :alias_domain_in_domain"); + $stmt->execute(array(':alias_domain' => $alias_domain, ':alias_domain_in_domain' => $alias_domain)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) + 'msg' => array('alias_domain_invalid', $alias_domain) ); - return false; - } - try { - $redis->hSet('DOMAIN_MAP', $alias_domain, 1); - } - catch (RedisException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('redis_error', $e) - ); - return false; + continue; } } - $_SESSION['return'] = array( + $stmt = $pdo->prepare("INSERT INTO `alias_domain` (`alias_domain`, `target_domain`, `active`) + VALUES (:alias_domain, :target_domain, :active)"); + $stmt->execute(array( + ':alias_domain' => $alias_domain, + ':target_domain' => $target_domain, + ':active' => $active + )); + try { + $redis->hSet('DOMAIN_MAP', $alias_domain, 1); + } + catch (RedisException $e) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('redis_error', $e) + ); + return false; + } + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('aliasd_added', htmlspecialchars(implode(', ', $alias_domains))) + 'msg' => array('aliasd_added', htmlspecialchars($alias_domain)) ); break; case 'mailbox': @@ -835,7 +707,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $domain = idn_to_ascii(strtolower(trim($_data['domain']))); $username = $local_part . '@' . $domain; if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'mailbox_invalid' @@ -843,7 +715,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if (empty($_data['local_part'])) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'mailbox_invalid' @@ -861,7 +733,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $quota_b = ($quota_m * 1048576); $maildir = $domain . "/" . $local_part . "/"; if (!is_valid_domain_name($domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'domain_invalid' @@ -869,81 +741,71 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); return false; } - try { - $stmt = $pdo->prepare("SELECT `mailboxes`, `maxquota`, `quota` FROM `domain` - WHERE `domain` = :domain"); - $stmt->execute(array(':domain' => $domain)); - $DomainData = $stmt->fetch(PDO::FETCH_ASSOC); - $stmt = $pdo->prepare("SELECT - COUNT(*) as count, - COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota` - FROM `mailbox` - WHERE `kind` NOT REGEXP 'location|thing|group' - AND `domain` = :domain"); - $stmt->execute(array(':domain' => $domain)); - $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC); - $stmt = $pdo->prepare("SELECT `local_part` FROM `mailbox` WHERE `local_part` = :local_part and `domain`= :domain"); - $stmt->execute(array(':local_part' => $local_part, ':domain' => $domain)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('object_exists', htmlspecialchars($username)) - ); - return false; - } - $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE address= :username"); - $stmt->execute(array(':username' => $username)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('is_alias', htmlspecialchars($username)) - ); - return false; - } - $stmt = $pdo->prepare("SELECT `address` FROM `spamalias` WHERE `address`= :username"); - $stmt->execute(array(':username' => $username)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('is_spam_alias', htmlspecialchars($username)) - ); - return false; - } - $stmt = $pdo->prepare("SELECT `domain` FROM `domain` WHERE `domain`= :domain"); - $stmt->execute(array(':domain' => $domain)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results == 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('domain_not_found', htmlspecialchars($domain)) - ); - return false; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( + $stmt = $pdo->prepare("SELECT `mailboxes`, `maxquota`, `quota` FROM `domain` + WHERE `domain` = :domain"); + $stmt->execute(array(':domain' => $domain)); + $DomainData = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt = $pdo->prepare("SELECT + COUNT(*) as count, + COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota` + FROM `mailbox` + WHERE `kind` NOT REGEXP 'location|thing|group' + AND `domain` = :domain"); + $stmt->execute(array(':domain' => $domain)); + $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt = $pdo->prepare("SELECT `local_part` FROM `mailbox` WHERE `local_part` = :local_part and `domain`= :domain"); + $stmt->execute(array(':local_part' => $local_part, ':domain' => $domain)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) + 'msg' => array('object_exists', htmlspecialchars($username)) + ); + return false; + } + $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE address= :username"); + $stmt->execute(array(':username' => $username)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('is_alias', htmlspecialchars($username)) + ); + return false; + } + $stmt = $pdo->prepare("SELECT `address` FROM `spamalias` WHERE `address`= :username"); + $stmt->execute(array(':username' => $username)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('is_spam_alias', htmlspecialchars($username)) + ); + return false; + } + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` WHERE `domain`= :domain"); + $stmt->execute(array(':domain' => $domain)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results == 0) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('domain_not_found', htmlspecialchars($domain)) ); return false; } if (!is_numeric($quota_m) || $quota_m == "0") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'quota_not_0_not_numeric' @@ -952,7 +814,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } if (!empty($password) && !empty($password2)) { if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'password_complexity' @@ -960,7 +822,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if ($password != $password2) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'password_mismatch' @@ -970,7 +832,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $password_hashed = hash_password($password); } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'password_empty' @@ -978,7 +840,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if ($MailboxData['count'] >= $DomainData['mailboxes']) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('max_mailbox_exceeded', $MailboxData['count'], $DomainData['mailboxes']) @@ -986,7 +848,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if ($quota_m > $DomainData['maxquota']) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('mailbox_quota_exceeded', $DomainData['maxquota']) @@ -995,56 +857,45 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } if (($MailboxData['quota'] + $quota_m) > $DomainData['quota']) { $quota_left_m = ($DomainData['quota'] - $MailboxData['quota']); - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('mailbox_quota_left_exceeded', $quota_left_m) ); return false; } - try { - $stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `attributes`, `active`) - VALUES (:username, :password_hashed, :name, :maildir, :quota_b, :local_part, :domain, '{\"force_pw_update\": \"0\", \"tls_enforce_in\": \"0\", \"tls_enforce_out\": \"0\"}', :active)"); - $stmt->execute(array( - ':username' => $username, - ':password_hashed' => $password_hashed, - ':name' => $name, - ':maildir' => $maildir, - ':quota_b' => $quota_b, - ':local_part' => $local_part, - ':domain' => $domain, - ':active' => $active - )); - $stmt = $pdo->prepare("INSERT INTO `quota2` (`username`, `bytes`, `messages`) - VALUES (:username, '0', '0') ON DUPLICATE KEY UPDATE `bytes` = '0', `messages` = '0';"); - $stmt->execute(array(':username' => $username)); - $stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `active`) - VALUES (:username1, :username2, :domain, :active)"); - $stmt->execute(array( - ':username1' => $username, - ':username2' => $username, - ':domain' => $domain, - ':active' => $active - )); - $stmt = $pdo->prepare("INSERT INTO `user_acl` (`username`) VALUES (:username)"); - $stmt->execute(array( - ':username' => $username - )); - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mailbox_added', htmlspecialchars($username)) - ); - } - catch (PDOException $e) { - mailbox('delete', 'mailbox', array('username' => $username)); - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `attributes`, `active`) + VALUES (:username, :password_hashed, :name, :maildir, :quota_b, :local_part, :domain, '{\"force_pw_update\": \"0\", \"tls_enforce_in\": \"0\", \"tls_enforce_out\": \"0\"}', :active)"); + $stmt->execute(array( + ':username' => $username, + ':password_hashed' => $password_hashed, + ':name' => $name, + ':maildir' => $maildir, + ':quota_b' => $quota_b, + ':local_part' => $local_part, + ':domain' => $domain, + ':active' => $active + )); + $stmt = $pdo->prepare("INSERT INTO `quota2` (`username`, `bytes`, `messages`) + VALUES (:username, '0', '0') ON DUPLICATE KEY UPDATE `bytes` = '0', `messages` = '0';"); + $stmt->execute(array(':username' => $username)); + $stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `active`) + VALUES (:username1, :username2, :domain, :active)"); + $stmt->execute(array( + ':username1' => $username, + ':username2' => $username, + ':domain' => $domain, + ':active' => $active + )); + $stmt = $pdo->prepare("INSERT INTO `user_acl` (`username`) VALUES (:username)"); + $stmt->execute(array( + ':username' => $username + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('mailbox_added', htmlspecialchars($username)) + ); break; case 'resource': $domain = idn_to_ascii(strtolower(trim($_data['domain']))); @@ -1055,7 +906,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $multiple_bookings = intval($_data['multiple_bookings']); $active = intval($_data['active']); if (!filter_var($name, FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'resource_invalid' @@ -1063,7 +914,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if (empty($description)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'description_invalid' @@ -1074,7 +925,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $multiple_bookings = -1; } if ($kind != 'location' && $kind != 'group' && $kind != 'thing') { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'resource_invalid' @@ -1082,7 +933,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if (!is_valid_domain_name($domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'domain_invalid' @@ -1090,94 +941,73 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); return false; } - try { - $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `username` = :name"); - $stmt->execute(array(':name' => $name)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('object_exists', htmlspecialchars($name)) - ); - return false; - } - $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE address= :name"); - $stmt->execute(array(':name' => $name)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('is_alias', htmlspecialchars($name)) - ); - return false; - } - $stmt = $pdo->prepare("SELECT `address` FROM `spamalias` WHERE `address`= :name"); - $stmt->execute(array(':name' => $name)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('is_spam_alias', htmlspecialchars($name)) - ); - return false; - } - $stmt = $pdo->prepare("SELECT `domain` FROM `domain` WHERE `domain`= :domain"); - $stmt->execute(array(':domain' => $domain)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results == 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('domain_not_found', htmlspecialchars($domain)) - ); - return false; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( + $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `username` = :name"); + $stmt->execute(array(':name' => $name)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) + 'msg' => array('object_exists', htmlspecialchars($name)) ); return false; } - try { - $stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `active`, `multiple_bookings`, `kind`) - VALUES (:name, 'RESOURCE', :description, 'RESOURCE', 0, :local_part, :domain, :active, :multiple_bookings, :kind)"); - $stmt->execute(array( - ':name' => $name, - ':description' => $description, - ':local_part' => $local_part, - ':domain' => $domain, - ':active' => $active, - ':kind' => $kind, - ':multiple_bookings' => $multiple_bookings - )); - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('resource_added', htmlspecialchars($name)) - ); - } - catch (PDOException $e) { - mailbox('delete', 'resource', array('name' => $name)); - $_SESSION['return'] = array( + $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE address= :name"); + $stmt->execute(array(':name' => $name)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) + 'msg' => array('is_alias', htmlspecialchars($name)) ); return false; } + $stmt = $pdo->prepare("SELECT `address` FROM `spamalias` WHERE `address`= :name"); + $stmt->execute(array(':name' => $name)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('is_spam_alias', htmlspecialchars($name)) + ); + return false; + } + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` WHERE `domain`= :domain"); + $stmt->execute(array(':domain' => $domain)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results == 0) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('domain_not_found', htmlspecialchars($domain)) + ); + return false; + } + $stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `active`, `multiple_bookings`, `kind`) + VALUES (:name, 'RESOURCE', :description, 'RESOURCE', 0, :local_part, :domain, :active, :multiple_bookings, :kind)"); + $stmt->execute(array( + ':name' => $name, + ':description' => $description, + ':local_part' => $local_part, + ':domain' => $domain, + ':active' => $active, + ':kind' => $kind, + ':multiple_bookings' => $multiple_bookings + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('resource_added', htmlspecialchars($name)) + ); break; } break; @@ -1193,62 +1023,52 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $target_domain = (!empty($_data['target_domain'])) ? idn_to_ascii(strtolower(trim($_data['target_domain']))) : $is_now['target_domain']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'alias_domain_invalid' + 'msg' => array('alias_domain_invalid', htmlspecialchars($alias_domain)) ); - return false; + continue; } if (!is_valid_domain_name($target_domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'target_domain_invalid' + 'msg' => array('target_domain_invalid', htmlspecialchars($target_domain)) ); - return false; + continue; } if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $target_domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } if (empty(mailbox('get', 'domain_details', $target_domain)) || !empty(mailbox('get', 'alias_domain_details', $target_domain))) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'target_domain_invalid' + 'msg' => array('target_domain_invalid', htmlspecialchars($target_domain)) ); - return false; - } - try { - $stmt = $pdo->prepare("UPDATE `alias_domain` SET - `target_domain` = :target_domain, - `active` = :active - WHERE `alias_domain` = :alias_domain"); - $stmt->execute(array( - ':alias_domain' => $alias_domain, - ':target_domain' => $target_domain, - ':active' => $active - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("UPDATE `alias_domain` SET + `target_domain` = :target_domain, + `active` = :active + WHERE `alias_domain` = :alias_domain"); + $stmt->execute(array( + ':alias_domain' => $alias_domain, + ':target_domain' => $target_domain, + ':active' => $active + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('aliasd_modified', htmlspecialchars($alias_domain)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('aliasd_modified', htmlspecialchars(implode(', ', $alias_domains))) - ); break; case 'tls_policy': if (!is_array($_data['username'])) { @@ -1259,7 +1079,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $usernames = $_data['username']; } if (!isset($_SESSION['acl']['tls_policy']) || $_SESSION['acl']['tls_policy'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -1268,12 +1088,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } foreach ($usernames as $username) { if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } $is_now = mailbox('get', 'tls_policy', $username); if (!empty($is_now)) { @@ -1281,35 +1101,28 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $tls_enforce_out = (isset($_data['tls_enforce_out'])) ? intval($_data['tls_enforce_out']) : $is_now['tls_enforce_out']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; - } - try { - $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_out), `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_in) WHERE `username` = :username"); - $stmt->execute(array( - ':tls_out' => intval($tls_enforce_out), - ':tls_in' => intval($tls_enforce_in), - ':username' => $username - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("UPDATE `mailbox` + SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_out), + `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_in) + WHERE `username` = :username"); + $stmt->execute(array( + ':tls_out' => intval($tls_enforce_out), + ':tls_in' => intval($tls_enforce_in), + ':username' => $username + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('mailbox_modified', $username) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mailbox_modified', implode(', ', $usernames)) - ); break; case 'spam_score': if (!is_array($_data['username'])) { @@ -1320,7 +1133,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $usernames = $_data['username']; } if (!isset($_SESSION['acl']['spam_score']) || $_SESSION['acl']['spam_score'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -1331,55 +1144,40 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $lowspamlevel = explode(',', $_data['spam_score'])[0]; $highspamlevel = explode(',', $_data['spam_score'])[1]; if (!is_numeric($lowspamlevel) || !is_numeric($highspamlevel)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; - } - try { - $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username - AND (`option` = 'lowspamlevel' OR `option` = 'highspamlevel')"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option`, `value`) - VALUES (:username, 'highspamlevel', :highspamlevel)"); - $stmt->execute(array( - ':username' => $username, - ':highspamlevel' => $highspamlevel - )); - $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option`, `value`) - VALUES (:username, 'lowspamlevel', :lowspamlevel)"); - $stmt->execute(array( - ':username' => $username, - ':lowspamlevel' => $lowspamlevel - )); - } - catch (PDOException $e) { - $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username - AND (`option` = 'lowspamlevel' OR `option` = 'highspamlevel')"); - $stmt->execute(array( - ':username' => $username - )); - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username + AND (`option` = 'lowspamlevel' OR `option` = 'highspamlevel')"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option`, `value`) + VALUES (:username, 'highspamlevel', :highspamlevel)"); + $stmt->execute(array( + ':username' => $username, + ':highspamlevel' => $highspamlevel + )); + $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option`, `value`) + VALUES (:username, 'lowspamlevel', :lowspamlevel)"); + $stmt->execute(array( + ':username' => $username, + ':lowspamlevel' => $lowspamlevel + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('mailbox_modified', $username) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mailbox_modified', implode(', ', $usernames)) - ); break; case 'time_limited_alias': if (!isset($_SESSION['acl']['spam_alias']) || $_SESSION['acl']['spam_alias'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -1394,50 +1192,30 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $addresses = $_data['address']; } foreach ($addresses as $address) { - try { - $stmt = $pdo->prepare("SELECT `goto` FROM `spamalias` WHERE `address` = :address"); - $stmt->execute(array(':address' => $address)); - $goto = $stmt->fetch(PDO::FETCH_ASSOC)['goto']; - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("SELECT `goto` FROM `spamalias` WHERE `address` = :address"); + $stmt->execute(array(':address' => $address)); + $goto = $stmt->fetch(PDO::FETCH_ASSOC)['goto']; if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $goto)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; - } - try { - $stmt = $pdo->prepare("UPDATE `spamalias` SET `validity` = (`validity` + 3600) WHERE - `address` = :address AND - `validity` >= :validity"); - $stmt->execute(array( - ':address' => $address, - ':validity' => time() - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("UPDATE `spamalias` SET `validity` = (`validity` + 3600) WHERE + `address` = :address AND + `validity` >= :validity"); + $stmt->execute(array( + ':address' => $address, + ':validity' => time() + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('mailbox_modified', htmlspecialchars(implode(', ', $usernames))) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mailbox_modified', htmlspecialchars(implode(', ', $usernames))) - ); break; case 'delimiter_action': if (!is_array($_data['username'])) { @@ -1448,7 +1226,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $usernames = $_data['username']; } if (!isset($_SESSION['acl']['delimiter_action']) || $_SESSION['acl']['delimiter_action'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -1457,12 +1235,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } foreach ($usernames as $username) { if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } if (isset($_data['tagged_mail_handler']) && $_data['tagged_mail_handler'] == "subject") { try { @@ -1470,12 +1248,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $redis->hDel('RCPT_WANTS_SUBFOLDER_TAG', $username); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('redis_error', $e) ); - return false; + continue; } } else if (isset($_data['tagged_mail_handler']) && $_data['tagged_mail_handler'] == "subfolder") { @@ -1484,12 +1262,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $redis->hDel('RCPT_WANTS_SUBJECT_TAG', $username); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('redis_error', $e) ); - return false; + continue; } } else { @@ -1498,32 +1276,22 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $redis->hDel('RCPT_WANTS_SUBFOLDER_TAG', $username); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('redis_error', $e) ); - return false; + continue; } } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('mailbox_modified', $username) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mailbox_modified', implode(', ', $usernames)) - ); break; case 'ratelimit': - $rl_value = intval($_data['rl_value']); - $rl_frame = $_data['rl_frame']; - if (!in_array($rl_frame, array('s', 'm', 'h'))) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'rl_timeframe' - ); - return false; - } if (!is_array($_data['object'])) { $objects = array(); $objects[] = $_data['object']; @@ -1532,40 +1300,55 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $objects = $_data['object']; } foreach ($objects as $object) { + $rl_value = intval($_data['rl_value']); + $rl_frame = $_data['rl_frame']; + if (!in_array($rl_frame, array('s', 'm', 'h'))) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => 'rl_timeframe' + ); + continue; + } if (is_valid_domain_name($object)) { if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } } elseif (filter_var($object, FILTER_VALIDATE_EMAIL)) { if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } } else { - return false; + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => 'access_denied' + ); + continue; } if (empty($rl_value)) { try { $redis->hDel('RL_VALUE', $object); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('redis_error', $e) ); - return false; + continue; } } else { @@ -1573,20 +1356,20 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $redis->hSet('RL_VALUE', $object, $rl_value . ' / 1' . $rl_frame); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('redis_error', $e) ); - return false; + continue; } } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('object_modified', $object) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('domain_modified', implode(', ', $objects)) - ); break; case 'syncjob': if (!is_array($_data['id'])) { @@ -1597,7 +1380,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $ids = $_data['id']; } if (!isset($_SESSION['acl']['syncjobs']) || $_SESSION['acl']['syncjobs'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -1631,12 +1414,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $timeout2 = (isset($_data['timeout2']) && $_data['timeout2'] != "") ? intval($_data['timeout2']) : $is_now['timeout2']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } if (empty($subfolder2)) { $subfolder2 = ""; @@ -1654,107 +1437,97 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $maxbytespersecond = "0"; } if (!filter_var($port1, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 65535)))) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } if (!filter_var($mins_interval, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 3600)))) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } if (!is_valid_domain_name($host1)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } if ($enc1 != "TLS" && $enc1 != "SSL" && $enc1 != "PLAIN") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } if (@preg_match("/" . $exclude . "/", null) === false) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; - } - try { - $stmt = $pdo->prepare("UPDATE `imapsync` SET `delete1` = :delete1, - `delete2` = :delete2, - `automap` = :automap, - `skipcrossduplicates` = :skipcrossduplicates, - `maxage` = :maxage, - `maxbytespersecond` = :maxbytespersecond, - `subfolder2` = :subfolder2, - `exclude` = :exclude, - `host1` = :host1, - `last_run` = :last_run, - `user1` = :user1, - `password1` = :password1, - `mins_interval` = :mins_interval, - `port1` = :port1, - `enc1` = :enc1, - `delete2duplicates` = :delete2duplicates, - `custom_params` = :custom_params, - `timeout1` = :timeout1, - `timeout2` = :timeout2, - `subscribeall` = :subscribeall, - `active` = :active - WHERE `id` = :id"); - $stmt->execute(array( - ':delete1' => $delete1, - ':delete2' => $delete2, - ':automap' => $automap, - ':skipcrossduplicates' => $skipcrossduplicates, - ':id' => $id, - ':exclude' => $exclude, - ':maxage' => $maxage, - ':maxbytespersecond' => $maxbytespersecond, - ':subfolder2' => $subfolder2, - ':host1' => $host1, - ':user1' => $user1, - ':password1' => $password1, - ':last_run' => $last_run, - ':mins_interval' => $mins_interval, - ':port1' => $port1, - ':enc1' => $enc1, - ':delete2duplicates' => $delete2duplicates, - ':custom_params' => $custom_params, - ':timeout1' => $timeout1, - ':timeout2' => $timeout2, - ':subscribeall' => $subscribeall, - ':active' => $active, - )); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("UPDATE `imapsync` SET `delete1` = :delete1, + `delete2` = :delete2, + `automap` = :automap, + `skipcrossduplicates` = :skipcrossduplicates, + `maxage` = :maxage, + `maxbytespersecond` = :maxbytespersecond, + `subfolder2` = :subfolder2, + `exclude` = :exclude, + `host1` = :host1, + `last_run` = :last_run, + `user1` = :user1, + `password1` = :password1, + `mins_interval` = :mins_interval, + `port1` = :port1, + `enc1` = :enc1, + `delete2duplicates` = :delete2duplicates, + `custom_params` = :custom_params, + `timeout1` = :timeout1, + `timeout2` = :timeout2, + `subscribeall` = :subscribeall, + `active` = :active + WHERE `id` = :id"); + $stmt->execute(array( + ':delete1' => $delete1, + ':delete2' => $delete2, + ':automap' => $automap, + ':skipcrossduplicates' => $skipcrossduplicates, + ':id' => $id, + ':exclude' => $exclude, + ':maxage' => $maxage, + ':maxbytespersecond' => $maxbytespersecond, + ':subfolder2' => $subfolder2, + ':host1' => $host1, + ':user1' => $user1, + ':password1' => $password1, + ':last_run' => $last_run, + ':mins_interval' => $mins_interval, + ':port1' => $port1, + ':enc1' => $enc1, + ':delete2duplicates' => $delete2duplicates, + ':custom_params' => $custom_params, + ':timeout1' => $timeout1, + ':timeout2' => $timeout2, + ':subscribeall' => $subscribeall, + ':active' => $active, + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('mailbox_modified', $username) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mailbox_modified', $username) - ); break; case 'filter': $sieve = new Sieve\SieveParser(); @@ -1766,7 +1539,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $ids = $_data['id']; } if (!isset($_SESSION['acl']['filters']) || $_SESSION['acl']['filters'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -1783,103 +1556,152 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $filter_type = (!empty($_data['filter_type'])) ? $_data['filter_type'] : $is_now['filter_type']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } try { $sieve->parse($script_data); } catch (Exception $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('sieve_error', $e->getMessage()) ); - return false; + continue; } if ($filter_type != 'postfilter' && $filter_type != 'prefilter') { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'filter_type' ); - return false; + continue; } if ($active == '1') { $script_name = 'active'; - try { - $stmt = $pdo->prepare("UPDATE `sieve_filters` SET `script_name` = 'inactive' WHERE `username` = :username AND `filter_type` = :filter_type"); - $stmt->execute(array( - ':username' => $username, - ':filter_type' => $filter_type - )); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("UPDATE `sieve_filters` + SET `script_name` = 'inactive' + WHERE `username` = :username + AND `filter_type` = :filter_type"); + $stmt->execute(array( + ':username' => $username, + ':filter_type' => $filter_type + )); } else { $script_name = 'inactive'; } - try { - $stmt = $pdo->prepare("UPDATE `sieve_filters` SET `script_desc` = :script_desc, `script_data` = :script_data, `script_name` = :script_name, `filter_type` = :filter_type - WHERE `id` = :id"); - $stmt->execute(array( - ':script_desc' => $script_desc, - ':script_data' => $script_data, - ':script_name' => $script_name, - ':filter_type' => $filter_type, - ':id' => $id - )); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("UPDATE `sieve_filters` SET `script_desc` = :script_desc, `script_data` = :script_data, `script_name` = :script_name, `filter_type` = :filter_type + WHERE `id` = :id"); + $stmt->execute(array( + ':script_desc' => $script_desc, + ':script_data' => $script_data, + ':script_name' => $script_name, + ':filter_type' => $filter_type, + ':id' => $id + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('mailbox_modified', $username) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mailbox_modified', $username) - ); break; case 'alias': - if (!is_array($_data['address'])) { - $addresses = array(); - $addresses[] = $_data['address']; + if (!is_array($_data['id'])) { + $ids = array(); + $ids[] = $_data['id']; } else { - $addresses = $_data['address']; + $ids = $_data['id']; } - foreach ($addresses as $address) { - $is_now = mailbox('get', 'alias_details', $address); + foreach ($ids as $id) { + $is_now = mailbox('get', 'alias_details', $id); if (!empty($is_now)) { $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active_int']; - $goto_null = (isset($_data['goto_null'])) ? intval($_data['goto_null']) : $is_now['goto_null']; - $goto_spam = (isset($_data['goto_spam'])) ? intval($_data['goto_spam']) : $is_now['goto_spam']; - $goto_ham = (isset($_data['goto_ham'])) ? intval($_data['goto_ham']) : $is_now['goto_ham']; - $goto = (!empty($_data['goto'])) ? $_data['goto'] : $is_now['goto']; + $goto_null = (isset($_data['goto_null'])) ? intval($_data['goto_null']) : 0; + $goto_spam = (isset($_data['goto_spam'])) ? intval($_data['goto_spam']) : 0; + $goto_ham = (isset($_data['goto_ham'])) ? intval($_data['goto_ham']) : 0; + $goto = (!empty($_data['goto'])) ? $_data['goto'] : $is_now['goto']; + $address = (!empty($_data['address'])) ? $_data['address'] : $is_now['address']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'alias_invalid' ); - return false; + continue; + } + if ($is_now['address'] != $address) { + $domain = idn_to_ascii(substr(strstr($address, '@'), 1)); + $local_part = strstr($address, '@', true); + $address = $local_part.'@'.$domain; + if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => 'access_denied' + ); + continue; + } + if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => 'alias_invalid' + ); + continue; + } + $stmt = $pdo->prepare("SELECT `address` FROM `alias` + WHERE `address`= :address OR `address` IN ( + SELECT `username` FROM `mailbox`, `alias_domain` + WHERE ( + `alias_domain`.`alias_domain` = :address_d + AND `mailbox`.`username` = CONCAT(:address_l, '@', alias_domain.target_domain)))"); + $stmt->execute(array( + ':address' => $address, + ':address_l' => $local_part, + ':address_d' => $domain + )); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('is_alias_or_mailbox', htmlspecialchars($address)) + ); + continue; + } + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` + WHERE `domain`= :domain1 OR `domain` = (SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain2)"); + $stmt->execute(array(':domain1' => $domain, ':domain2' => $domain)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results == 0) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('domain_not_found', htmlspecialchars($domain)) + ); + continue; + } + $stmt = $pdo->prepare("SELECT `address` FROM `spamalias` + WHERE `address`= :address"); + $stmt->execute(array(':address' => $address)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('is_spam_alias', htmlspecialchars($address)) + ); + continue; + } } if ($goto_null == "1") { $goto = "null@localhost"; @@ -1891,85 +1713,52 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $goto = "ham@localhost"; } else { - $gotos = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['goto'])); - foreach ($gotos as &$goto) { + $gotos = array_map('trim', preg_split( "/( |,|;|\n)/", $goto)); + foreach ($gotos as $i => &$goto) { if (empty($goto)) { continue; } if (!filter_var($goto, FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' =>'goto_invalid' + 'msg' => array('goto_invalid', $goto) ); - return false; + unset($gotos[$i]); + continue; } if ($goto == $address) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'alias_goto_identical' ); - return false; + unset($gotos[$i]); + continue; } } $gotos = array_filter($gotos); $goto = implode(",", $gotos); } - $domain = idn_to_ascii(substr(strstr($address, '@'), 1)); - $local_part = strstr($address, '@', true); - if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'access_denied' - ); - return false; - } - if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'alias_invalid' - ); - return false; - } - try { - if (!empty($goto)) { - $stmt = $pdo->prepare("UPDATE `alias` SET - `goto` = :goto, - `active`= :active - WHERE `address` = :address"); - $stmt->execute(array( - ':goto' => $goto, - ':active' => $active, - ':address' => $address - )); - } - else { - $stmt = $pdo->prepare("UPDATE `alias` SET - `active`= :active - WHERE `address` = :address"); - $stmt->execute(array( - ':active' => $active, - ':address' => $address - )); - } - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + if (!empty($goto)) { + $stmt = $pdo->prepare("UPDATE `alias` SET + `address` = :address, + `goto` = :goto, + `active`= :active + WHERE `id` = :id"); + $stmt->execute(array( + ':address' => $address, + ':goto' => $goto, + ':active' => $active, + ':id' => $id + )); } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('alias_modified', htmlspecialchars($address)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('alias_modified', htmlspecialchars(implode(', ', $addresses))) - ); break; case 'domain': if (!is_array($_data['domain'])) { @@ -1982,39 +1771,29 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { foreach ($domains as $domain) { $domain = idn_to_ascii($domain); if (!is_valid_domain_name($domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'domain_invalid' ); - return false; + continue; } if ($_SESSION['mailcow_cc_role'] == "domainadmin" && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { $description = $_data['description']; $active = intval($_data['active']); - try { - $stmt = $pdo->prepare("UPDATE `domain` SET - `description` = :description - WHERE `domain` = :domain"); - $stmt->execute(array( - ':description' => $description, - ':domain' => $domain - )); - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('domain_modified', htmlspecialchars($domain)) - ); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("UPDATE `domain` SET + `description` = :description + WHERE `domain` = :domain"); + $stmt->execute(array( + ':description' => $description, + ':domain' => $domain + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('domain_modified', htmlspecialchars($domain)) + ); } elseif ($_SESSION['mailcow_cc_role'] == "admin") { $is_now = mailbox('get', 'domain_details', $domain); @@ -2031,129 +1810,109 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { ($relay_all_recipients == '1') ? $backupmx = '1' : null; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'domain_invalid' ); - return false; - } - try { - // todo: should be using api here - $stmt = $pdo->prepare("SELECT - COUNT(*) AS count, - MAX(COALESCE(ROUND(`quota`/1048576), 0)) AS `biggest_mailbox`, - COALESCE(ROUND(SUM(`quota`)/1048576), 0) AS `quota_all` - FROM `mailbox` - WHERE `kind` NOT REGEXP 'location|thing|group' - AND domain = :domain"); - $stmt->execute(array(':domain' => $domain)); - $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC); - // todo: should be using api here - $stmt = $pdo->prepare("SELECT COUNT(*) AS `count` FROM `alias` - WHERE domain = :domain - AND address NOT IN ( - SELECT `username` FROM `mailbox` - )"); - $stmt->execute(array(':domain' => $domain)); - $AliasData = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + // todo: should be using api here + $stmt = $pdo->prepare("SELECT + COUNT(*) AS count, + MAX(COALESCE(ROUND(`quota`/1048576), 0)) AS `biggest_mailbox`, + COALESCE(ROUND(SUM(`quota`)/1048576), 0) AS `quota_all` + FROM `mailbox` + WHERE `kind` NOT REGEXP 'location|thing|group' + AND domain = :domain"); + $stmt->execute(array(':domain' => $domain)); + $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC); + // todo: should be using api here + $stmt = $pdo->prepare("SELECT COUNT(*) AS `count` FROM `alias` + WHERE domain = :domain + AND address NOT IN ( + SELECT `username` FROM `mailbox` + )"); + $stmt->execute(array(':domain' => $domain)); + $AliasData = $stmt->fetch(PDO::FETCH_ASSOC); if ($maxquota > $quota) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'mailbox_quota_exceeds_domain_quota' ); - return false; + continue; } if ($maxquota == "0" || empty($maxquota)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'maxquota_empty' ); - return false; + continue; } if ($MailboxData['biggest_mailbox'] > $maxquota) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('max_quota_in_use', $MailboxData['biggest_mailbox']) ); - return false; + continue; } if ($MailboxData['quota_all'] > $quota) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('domain_quota_m_in_use', $MailboxData['quota_all']) ); - return false; + continue; } if ($MailboxData['count'] > $mailboxes) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('mailboxes_in_use', $MailboxData['count']) ); - return false; + continue; } if ($AliasData['count'] > $aliases) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('aliases_in_use', $AliasData['count']) ); - return false; - } - try { - $stmt = $pdo->prepare("UPDATE `domain` SET - `relay_all_recipients` = :relay_all_recipients, - `backupmx` = :backupmx, - `active` = :active, - `quota` = :quota, - `maxquota` = :maxquota, - `relayhost` = :relayhost, - `mailboxes` = :mailboxes, - `aliases` = :aliases, - `description` = :description - WHERE `domain` = :domain"); - $stmt->execute(array( - ':relay_all_recipients' => $relay_all_recipients, - ':backupmx' => $backupmx, - ':active' => $active, - ':quota' => $quota, - ':maxquota' => $maxquota, - ':relayhost' => $relayhost, - ':mailboxes' => $mailboxes, - ':aliases' => $aliases, - ':description' => $description, - ':domain' => $domain - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("UPDATE `domain` SET + `relay_all_recipients` = :relay_all_recipients, + `backupmx` = :backupmx, + `active` = :active, + `quota` = :quota, + `maxquota` = :maxquota, + `relayhost` = :relayhost, + `mailboxes` = :mailboxes, + `aliases` = :aliases, + `description` = :description + WHERE `domain` = :domain"); + $stmt->execute(array( + ':relay_all_recipients' => $relay_all_recipients, + ':backupmx' => $backupmx, + ':active' => $active, + ':quota' => $quota, + ':maxquota' => $maxquota, + ':relayhost' => $relayhost, + ':mailboxes' => $mailboxes, + ':aliases' => $aliases, + ':description' => $description, + ':domain' => $domain + )); } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('domain_modified', htmlspecialchars($domain)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('domain_modified', htmlspecialchars(implode(', ', $domains))) - ); break; case 'mailbox': if (!is_array($_data['username'])) { @@ -2165,12 +1924,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } foreach ($usernames as $username) { if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'username_invalid' + 'msg' => array('username_invalid', $username) ); - return false; + continue; } $is_now = mailbox('get', 'mailbox_details', $username); if (!empty($is_now)) { @@ -2184,59 +1943,49 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $password2 = (!empty($_data['password2'])) ? $_data['password2'] : null; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; - } - try { - $stmt = $pdo->prepare("SELECT `quota`, `maxquota` - FROM `domain` - WHERE `domain` = :domain"); - $stmt->execute(array(':domain' => $domain)); - $DomainData = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("SELECT `quota`, `maxquota` + FROM `domain` + WHERE `domain` = :domain"); + $stmt->execute(array(':domain' => $domain)); + $DomainData = $stmt->fetch(PDO::FETCH_ASSOC); if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } if (!is_numeric($quota_m) || $quota_m == "0") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('quota_not_0_not_numeric', htmlspecialchars($quota_m)) ); - return false; + continue; } if ($quota_m > $DomainData['maxquota']) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('mailbox_quota_exceeded', $DomainData['maxquota']) ); - return false; + continue; } if (((($is_now['quota_used'] / 1048576) - $quota_m) + $quota_m) > $DomainData['quota']) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('mailbox_quota_left_exceeded', ($is_now['max_new_quota'] / 1048576)) ); - return false; + continue; } if (isset($_data['sender_acl'])) { // Get sender_acl items set by admin @@ -2256,7 +2005,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } else { if (array_search('default', $_data['sender_acl']) !== false){ - unset($_data['sender_acl'][array_search('defaaault', $_data['sender_acl'])]); + unset($_data['sender_acl'][array_search('default', $_data['sender_acl'])]); } $sender_acl_domain_admin = $_data['sender_acl']; } @@ -2265,47 +2014,60 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { foreach ($sender_acl_domain_admin as $key => $val) { // Check for invalid domain or email format or not * if (!filter_var($val, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name(ltrim($val, '@')) && $val != '*') { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('sender_acl_invalid', $sender_acl_domain_admin[$key]) + ); unset($sender_acl_domain_admin[$key]); continue; } // Check if user has domain access (if object is domain) - $domain = ltrim($sender_acl, '@'); + $domain = ltrim($sender_acl_domain_admin[$key], '@'); if (is_valid_domain_name($domain)) { // Check for- and skip non-mailcow domains $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains')); if (!empty($domains)) { if (!in_array($domain, $domains)) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('sender_acl_invalid', $sender_acl_domain_admin[$key]) + ); unset($sender_acl_domain_admin[$key]); continue; } } if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'sender_acl_invalid' + 'msg' => array('sender_acl_invalid', $sender_acl_domain_admin[$key]) ); - return false; + unset($sender_acl_domain_admin[$key]); + continue; } } // Wildcard can only be used if role == admin if ($val == '*' && $_SESSION['mailcow_cc_role'] != 'admin') { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'sender_acl_invalid' + 'msg' => array('sender_acl_invalid', $sender_acl_domain_admin[$key]) ); - return false; + unset($sender_acl_domain_admin[$key]); + continue; } // Check if user has mailbox access (if object is email) if (filter_var($val, FILTER_VALIDATE_EMAIL)) { if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $val)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'sender_acl_invalid' + 'msg' => array('sender_acl_invalid', $sender_acl_domain_admin[$key]) ); - return false; + unset($sender_acl_domain_admin[$key]); + continue; } } } @@ -2313,132 +2075,82 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $sender_acl_merged = array_merge($sender_acl_domain_admin, $sender_acl_admin); // If merged array still contains "*", set it as only value !in_array('*', $sender_acl_merged) ?: $sender_acl_merged = array('*'); - try { - $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username"); - $stmt->execute(array( - ':username' => $username - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username"); + $stmt->execute(array( + ':username' => $username + )); foreach ($sender_acl_merged as $sender_acl) { $domain = ltrim($sender_acl, '@'); if (is_valid_domain_name($domain)) { $sender_acl = '@' . $domain; } - try { - $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`) - VALUES (:sender_acl, :username)"); - $stmt->execute(array( - ':sender_acl' => $sender_acl, - ':username' => $username - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } - } - } - else { - try { - $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username"); + $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`) + VALUES (:sender_acl, :username)"); $stmt->execute(array( + ':sender_acl' => $sender_acl, ':username' => $username )); } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + } + else { + $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username"); + $stmt->execute(array( + ':username' => $username + )); } } if (!empty($password) && !empty($password2)) { if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'password_complexity' ); - return false; + continue; } if ($password != $password2) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'password_mismatch' ); - return false; + continue; } $password_hashed = hash_password($password); - try { - $stmt = $pdo->prepare("UPDATE `mailbox` SET - `password` = :password_hashed - WHERE `username` = :username"); - $stmt->execute(array( - ':password_hashed' => $password_hashed, - ':username' => $username - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } - } - try { - $stmt = $pdo->prepare("UPDATE `alias` SET - `active` = :active - WHERE `address` = :address"); - $stmt->execute(array( - ':address' => $username, - ':active' => $active - )); $stmt = $pdo->prepare("UPDATE `mailbox` SET - `active` = :active, - `name`= :name, - `quota` = :quota_b, - `attributes` = JSON_SET(`attributes`, '$.force_pw_update', :force_pw_update) + `password` = :password_hashed WHERE `username` = :username"); $stmt->execute(array( - ':active' => $active, - ':name' => $name, - ':quota_b' => $quota_b, - ':force_pw_update' => $force_pw_update, + ':password_hashed' => $password_hashed, ':username' => $username )); } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("UPDATE `alias` SET + `active` = :active + WHERE `address` = :address"); + $stmt->execute(array( + ':address' => $username, + ':active' => $active + )); + $stmt = $pdo->prepare("UPDATE `mailbox` SET + `active` = :active, + `name`= :name, + `quota` = :quota_b, + `attributes` = JSON_SET(`attributes`, '$.force_pw_update', :force_pw_update) + WHERE `username` = :username"); + $stmt->execute(array( + ':active' => $active, + ':name' => $name, + ':quota_b' => $quota_b, + ':force_pw_update' => $force_pw_update, + ':username' => $username + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('mailbox_modified', $username) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mailbox_modified', implode(', ', $usernames)) - ); break; case 'resource': if (!is_array($_data['name'])) { @@ -2457,77 +2169,67 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $kind = (!empty($_data['kind'])) ? $_data['kind'] : $is_now['kind']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'resource_invalid' + 'msg' => array('resource_invalid', htmlspecialchars($name)) ); - return false; + continue; } if (!filter_var($name, FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'resource_invalid' + 'msg' => array('resource_invalid', htmlspecialchars($name)) ); - return false; + continue; } if (!isset($multiple_bookings) || $multiple_bookings < -1) { $multiple_bookings = -1; } if (empty($description)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'description_invalid' + 'msg' => array('description_invalid', htmlspecialchars($name)) ); - return false; + continue; } if ($kind != 'location' && $kind != 'group' && $kind != 'thing') { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'resource_invalid' + 'msg' => array('resource_invalid', htmlspecialchars($name)) ); - return false; + continue; } if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $name)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; - } - try { - $stmt = $pdo->prepare("UPDATE `mailbox` SET - `active` = :active, - `name`= :description, - `kind`= :kind, - `multiple_bookings`= :multiple_bookings - WHERE `username` = :name"); - $stmt->execute(array( - ':active' => $active, - ':description' => $description, - ':multiple_bookings' => $multiple_bookings, - ':kind' => $kind, - ':name' => $name - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("UPDATE `mailbox` SET + `active` = :active, + `name`= :description, + `kind`= :kind, + `multiple_bookings`= :multiple_bookings + WHERE `username` = :name"); + $stmt->execute(array( + ':active' => $active, + ':description' => $description, + ':multiple_bookings' => $multiple_bookings, + ':kind' => $kind, + ':name' => $name + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('resource_modified', htmlspecialchars($name)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('resource_modified', implode(', ', $names)) - ); break; } break; @@ -2544,108 +2246,98 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $data['sender_acl_addresses']['rw'] = array(); $data['sender_acl_addresses']['selectable'] = array(); $data['fixed_sender_aliases'] = array(); - try { - // Fixed addresses - $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` REGEXP :goto AND `address` NOT LIKE '@%'"); - $stmt->execute(array(':goto' => '(^|,)'.$_data.'($|,)')); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while ($row = array_shift($rows)) { - $data['fixed_sender_aliases'][] = $row['address']; - } - $stmt = $pdo->prepare("SELECT CONCAT(`local_part`, '@', `alias_domain`.`alias_domain`) AS `alias_domain_alias` FROM `mailbox`, `alias_domain` - WHERE `alias_domain`.`target_domain` = `mailbox`.`domain` - AND `mailbox`.`username` = :username"); - $stmt->execute(array(':username' => $_data)); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while ($row = array_shift($rows)) { - if (!empty($row['alias_domain_alias'])) { - $data['fixed_sender_aliases'][] = $row['alias_domain_alias']; - } - } - // Return array $data['sender_acl_domains/addresses']['ro'] with read-only objects - // Return array $data['sender_acl_domains/addresses']['rw'] with read-write objects (can be deleted) - $stmt = $pdo->prepare("SELECT REPLACE(`send_as`, '@', '') AS `send_as` FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as AND (`send_as` LIKE '@%' OR `send_as` = '*')"); - $stmt->execute(array(':logged_in_as' => $_data)); - $domain_rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while ($domain_row = array_shift($domain_rows)) { - if (is_valid_domain_name($domain_row['send_as']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain_row['send_as'])) { - $data['sender_acl_domains']['ro'][] = $domain_row['send_as']; - continue; - } - if (is_valid_domain_name($domain_row['send_as']) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain_row['send_as'])) { - $data['sender_acl_domains']['rw'][] = $domain_row['send_as']; - continue; - } - if ($domain_row['send_as'] == '*' && $_SESSION['mailcow_cc_role'] != 'admin') { - $data['sender_acl_domains']['ro'][] = $domain_row['send_as']; - } - if ($domain_row['send_as'] == '*' && $_SESSION['mailcow_cc_role'] == 'admin') { - $data['sender_acl_domains']['rw'][] = $domain_row['send_as']; - } - } - $stmt = $pdo->prepare("SELECT `send_as` FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as AND (`send_as` NOT LIKE '@%' AND `send_as` != '*')"); - $stmt->execute(array(':logged_in_as' => $_data)); - $address_rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while ($address_row = array_shift($address_rows)) { - if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) { - $data['sender_acl_addresses']['ro'][] = $address_row['send_as']; - continue; - } - if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) { - $data['sender_acl_addresses']['rw'][] = $address_row['send_as']; - continue; - } - } - $stmt = $pdo->prepare("SELECT `domain` FROM `domain` - WHERE `domain` NOT IN ( - SELECT REPLACE(`send_as`, '@', '') FROM `sender_acl` - WHERE `logged_in_as` = :logged_in_as1 - AND `send_as` LIKE '@%') - UNION - SELECT '*' FROM `domain` - WHERE '*' NOT IN ( - SELECT `send_as` FROM `sender_acl` - WHERE `logged_in_as` = :logged_in_as2 - )"); - $stmt->execute(array( - ':logged_in_as1' => $_data, - ':logged_in_as2' => $_data - )); - $rows_domain = $stmt->fetchAll(PDO::FETCH_ASSOC); - while ($row_domain = array_shift($rows_domain)) { - if (is_valid_domain_name($row_domain['domain']) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row_domain['domain'])) { - $data['sender_acl_domains']['selectable'][] = $row_domain['domain']; - continue; - } - if ($row_domain['domain'] == '*' && $_SESSION['mailcow_cc_role'] == 'admin') { - $data['sender_acl_domains']['selectable'][] = $row_domain['domain']; - continue; - } - } - $stmt = $pdo->prepare("SELECT `address` FROM `alias` - WHERE `goto` != :goto - AND `address` NOT IN ( - SELECT `send_as` FROM `sender_acl` - WHERE `logged_in_as` = :logged_in_as - AND `send_as` NOT LIKE '@%')"); - $stmt->execute(array( - ':logged_in_as' => $_data, - ':goto' => $_data - )); - $rows_mbox = $stmt->fetchAll(PDO::FETCH_ASSOC); - while ($row = array_shift($rows_mbox)) { - if (filter_var($row['address'], FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['address'])) { - $data['sender_acl_addresses']['selectable'][] = $row['address']; - } + // Fixed addresses + $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` REGEXP :goto AND `address` NOT LIKE '@%'"); + $stmt->execute(array(':goto' => '(^|,)'.$_data.'($|,)')); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row = array_shift($rows)) { + $data['fixed_sender_aliases'][] = $row['address']; + } + $stmt = $pdo->prepare("SELECT CONCAT(`local_part`, '@', `alias_domain`.`alias_domain`) AS `alias_domain_alias` FROM `mailbox`, `alias_domain` + WHERE `alias_domain`.`target_domain` = `mailbox`.`domain` + AND `mailbox`.`username` = :username"); + $stmt->execute(array(':username' => $_data)); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row = array_shift($rows)) { + if (!empty($row['alias_domain_alias'])) { + $data['fixed_sender_aliases'][] = $row['alias_domain_alias']; } } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + // Return array $data['sender_acl_domains/addresses']['ro'] with read-only objects + // Return array $data['sender_acl_domains/addresses']['rw'] with read-write objects (can be deleted) + $stmt = $pdo->prepare("SELECT REPLACE(`send_as`, '@', '') AS `send_as` FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as AND (`send_as` LIKE '@%' OR `send_as` = '*')"); + $stmt->execute(array(':logged_in_as' => $_data)); + $domain_rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($domain_row = array_shift($domain_rows)) { + if (is_valid_domain_name($domain_row['send_as']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain_row['send_as'])) { + $data['sender_acl_domains']['ro'][] = $domain_row['send_as']; + continue; + } + if (is_valid_domain_name($domain_row['send_as']) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain_row['send_as'])) { + $data['sender_acl_domains']['rw'][] = $domain_row['send_as']; + continue; + } + if ($domain_row['send_as'] == '*' && $_SESSION['mailcow_cc_role'] != 'admin') { + $data['sender_acl_domains']['ro'][] = $domain_row['send_as']; + } + if ($domain_row['send_as'] == '*' && $_SESSION['mailcow_cc_role'] == 'admin') { + $data['sender_acl_domains']['rw'][] = $domain_row['send_as']; + } + } + $stmt = $pdo->prepare("SELECT `send_as` FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as AND (`send_as` NOT LIKE '@%' AND `send_as` != '*')"); + $stmt->execute(array(':logged_in_as' => $_data)); + $address_rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($address_row = array_shift($address_rows)) { + if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) { + $data['sender_acl_addresses']['ro'][] = $address_row['send_as']; + continue; + } + if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) { + $data['sender_acl_addresses']['rw'][] = $address_row['send_as']; + continue; + } + } + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` + WHERE `domain` NOT IN ( + SELECT REPLACE(`send_as`, '@', '') FROM `sender_acl` + WHERE `logged_in_as` = :logged_in_as1 + AND `send_as` LIKE '@%') + UNION + SELECT '*' FROM `domain` + WHERE '*' NOT IN ( + SELECT `send_as` FROM `sender_acl` + WHERE `logged_in_as` = :logged_in_as2 + )"); + $stmt->execute(array( + ':logged_in_as1' => $_data, + ':logged_in_as2' => $_data + )); + $rows_domain = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row_domain = array_shift($rows_domain)) { + if (is_valid_domain_name($row_domain['domain']) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row_domain['domain'])) { + $data['sender_acl_domains']['selectable'][] = $row_domain['domain']; + continue; + } + if ($row_domain['domain'] == '*' && $_SESSION['mailcow_cc_role'] == 'admin') { + $data['sender_acl_domains']['selectable'][] = $row_domain['domain']; + continue; + } + } + $stmt = $pdo->prepare("SELECT `address` FROM `alias` + WHERE `goto` != :goto + AND `address` NOT IN ( + SELECT `send_as` FROM `sender_acl` + WHERE `logged_in_as` = :logged_in_as + AND `send_as` NOT LIKE '@%')"); + $stmt->execute(array( + ':logged_in_as' => $_data, + ':goto' => $_data + )); + $rows_mbox = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row = array_shift($rows_mbox)) { + if (filter_var($row['address'], FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['address'])) { + $data['sender_acl_addresses']['selectable'][] = $row['address']; + } } return $data; break; @@ -2655,44 +2347,24 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } elseif (isset($_data) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { - try { - $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `kind` NOT REGEXP 'location|thing|group' AND `domain` != 'ALL' AND `domain` = :domain"); - $stmt->execute(array( - ':domain' => $_data, - )); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $mailboxes[] = $row['username']; - } - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `kind` NOT REGEXP 'location|thing|group' AND `domain` != 'ALL' AND `domain` = :domain"); + $stmt->execute(array( + ':domain' => $_data, + )); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $mailboxes[] = $row['username']; } } else { - try { - $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `kind` NOT REGEXP 'location|thing|group' AND (`domain` IN (SELECT `domain` FROM `domain_admins` WHERE `active` = '1' AND `username` = :username) OR 'admin' = :role)"); - $stmt->execute(array( - ':username' => $_SESSION['mailcow_cc_username'], - ':role' => $_SESSION['mailcow_cc_role'], - )); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $mailboxes[] = $row['username']; - } - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `kind` NOT REGEXP 'location|thing|group' AND (`domain` IN (SELECT `domain` FROM `domain_admins` WHERE `active` = '1' AND `username` = :username) OR 'admin' = :role)"); + $stmt->execute(array( + ':username' => $_SESSION['mailcow_cc_username'], + ':role' => $_SESSION['mailcow_cc_role'], + )); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $mailboxes[] = $row['username']; } } return $mailboxes; @@ -2707,19 +2379,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { else { $_data = $_SESSION['mailcow_cc_username']; } - try { - $stmt = $pdo->prepare("SELECT `attributes` FROM `mailbox` WHERE `username` = :username"); - $stmt->execute(array(':username' => $_data)); - $attrs = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("SELECT `attributes` FROM `mailbox` WHERE `username` = :username"); + $stmt->execute(array(':username' => $_data)); + $attrs = $stmt->fetch(PDO::FETCH_ASSOC); $attrs = json_decode($attrs['attributes'], true); return array( 'tls_enforce_in' => $attrs['tls_enforce_in'], @@ -2736,20 +2398,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { else { $_data = $_SESSION['mailcow_cc_username']; } - try { - $stmt = $pdo->prepare("SELECT `id` FROM `sieve_filters` WHERE `username` = :username"); - $stmt->execute(array(':username' => $_data)); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $filters[] = $row['id']; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); + $stmt = $pdo->prepare("SELECT `id` FROM `sieve_filters` WHERE `username` = :username"); + $stmt->execute(array(':username' => $_data)); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $filters[] = $row['id']; } return $filters; break; @@ -2758,27 +2411,17 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { if (!is_numeric($_data)) { return false; } - try { - $stmt = $pdo->prepare("SELECT CASE `script_name` WHEN 'active' THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, - CASE `script_name` WHEN 'active' THEN 1 ELSE 0 END AS `active_int`, - id, - username, - filter_type, - script_data, - script_desc - FROM `sieve_filters` - WHERE `id` = :id"); - $stmt->execute(array(':id' => $_data)); - $filter_details = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("SELECT CASE `script_name` WHEN 'active' THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, + CASE `script_name` WHEN 'active' THEN 1 ELSE 0 END AS `active_int`, + id, + username, + filter_type, + script_data, + script_desc + FROM `sieve_filters` + WHERE `id` = :id"); + $stmt->execute(array(':id' => $_data)); + $filter_details = $stmt->fetch(PDO::FETCH_ASSOC); if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $filter_details['username'])) { return false; } @@ -2818,52 +2461,43 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { if (!is_numeric($_data)) { return false; } - try { - if (isset($_extra) && in_array('no_log', $_extra)) { - $field_query = $pdo->query('SHOW FIELDS FROM `imapsync` WHERE FIELD NOT IN ("returned_text", "password1")'); - $fields = $field_query->fetchAll(PDO::FETCH_ASSOC); - while($field = array_shift($fields)) { - $shown_fields[] = $field['Field']; - } - $stmt = $pdo->prepare("SELECT " . implode(',', $shown_fields) . ", - `active` AS `active_int`, - CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` - FROM `imapsync` WHERE id = :id"); + if (isset($_extra) && in_array('no_log', $_extra)) { + $field_query = $pdo->query('SHOW FIELDS FROM `imapsync` WHERE FIELD NOT IN ("returned_text", "password1")'); + $fields = $field_query->fetchAll(PDO::FETCH_ASSOC); + while($field = array_shift($fields)) { + $shown_fields[] = $field['Field']; } - elseif (isset($_extra) && in_array('with_password', $_extra)) { - $stmt = $pdo->prepare("SELECT *, - `active` AS `active_int`, - CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` - FROM `imapsync` WHERE id = :id"); - } - else { - $field_query = $pdo->query('SHOW FIELDS FROM `imapsync` WHERE FIELD NOT IN ("password1")'); - $fields = $field_query->fetchAll(PDO::FETCH_ASSOC); - while($field = array_shift($fields)) { - $shown_fields[] = $field['Field']; - } - $stmt = $pdo->prepare("SELECT " . implode(',', $shown_fields) . ", - `active` AS `active_int`, - CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` - FROM `imapsync` WHERE id = :id"); - } - $stmt->execute(array(':id' => $_data)); - $syncjobdetails = $stmt->fetch(PDO::FETCH_ASSOC); - if (!empty($syncjobdetails['returned_text'])) { - $syncjobdetails['log'] = $syncjobdetails['returned_text']; - } - else { - $syncjobdetails['log'] = ''; - } - unset($syncjobdetails['returned_text']); + $stmt = $pdo->prepare("SELECT " . implode(',', $shown_fields) . ", + `active` AS `active_int`, + CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` + FROM `imapsync` WHERE id = :id"); } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); + elseif (isset($_extra) && in_array('with_password', $_extra)) { + $stmt = $pdo->prepare("SELECT *, + `active` AS `active_int`, + CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` + FROM `imapsync` WHERE id = :id"); } + else { + $field_query = $pdo->query('SHOW FIELDS FROM `imapsync` WHERE FIELD NOT IN ("password1")'); + $fields = $field_query->fetchAll(PDO::FETCH_ASSOC); + while($field = array_shift($fields)) { + $shown_fields[] = $field['Field']; + } + $stmt = $pdo->prepare("SELECT " . implode(',', $shown_fields) . ", + `active` AS `active_int`, + CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` + FROM `imapsync` WHERE id = :id"); + } + $stmt->execute(array(':id' => $_data)); + $syncjobdetails = $stmt->fetch(PDO::FETCH_ASSOC); + if (!empty($syncjobdetails['returned_text'])) { + $syncjobdetails['log'] = $syncjobdetails['returned_text']; + } + else { + $syncjobdetails['log'] = ''; + } + unset($syncjobdetails['returned_text']); if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $syncjobdetails['user2'])) { return false; } @@ -2879,20 +2513,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { else { $_data = $_SESSION['mailcow_cc_username']; } - try { - $stmt = $pdo->prepare("SELECT `id` FROM `imapsync` WHERE `user2` = :username"); - $stmt->execute(array(':username' => $_data)); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $syncjobdata[] = $row['id']; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); + $stmt = $pdo->prepare("SELECT `id` FROM `imapsync` WHERE `user2` = :username"); + $stmt->execute(array(':username' => $_data)); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $syncjobdata[] = $row['id']; } return $syncjobdata; break; @@ -2907,43 +2532,21 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { else { $_data = $_SESSION['mailcow_cc_username']; } - try { - $stmt = $pdo->prepare("SELECT `value` FROM `filterconf` WHERE `object` = :username AND - (`option` = 'lowspamlevel' OR `option` = 'highspamlevel')"); - $stmt->execute(array(':username' => $_data)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("SELECT `value` FROM `filterconf` WHERE `object` = :username AND + (`option` = 'lowspamlevel' OR `option` = 'highspamlevel')"); + $stmt->execute(array(':username' => $_data)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); if (empty($num_results)) { return $default; } else { - try { - $stmt = $pdo->prepare("SELECT `value` FROM `filterconf` WHERE `option` = 'highspamlevel' AND `object` = :username"); - $stmt->execute(array(':username' => $_data)); - $highspamlevel = $stmt->fetch(PDO::FETCH_ASSOC); - - $stmt = $pdo->prepare("SELECT `value` FROM `filterconf` WHERE `option` = 'lowspamlevel' AND `object` = :username"); - $stmt->execute(array(':username' => $_data)); - $lowspamlevel = $stmt->fetch(PDO::FETCH_ASSOC); - - return $lowspamlevel['value'].', '.$highspamlevel['value']; - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("SELECT `value` FROM `filterconf` WHERE `option` = 'highspamlevel' AND `object` = :username"); + $stmt->execute(array(':username' => $_data)); + $highspamlevel = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt = $pdo->prepare("SELECT `value` FROM `filterconf` WHERE `option` = 'lowspamlevel' AND `object` = :username"); + $stmt->execute(array(':username' => $_data)); + $lowspamlevel = $stmt->fetch(PDO::FETCH_ASSOC); + return $lowspamlevel['value'].', '.$highspamlevel['value']; } break; case 'time_limited_aliases': @@ -2956,23 +2559,14 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { else { $_data = $_SESSION['mailcow_cc_username']; } - try { - $stmt = $pdo->prepare("SELECT `address`, - `goto`, - `validity` - FROM `spamalias` - WHERE `goto` = :username - AND `validity` >= :unixnow"); - $stmt->execute(array(':username' => $_data, ':unixnow' => time())); - $tladata = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - } + $stmt = $pdo->prepare("SELECT `address`, + `goto`, + `validity` + FROM `spamalias` + WHERE `goto` = :username + AND `validity` >= :unixnow"); + $stmt->execute(array(':username' => $_data, ':unixnow' => time())); + $tladata = $stmt->fetchAll(PDO::FETCH_ASSOC); return $tladata; break; case 'delimiter_action': @@ -2997,7 +2591,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('redis_error', $e) @@ -3011,44 +2605,24 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } elseif (isset($_data) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { - try { - $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `kind` REGEXP 'location|thing|group' AND `domain` != 'ALL' AND `domain` = :domain"); - $stmt->execute(array( - ':domain' => $_data, - )); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $resources[] = $row['username']; - } - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `kind` REGEXP 'location|thing|group' AND `domain` != 'ALL' AND `domain` = :domain"); + $stmt->execute(array( + ':domain' => $_data, + )); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $resources[] = $row['username']; } } else { - try { - $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `kind` REGEXP 'location|thing|group' AND `domain` IN (SELECT `domain` FROM `domain_admins` WHERE `active` = '1' AND `username` = :username) OR 'admin' = :role"); - $stmt->execute(array( - ':username' => $_SESSION['mailcow_cc_username'], - ':role' => $_SESSION['mailcow_cc_role'], - )); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $resources[] = $row['username']; - } - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `kind` REGEXP 'location|thing|group' AND `domain` IN (SELECT `domain` FROM `domain_admins` WHERE `active` = '1' AND `username` = :username) OR 'admin' = :role"); + $stmt->execute(array( + ':username' => $_SESSION['mailcow_cc_username'], + ':role' => $_SESSION['mailcow_cc_role'], + )); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $resources[] = $row['username']; } } return $resources; @@ -3059,44 +2633,24 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } elseif (isset($_data) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { - try { - $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = :domain"); - $stmt->execute(array( - ':domain' => $_data, - )); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $aliasdomains[] = $row['alias_domain']; - } - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = :domain"); + $stmt->execute(array( + ':domain' => $_data, + )); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $aliasdomains[] = $row['alias_domain']; } } else { - try { - $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` IN (SELECT `domain` FROM `domain_admins` WHERE `active` = '1' AND `username` = :username) OR 'admin' = :role"); - $stmt->execute(array( - ':username' => $_SESSION['mailcow_cc_username'], - ':role' => $_SESSION['mailcow_cc_role'], - )); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $aliasdomains[] = $row['alias_domain']; - } - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` IN (SELECT `domain` FROM `domain_admins` WHERE `active` = '1' AND `username` = :username) OR 'admin' = :role"); + $stmt->execute(array( + ':username' => $_SESSION['mailcow_cc_username'], + ':role' => $_SESSION['mailcow_cc_role'], + )); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $aliasdomains[] = $row['alias_domain']; } } return $aliasdomains; @@ -3106,30 +2660,20 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { return false; } - try { - $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `address` != `goto` AND `domain` = :domain"); - $stmt->execute(array( - ':domain' => $_data, - )); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $aliases[] = $row['address']; - } - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + $stmt = $pdo->prepare("SELECT `id` FROM `alias` WHERE `address` != `goto` AND `domain` = :domain"); + $stmt->execute(array( + ':domain' => $_data, + )); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $aliases[] = $row['id']; } return $aliases; break; case 'ratelimit': if (is_valid_domain_name($_data)) { if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -3139,7 +2683,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } elseif (filter_var($_data, FILTER_VALIDATE_EMAIL)) { if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -3162,7 +2706,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('redis_error', $e) @@ -3173,85 +2717,67 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { break; case 'alias_details': $aliasdata = array(); - try { - $stmt = $pdo->prepare("SELECT - `domain`, - `goto`, - `address`, - `active` as `active_int`, - CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, - `created`, - `modified` - FROM `alias` - WHERE `address` = :address AND `address` != `goto`"); - $stmt->execute(array( - ':address' => $_data, - )); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain"); - $stmt->execute(array( - ':domain' => $row['domain'], - )); - $row_alias_domain = $stmt->fetch(PDO::FETCH_ASSOC); - if (isset($row_alias_domain['target_domain']) && !empty($row_alias_domain['target_domain'])) { - $aliasdata['in_primary_domain'] = $row_alias_domain['target_domain']; - } - else { - $aliasdata['in_primary_domain'] = ""; - } - $aliasdata['domain'] = $row['domain']; - $aliasdata['goto'] = $row['goto']; - $aliasdata['address'] = $row['address']; - (!filter_var($aliasdata['address'], FILTER_VALIDATE_EMAIL)) ? $aliasdata['is_catch_all'] = 1 : $aliasdata['is_catch_all'] = 0; - $aliasdata['active'] = $row['active']; - $aliasdata['active_int'] = $row['active_int']; - $aliasdata['created'] = $row['created']; - $aliasdata['modified'] = $row['modified']; - if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $aliasdata['domain'])) { - return false; - } + $stmt = $pdo->prepare("SELECT + `id`, + `domain`, + `goto`, + `address`, + `active` as `active_int`, + CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, + `created`, + `modified` + FROM `alias` + WHERE `id` = :id AND `address` != `goto`"); + $stmt->execute(array( + ':id' => intval($_data), + )); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain"); + $stmt->execute(array( + ':domain' => $row['domain'], + )); + $row_alias_domain = $stmt->fetch(PDO::FETCH_ASSOC); + if (isset($row_alias_domain['target_domain']) && !empty($row_alias_domain['target_domain'])) { + $aliasdata['in_primary_domain'] = $row_alias_domain['target_domain']; } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); + else { + $aliasdata['in_primary_domain'] = ""; + } + $aliasdata['id'] = $row['id']; + $aliasdata['domain'] = $row['domain']; + $aliasdata['goto'] = $row['goto']; + $aliasdata['address'] = $row['address']; + (!filter_var($aliasdata['address'], FILTER_VALIDATE_EMAIL)) ? $aliasdata['is_catch_all'] = 1 : $aliasdata['is_catch_all'] = 0; + $aliasdata['active'] = $row['active']; + $aliasdata['active_int'] = $row['active_int']; + $aliasdata['created'] = $row['created']; + $aliasdata['modified'] = $row['modified']; + if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $aliasdata['domain'])) { return false; } return $aliasdata; break; case 'alias_domain_details': $aliasdomaindata = array(); - try { - $stmt = $pdo->prepare("SELECT - `alias_domain`, - `target_domain`, - `active` AS `active_int`, - CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, - `created`, - `modified` - FROM `alias_domain` - WHERE `alias_domain` = :aliasdomain"); - $stmt->execute(array( - ':aliasdomain' => $_data, - )); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - $aliasdomaindata['alias_domain'] = $row['alias_domain']; - $aliasdomaindata['target_domain'] = $row['target_domain']; - $aliasdomaindata['active'] = $row['active']; - $aliasdomaindata['active_int'] = $row['active_int']; - $aliasdomaindata['created'] = $row['created']; - $aliasdomaindata['modified'] = $row['modified']; - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("SELECT + `alias_domain`, + `target_domain`, + `active` AS `active_int`, + CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, + `created`, + `modified` + FROM `alias_domain` + WHERE `alias_domain` = :aliasdomain"); + $stmt->execute(array( + ':aliasdomain' => $_data, + )); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + $aliasdomaindata['alias_domain'] = $row['alias_domain']; + $aliasdomaindata['target_domain'] = $row['target_domain']; + $aliasdomaindata['active'] = $row['active']; + $aliasdomaindata['active_int'] = $row['active_int']; + $aliasdomaindata['created'] = $row['created']; + $aliasdomaindata['modified'] = $row['modified']; if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $aliasdomaindata['target_domain'])) { return false; } @@ -3262,30 +2788,20 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") { return false; } - try { - $stmt = $pdo->prepare("SELECT `domain` FROM `domain` - WHERE (`domain` IN ( - SELECT `domain` from `domain_admins` - WHERE (`active`='1' AND `username` = :username)) - ) - OR ('admin'= :role) - AND `domain` != 'ALL'"); - $stmt->execute(array( - ':username' => $_SESSION['mailcow_cc_username'], - ':role' => $_SESSION['mailcow_cc_role'], - )); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $domains[] = $row['domain']; - } - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` + WHERE (`domain` IN ( + SELECT `domain` from `domain_admins` + WHERE (`active`='1' AND `username` = :username)) + ) + OR ('admin'= :role) + AND `domain` != 'ALL'"); + $stmt->execute(array( + ':username' => $_SESSION['mailcow_cc_username'], + ':role' => $_SESSION['mailcow_cc_role'], + )); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $domains[] = $row['domain']; } return $domains; break; @@ -3295,85 +2811,75 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { return false; } - try { - $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain"); - $stmt->execute(array( - ':domain' => $_data - )); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - if (!empty($row)) { - $_data = $row['target_domain']; - } - $stmt = $pdo->prepare("SELECT - `domain`, - `description`, - `aliases`, - `mailboxes`, - `maxquota`, - `quota`, - `relayhost`, - `relay_all_recipients` as `relay_all_recipients_int`, - `backupmx` as `backupmx_int`, - `active` as `active_int`, - CASE `relay_all_recipients` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `relay_all_recipients`, - CASE `backupmx` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `backupmx`, - CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` - FROM `domain` WHERE `domain`= :domain"); - $stmt->execute(array( - ':domain' => $_data - )); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - if (empty($row)) { - return false; - } - $stmt = $pdo->prepare("SELECT COUNT(*) AS `count`, - COALESCE(SUM(`quota`), 0) AS `in_use` - FROM `mailbox` - WHERE `kind` NOT REGEXP 'location|thing|group' - AND `domain` = :domain"); - $stmt->execute(array(':domain' => $row['domain'])); - $MailboxDataDomain = $stmt->fetch(PDO::FETCH_ASSOC); - $domaindata['max_new_mailbox_quota'] = ($row['quota'] * 1048576) - $MailboxDataDomain['in_use']; - if ($domaindata['max_new_mailbox_quota'] > ($row['maxquota'] * 1048576)) { - $domaindata['max_new_mailbox_quota'] = ($row['maxquota'] * 1048576); - } - $domaindata['quota_used_in_domain'] = $MailboxDataDomain['in_use']; - $domaindata['mboxes_in_domain'] = $MailboxDataDomain['count']; - $domaindata['mboxes_left'] = $row['mailboxes'] - $MailboxDataDomain['count']; - $domaindata['domain_name'] = $row['domain']; - $domaindata['description'] = $row['description']; - $domaindata['max_num_aliases_for_domain'] = $row['aliases']; - $domaindata['max_num_mboxes_for_domain'] = $row['mailboxes']; - $domaindata['max_quota_for_mbox'] = $row['maxquota'] * 1048576; - $domaindata['max_quota_for_domain'] = $row['quota'] * 1048576; - $domaindata['relayhost'] = $row['relayhost']; - $domaindata['backupmx'] = $row['backupmx']; - $domaindata['backupmx_int'] = $row['backupmx_int']; - $domaindata['active'] = $row['active']; - $domaindata['active_int'] = $row['active_int']; - $domaindata['relay_all_recipients'] = $row['relay_all_recipients']; - $domaindata['relay_all_recipients_int'] = $row['relay_all_recipients_int']; - $stmt = $pdo->prepare("SELECT COUNT(*) AS `alias_count` FROM `alias` - WHERE (`domain`= :domain OR `domain` IN (SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = :domain2)) - AND `address` NOT IN ( - SELECT `username` FROM `mailbox` - )"); - $stmt->execute(array( - ':domain' => $_data, - ':domain2' => $_data - )); - $AliasDataDomain = $stmt->fetch(PDO::FETCH_ASSOC); - (isset($AliasDataDomain['alias_count'])) ? $domaindata['aliases_in_domain'] = $AliasDataDomain['alias_count'] : $domaindata['aliases_in_domain'] = "0"; - $domaindata['aliases_left'] = $row['aliases'] - $AliasDataDomain['alias_count']; + $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain"); + $stmt->execute(array( + ':domain' => $_data + )); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + if (!empty($row)) { + $_data = $row['target_domain']; } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); + $stmt = $pdo->prepare("SELECT + `domain`, + `description`, + `aliases`, + `mailboxes`, + `maxquota`, + `quota`, + `relayhost`, + `relay_all_recipients` as `relay_all_recipients_int`, + `backupmx` as `backupmx_int`, + `active` as `active_int`, + CASE `relay_all_recipients` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `relay_all_recipients`, + CASE `backupmx` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `backupmx`, + CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` + FROM `domain` WHERE `domain`= :domain"); + $stmt->execute(array( + ':domain' => $_data + )); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + if (empty($row)) { return false; } + $stmt = $pdo->prepare("SELECT COUNT(*) AS `count`, + COALESCE(SUM(`quota`), 0) AS `in_use` + FROM `mailbox` + WHERE `kind` NOT REGEXP 'location|thing|group' + AND `domain` = :domain"); + $stmt->execute(array(':domain' => $row['domain'])); + $MailboxDataDomain = $stmt->fetch(PDO::FETCH_ASSOC); + $domaindata['max_new_mailbox_quota'] = ($row['quota'] * 1048576) - $MailboxDataDomain['in_use']; + if ($domaindata['max_new_mailbox_quota'] > ($row['maxquota'] * 1048576)) { + $domaindata['max_new_mailbox_quota'] = ($row['maxquota'] * 1048576); + } + $domaindata['quota_used_in_domain'] = $MailboxDataDomain['in_use']; + $domaindata['mboxes_in_domain'] = $MailboxDataDomain['count']; + $domaindata['mboxes_left'] = $row['mailboxes'] - $MailboxDataDomain['count']; + $domaindata['domain_name'] = $row['domain']; + $domaindata['description'] = $row['description']; + $domaindata['max_num_aliases_for_domain'] = $row['aliases']; + $domaindata['max_num_mboxes_for_domain'] = $row['mailboxes']; + $domaindata['max_quota_for_mbox'] = $row['maxquota'] * 1048576; + $domaindata['max_quota_for_domain'] = $row['quota'] * 1048576; + $domaindata['relayhost'] = $row['relayhost']; + $domaindata['backupmx'] = $row['backupmx']; + $domaindata['backupmx_int'] = $row['backupmx_int']; + $domaindata['active'] = $row['active']; + $domaindata['active_int'] = $row['active_int']; + $domaindata['relay_all_recipients'] = $row['relay_all_recipients']; + $domaindata['relay_all_recipients_int'] = $row['relay_all_recipients_int']; + $stmt = $pdo->prepare("SELECT COUNT(*) AS `alias_count` FROM `alias` + WHERE (`domain`= :domain OR `domain` IN (SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = :domain2)) + AND `address` NOT IN ( + SELECT `username` FROM `mailbox` + )"); + $stmt->execute(array( + ':domain' => $_data, + ':domain2' => $_data + )); + $AliasDataDomain = $stmt->fetch(PDO::FETCH_ASSOC); + (isset($AliasDataDomain['alias_count'])) ? $domaindata['aliases_in_domain'] = $AliasDataDomain['alias_count'] : $domaindata['aliases_in_domain'] = "0"; + $domaindata['aliases_left'] = $row['aliases'] - $AliasDataDomain['alias_count']; return $domaindata; break; case 'mailbox_details': @@ -3381,66 +2887,56 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } $mailboxdata = array(); - try { - $stmt = $pdo->prepare("SELECT - `domain`.`backupmx`, - `mailbox`.`username`, - `mailbox`.`name`, - `mailbox`.`active` AS `active_int`, - CASE `mailbox`.`active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, - `mailbox`.`domain`, - `mailbox`.`quota`, - `quota2`.`bytes`, - `attributes`, - `quota2`.`messages` - FROM `mailbox`, `quota2`, `domain` - WHERE `mailbox`.`kind` NOT REGEXP 'location|thing|group' AND `mailbox`.`username` = `quota2`.`username` AND `domain`.`domain` = `mailbox`.`domain` AND `mailbox`.`username` = :mailbox"); - $stmt->execute(array( - ':mailbox' => $_data, - )); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - $stmt = $pdo->prepare("SELECT `maxquota`, `quota` FROM `domain` WHERE `domain` = :domain"); - $stmt->execute(array(':domain' => $row['domain'])); - $DomainQuota = $stmt->fetch(PDO::FETCH_ASSOC); - $stmt = $pdo->prepare("SELECT COALESCE(SUM(`quota`), 0) as `in_use` FROM `mailbox` WHERE `kind` NOT REGEXP 'location|thing|group' AND `domain` = :domain AND `username` != :username"); - $stmt->execute(array(':domain' => $row['domain'], ':username' => $_data)); - $MailboxUsage = $stmt->fetch(PDO::FETCH_ASSOC); - $stmt = $pdo->prepare("SELECT IFNULL(COUNT(`address`), 0) AS `sa_count` FROM `spamalias` WHERE `goto` = :address AND `validity` >= :unixnow"); - $stmt->execute(array(':address' => $_data, ':unixnow' => time())); - $SpamaliasUsage = $stmt->fetch(PDO::FETCH_ASSOC); - $mailboxdata['max_new_quota'] = ($DomainQuota['quota'] * 1048576) - $MailboxUsage['in_use']; - if ($mailboxdata['max_new_quota'] > ($DomainQuota['maxquota'] * 1048576)) { - $mailboxdata['max_new_quota'] = ($DomainQuota['maxquota'] * 1048576); - } - $mailboxdata['username'] = $row['username']; - $mailboxdata['is_relayed'] = $row['backupmx']; - $mailboxdata['name'] = $row['name']; - $mailboxdata['active'] = $row['active']; - $mailboxdata['active_int'] = $row['active_int']; - $mailboxdata['domain'] = $row['domain']; - $mailboxdata['quota'] = $row['quota']; - $mailboxdata['attributes'] = json_decode($row['attributes'], true); - $mailboxdata['quota_used'] = intval($row['bytes']); - $mailboxdata['percent_in_use'] = round((intval($row['bytes']) / intval($row['quota'])) * 100); - $mailboxdata['messages'] = $row['messages']; - $mailboxdata['spam_aliases'] = $SpamaliasUsage['sa_count']; - if ($mailboxdata['percent_in_use'] >= 90) { - $mailboxdata['percent_class'] = "danger"; - } - elseif ($mailboxdata['percent_in_use'] >= 75) { - $mailboxdata['percent_class'] = "warning"; - } - else { - $mailboxdata['percent_class'] = "success"; - } + $stmt = $pdo->prepare("SELECT + `domain`.`backupmx`, + `mailbox`.`username`, + `mailbox`.`name`, + `mailbox`.`active` AS `active_int`, + CASE `mailbox`.`active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, + `mailbox`.`domain`, + `mailbox`.`quota`, + `quota2`.`bytes`, + `attributes`, + `quota2`.`messages` + FROM `mailbox`, `quota2`, `domain` + WHERE `mailbox`.`kind` NOT REGEXP 'location|thing|group' AND `mailbox`.`username` = `quota2`.`username` AND `domain`.`domain` = `mailbox`.`domain` AND `mailbox`.`username` = :mailbox"); + $stmt->execute(array( + ':mailbox' => $_data, + )); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt = $pdo->prepare("SELECT `maxquota`, `quota` FROM `domain` WHERE `domain` = :domain"); + $stmt->execute(array(':domain' => $row['domain'])); + $DomainQuota = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt = $pdo->prepare("SELECT COALESCE(SUM(`quota`), 0) as `in_use` FROM `mailbox` WHERE `kind` NOT REGEXP 'location|thing|group' AND `domain` = :domain AND `username` != :username"); + $stmt->execute(array(':domain' => $row['domain'], ':username' => $_data)); + $MailboxUsage = $stmt->fetch(PDO::FETCH_ASSOC); + $stmt = $pdo->prepare("SELECT IFNULL(COUNT(`address`), 0) AS `sa_count` FROM `spamalias` WHERE `goto` = :address AND `validity` >= :unixnow"); + $stmt->execute(array(':address' => $_data, ':unixnow' => time())); + $SpamaliasUsage = $stmt->fetch(PDO::FETCH_ASSOC); + $mailboxdata['max_new_quota'] = ($DomainQuota['quota'] * 1048576) - $MailboxUsage['in_use']; + if ($mailboxdata['max_new_quota'] > ($DomainQuota['maxquota'] * 1048576)) { + $mailboxdata['max_new_quota'] = ($DomainQuota['maxquota'] * 1048576); } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + $mailboxdata['username'] = $row['username']; + $mailboxdata['is_relayed'] = $row['backupmx']; + $mailboxdata['name'] = $row['name']; + $mailboxdata['active'] = $row['active']; + $mailboxdata['active_int'] = $row['active_int']; + $mailboxdata['domain'] = $row['domain']; + $mailboxdata['quota'] = $row['quota']; + $mailboxdata['attributes'] = json_decode($row['attributes'], true); + $mailboxdata['quota_used'] = intval($row['bytes']); + $mailboxdata['percent_in_use'] = round((intval($row['bytes']) / intval($row['quota'])) * 100); + $mailboxdata['messages'] = $row['messages']; + $mailboxdata['spam_aliases'] = $SpamaliasUsage['sa_count']; + if ($mailboxdata['percent_in_use'] >= 90) { + $mailboxdata['percent_class'] = "danger"; + } + elseif ($mailboxdata['percent_in_use'] >= 75) { + $mailboxdata['percent_class'] = "warning"; + } + else { + $mailboxdata['percent_class'] = "success"; } return $mailboxdata; break; @@ -3449,38 +2945,28 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { return false; } - try { - $stmt = $pdo->prepare("SELECT - `username`, - `name`, - `kind`, - `multiple_bookings`, - `local_part`, - `active` AS `active_int`, - CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, - `domain` - FROM `mailbox` WHERE `kind` REGEXP 'location|thing|group' AND `username` = :resource"); - $stmt->execute(array( - ':resource' => $_data, - )); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - $resourcedata['name'] = $row['username']; - $resourcedata['kind'] = $row['kind']; - $resourcedata['multiple_bookings'] = $row['multiple_bookings']; - $resourcedata['description'] = $row['name']; - $resourcedata['active'] = $row['active']; - $resourcedata['active_int'] = $row['active_int']; - $resourcedata['domain'] = $row['domain']; - $resourcedata['local_part'] = $row['local_part']; - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("SELECT + `username`, + `name`, + `kind`, + `multiple_bookings`, + `local_part`, + `active` AS `active_int`, + CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, + `domain` + FROM `mailbox` WHERE `kind` REGEXP 'location|thing|group' AND `username` = :resource"); + $stmt->execute(array( + ':resource' => $_data, + )); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + $resourcedata['name'] = $row['username']; + $resourcedata['kind'] = $row['kind']; + $resourcedata['multiple_bookings'] = $row['multiple_bookings']; + $resourcedata['description'] = $row['name']; + $resourcedata['active'] = $row['active']; + $resourcedata['active_int'] = $row['active_int']; + $resourcedata['domain'] = $row['domain']; + $resourcedata['local_part'] = $row['local_part']; if (!isset($resourcedata['domain']) || (isset($resourcedata['domain']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $resourcedata['domain']))) { return false; @@ -3500,7 +2986,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $ids = $_data['id']; } if (!isset($_SESSION['acl']['syncjobs']) || $_SESSION['acl']['syncjobs'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -3511,35 +2997,25 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { if (!is_numeric($id)) { return false; } - try { - $stmt = $pdo->prepare("SELECT `user2` FROM `imapsync` WHERE id = :id"); - $stmt->execute(array(':id' => $id)); - $user2 = $stmt->fetch(PDO::FETCH_ASSOC)['user2']; - if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $user2)) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'access_denied' - ); - return false; - } - $stmt = $pdo->prepare("DELETE FROM `imapsync` WHERE `id`= :id"); - $stmt->execute(array(':id' => $id)); - } - catch (PDOException $e) { - $_SESSION['return'] = array( + $stmt = $pdo->prepare("SELECT `user2` FROM `imapsync` WHERE id = :id"); + $stmt->execute(array(':id' => $id)); + $user2 = $stmt->fetch(PDO::FETCH_ASSOC)['user2']; + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $user2)) { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) + 'msg' => 'access_denied' ); - return false; + continue; } + $stmt = $pdo->prepare("DELETE FROM `imapsync` WHERE `id`= :id"); + $stmt->execute(array(':id' => $id)); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('deleted_syncjob', $id) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('deleted_syncjobs', implode(', ', $ids)) - ); break; case 'filter': if (!is_array($_data['id'])) { @@ -3550,7 +3026,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $ids = $_data['id']; } if (!isset($_SESSION['acl']['filters']) || $_SESSION['acl']['filters'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -3559,37 +3035,27 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } foreach ($ids as $id) { if (!is_numeric($id)) { - return false; + continue; } - try { - $stmt = $pdo->prepare("SELECT `username` FROM `sieve_filters` WHERE id = :id"); - $stmt->execute(array(':id' => $id)); - $usr = $stmt->fetch(PDO::FETCH_ASSOC)['username']; - if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $usr)) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => 'access_denied' - ); - return false; - } - $stmt = $pdo->prepare("DELETE FROM `sieve_filters` WHERE `id`= :id"); - $stmt->execute(array(':id' => $id)); - } - catch (PDOException $e) { - $_SESSION['return'] = array( + $stmt = $pdo->prepare("SELECT `username` FROM `sieve_filters` WHERE id = :id"); + $stmt->execute(array(':id' => $id)); + $usr = $stmt->fetch(PDO::FETCH_ASSOC)['username']; + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $usr)) { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) + 'msg' => 'access_denied' ); - return false; + continue; } + $stmt = $pdo->prepare("DELETE FROM `sieve_filters` WHERE `id`= :id"); + $stmt->execute(array(':id' => $id)); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('delete_filter', $id) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('delete_filters', implode(', ', $ids)) - ); break; case 'time_limited_alias': if (!is_array($_data['address'])) { @@ -3600,7 +3066,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $addresses = $_data['address']; } if (!isset($_SESSION['acl']['spam_alias']) || $_SESSION['acl']['spam_alias'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -3608,48 +3074,28 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } foreach ($addresses as $address) { - try { - $stmt = $pdo->prepare("SELECT `goto` FROM `spamalias` WHERE `address` = :address"); - $stmt->execute(array(':address' => $address)); - $goto = $stmt->fetch(PDO::FETCH_ASSOC)['goto']; - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("SELECT `goto` FROM `spamalias` WHERE `address` = :address"); + $stmt->execute(array(':address' => $address)); + $goto = $stmt->fetch(PDO::FETCH_ASSOC)['goto']; if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $goto)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } - try { - $stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `goto` = :username AND `address` = :item"); - $stmt->execute(array( - ':username' => $goto, - ':item' => $address - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `goto` = :username AND `address` = :item"); + $stmt->execute(array( + ':username' => $goto, + ':item' => $address + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('mailbox_modified', htmlspecialchars($goto)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mailbox_modified', htmlspecialchars($usernames)) - ); break; case 'eas_cache': if (!is_array($_data['username'])) { @@ -3660,7 +3106,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $usernames = $_data['username']; } if (!isset($_SESSION['acl']['eas_reset']) || $_SESSION['acl']['eas_reset'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -3669,33 +3115,23 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } foreach ($usernames as $username) { if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; - } - try { - $stmt = $pdo->prepare("DELETE FROM `sogo_cache_folder` WHERE `c_uid` = :username"); - $stmt->execute(array( - ':username' => $username - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("DELETE FROM `sogo_cache_folder` WHERE `c_uid` = :username"); + $stmt->execute(array( + ':username' => $username + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('eas_reset', htmlspecialchars($username)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('eas_reset', htmlspecialchars(implode(', ', $usernames))) - ); break; case 'domain': if (!is_array($_data['domain'])) { @@ -3706,7 +3142,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $domains = $_data['domain']; } if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' @@ -3715,157 +3151,112 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } foreach ($domains as $domain) { if (!is_valid_domain_name($domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'domain_invalid' ); - return false; + continue; } $domain = idn_to_ascii(strtolower(trim($domain))); - try { - $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` - WHERE `domain` = :domain"); - $stmt->execute(array(':domain' => $domain)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` + WHERE `domain` = :domain"); + $stmt->execute(array(':domain' => $domain)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); if ($num_results != 0 || !empty($num_results)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'domain_not_empty' ); - return false; - } - try { - $stmt = $pdo->prepare("DELETE FROM `domain` WHERE `domain` = :domain"); - $stmt->execute(array( - ':domain' => $domain, - )); - $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `domain` = :domain"); - $stmt->execute(array( - ':domain' => $domain, - )); - $stmt = $pdo->prepare("DELETE FROM `alias` WHERE `domain` = :domain"); - $stmt->execute(array( - ':domain' => $domain, - )); - $stmt = $pdo->prepare("DELETE FROM `alias_domain` WHERE `target_domain` = :domain"); - $stmt->execute(array( - ':domain' => $domain, - )); - $stmt = $pdo->prepare("DELETE FROM `mailbox` WHERE `domain` = :domain"); - $stmt->execute(array( - ':domain' => $domain, - )); - $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` LIKE :domain"); - $stmt->execute(array( - ':domain' => '%@'.$domain, - )); - $stmt = $pdo->prepare("DELETE FROM `quota2` WHERE `username` = :domain"); - $stmt->execute(array( - ':domain' => '%@'.$domain, - )); - $stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `address` = :domain"); - $stmt->execute(array( - ':domain' => '%@'.$domain, - )); - $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :domain"); - $stmt->execute(array( - ':domain' => '%@'.$domain, - )); - $stmt = $pdo->prepare("DELETE FROM `bcc_maps` WHERE `local_dest` = :domain"); - $stmt->execute(array( - ':domain' => $domain, - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("DELETE FROM `domain` WHERE `domain` = :domain"); + $stmt->execute(array( + ':domain' => $domain, + )); + $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `domain` = :domain"); + $stmt->execute(array( + ':domain' => $domain, + )); + $stmt = $pdo->prepare("DELETE FROM `alias` WHERE `domain` = :domain"); + $stmt->execute(array( + ':domain' => $domain, + )); + $stmt = $pdo->prepare("DELETE FROM `alias_domain` WHERE `target_domain` = :domain"); + $stmt->execute(array( + ':domain' => $domain, + )); + $stmt = $pdo->prepare("DELETE FROM `mailbox` WHERE `domain` = :domain"); + $stmt->execute(array( + ':domain' => $domain, + )); + $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` LIKE :domain"); + $stmt->execute(array( + ':domain' => '%@'.$domain, + )); + $stmt = $pdo->prepare("DELETE FROM `quota2` WHERE `username` = :domain"); + $stmt->execute(array( + ':domain' => '%@'.$domain, + )); + $stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `address` = :domain"); + $stmt->execute(array( + ':domain' => '%@'.$domain, + )); + $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :domain"); + $stmt->execute(array( + ':domain' => '%@'.$domain, + )); + $stmt = $pdo->prepare("DELETE FROM `bcc_maps` WHERE `local_dest` = :domain"); + $stmt->execute(array( + ':domain' => $domain, + )); try { $redis->hDel('DOMAIN_MAP', $domain); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('redis_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('domain_removed', htmlspecialchars($domain)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('domain_removed', htmlspecialchars(implode(', ', $domains))) - ); break; case 'alias': - if (!is_array($_data['address'])) { - $addresses = array(); - $addresses[] = $_data['address']; + if (!is_array($_data['id'])) { + $ids = array(); + $ids[] = $_data['id']; } else { - $addresses = $_data['address']; + $ids = $_data['id']; } - foreach ($addresses as $address) { - $local_part = strstr($address, '@', true); - $domain = mailbox('get', 'alias_details', $address)['domain']; - try { - $stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :address"); - $stmt->execute(array(':address' => $address)); - $gotos = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } - $goto_array = explode(',', $gotos['goto']); - if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { - $_SESSION['return'] = array( + foreach ($ids as $id) { + $alias_data = mailbox('get', 'alias_details', $id); + if (empty($alias_data)) { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; - } - try { - $stmt = $pdo->prepare("DELETE FROM `alias` WHERE `address` = :address AND `address` NOT IN (SELECT `username` FROM `mailbox`)"); - $stmt->execute(array( - ':address' => $address - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("DELETE FROM `alias` WHERE `id` = :id"); + $stmt->execute(array( + ':id' => $id + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('alias_removed', htmlspecialchars($alias_data['address'])) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('alias_removed', htmlspecialchars(implode(', ', $addresses))) - ); break; case 'alias_domain': if (!is_array($_data['alias_domain'])) { @@ -3877,74 +3268,54 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } foreach ($alias_domains as $alias_domain) { if (!is_valid_domain_name($alias_domain)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'domain_invalid' ); - return false; - } - try { - $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` - WHERE `alias_domain`= :alias_domain"); - $stmt->execute(array(':alias_domain' => $alias_domain)); - $DomainData = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` + WHERE `alias_domain`= :alias_domain"); + $stmt->execute(array(':alias_domain' => $alias_domain)); + $DomainData = $stmt->fetch(PDO::FETCH_ASSOC); if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $DomainData['target_domain'])) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; - } - try { - $stmt = $pdo->prepare("DELETE FROM `alias_domain` WHERE `alias_domain` = :alias_domain"); - $stmt->execute(array( - ':alias_domain' => $alias_domain, - )); - $stmt = $pdo->prepare("DELETE FROM `alias` WHERE `domain` = :alias_domain"); - $stmt->execute(array( - ':alias_domain' => $alias_domain, - )); - $stmt = $pdo->prepare("DELETE FROM `bcc_maps` WHERE `local_dest` = :alias_domain"); - $stmt->execute(array( - ':alias_domain' => $alias_domain, - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("DELETE FROM `alias_domain` WHERE `alias_domain` = :alias_domain"); + $stmt->execute(array( + ':alias_domain' => $alias_domain, + )); + $stmt = $pdo->prepare("DELETE FROM `alias` WHERE `domain` = :alias_domain"); + $stmt->execute(array( + ':alias_domain' => $alias_domain, + )); + $stmt = $pdo->prepare("DELETE FROM `bcc_maps` WHERE `local_dest` = :alias_domain"); + $stmt->execute(array( + ':alias_domain' => $alias_domain, + )); try { $redis->hDel('DOMAIN_MAP', $alias_domain); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => array('redis_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('alias_domain_removed', htmlspecialchars($alias_domain)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('alias_domain_removed', htmlspecialchars(implode(', ', $alias_domains))) - ); break; case 'mailbox': if (!is_array($_data['username'])) { @@ -3956,115 +3327,105 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } foreach ($usernames as $username) { if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } - try { - $stmt = $pdo->prepare("DELETE FROM `alias` WHERE `goto` = :username"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `quota2` WHERE `username` = :username"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `mailbox` WHERE `username` = :username"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `goto` = :username"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `imapsync` WHERE `user2` = :username"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_user_profile` WHERE `c_uid` = :username"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_cache_folder` WHERE `c_uid` = :username"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_acl` WHERE `c_object` LIKE '%/" . $username . "/%' OR `c_uid` = :username"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_store` WHERE `c_folder_id` IN (SELECT `c_folder_id` FROM `sogo_folder_info` WHERE `c_path2` = :username)"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_quick_contact` WHERE `c_folder_id` IN (SELECT `c_folder_id` FROM `sogo_folder_info` WHERE `c_path2` = :username)"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_quick_appointment` WHERE `c_folder_id` IN (SELECT `c_folder_id` FROM `sogo_folder_info` WHERE `c_path2` = :username)"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_folder_info` WHERE `c_path2` = :username"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("DELETE FROM `bcc_maps` WHERE `local_dest` = :username"); - $stmt->execute(array( - ':username' => $username - )); - $stmt = $pdo->prepare("SELECT `address`, `goto` FROM `alias` - WHERE `goto` REGEXP :username"); - $stmt->execute(array(':username' => '(^|,)'.$username.'($|,)')); - $GotoData = $stmt->fetchAll(PDO::FETCH_ASSOC); - foreach ($GotoData as $gotos) { - $goto_exploded = explode(',', $gotos['goto']); - if (($key = array_search($username, $goto_exploded)) !== false) { - unset($goto_exploded[$key]); - } - $gotos_rebuild = implode(',', $goto_exploded); - $stmt = $pdo->prepare("UPDATE `alias` SET - `goto` = :goto - WHERE `address` = :address"); - $stmt->execute(array( - ':goto' => $gotos_rebuild, - ':address' => $gotos['address'] - )); + $stmt = $pdo->prepare("DELETE FROM `alias` WHERE `goto` = :username"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `quota2` WHERE `username` = :username"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `mailbox` WHERE `username` = :username"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `goto` = :username"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `imapsync` WHERE `user2` = :username"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_user_profile` WHERE `c_uid` = :username"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_cache_folder` WHERE `c_uid` = :username"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_acl` WHERE `c_object` LIKE '%/" . $username . "/%' OR `c_uid` = :username"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_store` WHERE `c_folder_id` IN (SELECT `c_folder_id` FROM `sogo_folder_info` WHERE `c_path2` = :username)"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_quick_contact` WHERE `c_folder_id` IN (SELECT `c_folder_id` FROM `sogo_folder_info` WHERE `c_path2` = :username)"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_quick_appointment` WHERE `c_folder_id` IN (SELECT `c_folder_id` FROM `sogo_folder_info` WHERE `c_path2` = :username)"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_folder_info` WHERE `c_path2` = :username"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("DELETE FROM `bcc_maps` WHERE `local_dest` = :username"); + $stmt->execute(array( + ':username' => $username + )); + $stmt = $pdo->prepare("SELECT `address`, `goto` FROM `alias` + WHERE `goto` REGEXP :username"); + $stmt->execute(array(':username' => '(^|,)'.$username.'($|,)')); + $GotoData = $stmt->fetchAll(PDO::FETCH_ASSOC); + foreach ($GotoData as $gotos) { + $goto_exploded = explode(',', $gotos['goto']); + if (($key = array_search($username, $goto_exploded)) !== false) { + unset($goto_exploded[$key]); } + $gotos_rebuild = implode(',', $goto_exploded); + $stmt = $pdo->prepare("UPDATE `alias` SET + `goto` = :goto + WHERE `address` = :address"); + $stmt->execute(array( + ':goto' => $gotos_rebuild, + ':address' => $gotos['address'] + )); } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('mailbox_removed', htmlspecialchars($username)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mailbox_removed', htmlspecialchars(implode(', ', $usernames))) - ); break; case 'resource': if (!is_array($_data['name'])) { @@ -4076,69 +3437,59 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } foreach ($names as $name) { if (!filter_var($name, FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; + continue; } if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $name)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'msg' => 'access_denied' ); - return false; - } - try { - $stmt = $pdo->prepare("DELETE FROM `mailbox` WHERE `username` = :username"); - $stmt->execute(array( - ':username' => $name - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_user_profile` WHERE `c_uid` = :username"); - $stmt->execute(array( - ':username' => $name - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_cache_folder` WHERE `c_uid` = :username"); - $stmt->execute(array( - ':username' => $name - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_acl` WHERE `c_object` LIKE '%/" . $name . "/%' OR `c_uid` = :username"); - $stmt->execute(array( - ':username' => $name - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_store` WHERE `c_folder_id` IN (SELECT `c_folder_id` FROM `sogo_folder_info` WHERE `c_path2` = :username)"); - $stmt->execute(array( - ':username' => $name - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_quick_contact` WHERE `c_folder_id` IN (SELECT `c_folder_id` FROM `sogo_folder_info` WHERE `c_path2` = :username)"); - $stmt->execute(array( - ':username' => $name - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_quick_appointment` WHERE `c_folder_id` IN (SELECT `c_folder_id` FROM `sogo_folder_info` WHERE `c_path2` = :username)"); - $stmt->execute(array( - ':username' => $name - )); - $stmt = $pdo->prepare("DELETE FROM `sogo_folder_info` WHERE `c_path2` = :username"); - $stmt->execute(array( - ':username' => $name - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('mysql_error', $e) - ); - return false; + continue; } + $stmt = $pdo->prepare("DELETE FROM `mailbox` WHERE `username` = :username"); + $stmt->execute(array( + ':username' => $name + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_user_profile` WHERE `c_uid` = :username"); + $stmt->execute(array( + ':username' => $name + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_cache_folder` WHERE `c_uid` = :username"); + $stmt->execute(array( + ':username' => $name + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_acl` WHERE `c_object` LIKE '%/" . $name . "/%' OR `c_uid` = :username"); + $stmt->execute(array( + ':username' => $name + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_store` WHERE `c_folder_id` IN (SELECT `c_folder_id` FROM `sogo_folder_info` WHERE `c_path2` = :username)"); + $stmt->execute(array( + ':username' => $name + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_quick_contact` WHERE `c_folder_id` IN (SELECT `c_folder_id` FROM `sogo_folder_info` WHERE `c_path2` = :username)"); + $stmt->execute(array( + ':username' => $name + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_quick_appointment` WHERE `c_folder_id` IN (SELECT `c_folder_id` FROM `sogo_folder_info` WHERE `c_path2` = :username)"); + $stmt->execute(array( + ':username' => $name + )); + $stmt = $pdo->prepare("DELETE FROM `sogo_folder_info` WHERE `c_path2` = :username"); + $stmt->execute(array( + ':username' => $name + )); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), + 'msg' => array('resource_removed', htmlspecialchars($name)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), - 'msg' => array('resource_removed', htmlspecialchars(implode(', ', $names))) - ); break; } break; @@ -4146,4 +3497,4 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox'))) { update_sogo_static_view(); } -} +} \ No newline at end of file diff --git a/data/web/inc/functions.policy.inc.php b/data/web/inc/functions.policy.inc.php index 6bc2f780..c8526169 100644 --- a/data/web/inc/functions.policy.inc.php +++ b/data/web/inc/functions.policy.inc.php @@ -11,7 +11,7 @@ function policy($_action, $_scope, $_data = null) { $object = $_data['domain']; if (is_valid_domain_name($object)) { if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'access_denied' @@ -21,7 +21,7 @@ function policy($_action, $_scope, $_data = null) { $object = idn_to_ascii(strtolower(trim($object))); } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'access_denied' @@ -36,7 +36,7 @@ function policy($_action, $_scope, $_data = null) { } $object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($_data['object_from']))), '.')); if (!ctype_alnum(str_replace(array('@', '_', '.', '-', '*'), '', $object_from))) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'policy_list_from_invalid' @@ -44,55 +44,37 @@ function policy($_action, $_scope, $_data = null) { return false; } if ($object_list != "blacklist_from" && $object_list != "whitelist_from") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'access_denied' ); return false; } - try { - $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` - WHERE (`option` = 'whitelist_from' OR `option` = 'blacklist_from') - AND `object` = :object - AND `value` = :object_from"); - $stmt->execute(array(':object' => $object, ':object_from' => $object_from)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), - 'msg' => 'policy_list_from_exists' - ); - return false; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( + $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` + WHERE (`option` = 'whitelist_from' OR `option` = 'blacklist_from') + AND `object` = :object + AND `value` = :object_from"); + $stmt->execute(array(':object' => $object, ':object_from' => $object_from)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), - 'msg' => array('mysql_error', $e) + 'msg' => 'policy_list_from_exists' ); return false; } - try { - $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`) - VALUES (:object, :object_list, :object_from)"); - $stmt->execute(array( - ':object' => $object, - ':object_list' => $object_list, - ':object_from' => $object_from - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), - 'msg' => array('mysql_error', $e) - ); - return false; - } - $_SESSION['return'] = array( + + $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`) + VALUES (:object, :object_list, :object_from)"); + $stmt->execute(array( + ':object' => $object, + ':object_list' => $object_list, + ':object_from' => $object_from + )); + + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => array('domain_modified', $object) @@ -101,7 +83,7 @@ function policy($_action, $_scope, $_data = null) { case 'mailbox': $object = $_data['username']; if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'access_denied' @@ -109,7 +91,7 @@ function policy($_action, $_scope, $_data = null) { return false; } if (!isset($_SESSION['acl']['spam_policy']) || $_SESSION['acl']['spam_policy'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'access_denied' @@ -124,7 +106,7 @@ function policy($_action, $_scope, $_data = null) { } $object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($_data['object_from']))), '.')); if (!ctype_alnum(str_replace(array('@', '_', '.', '-', '*'), '', $object_from))) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'policy_list_from_invalid' @@ -132,55 +114,35 @@ function policy($_action, $_scope, $_data = null) { return false; } if ($object_list != "blacklist_from" && $object_list != "whitelist_from") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'access_denied' ); return false; } - try { - $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` - WHERE (`option` = 'whitelist_from' OR `option` = 'blacklist_from') - AND `object` = :object - AND `value` = :object_from"); - $stmt->execute(array(':object' => $object, ':object_from' => $object_from)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), - 'msg' => 'policy_list_from_exists' - ); - return false; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( + $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` + WHERE (`option` = 'whitelist_from' OR `option` = 'blacklist_from') + AND `object` = :object + AND `value` = :object_from"); + $stmt->execute(array(':object' => $object, ':object_from' => $object_from)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), - 'msg' => array('mysql_error', $e) + 'msg' => 'policy_list_from_exists' ); return false; } - try { - $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`) - VALUES (:object, :object_list, :object_from)"); - $stmt->execute(array( - ':object' => $object, - ':object_list' => $object_list, - ':object_from' => $object_from - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), - 'msg' => array('mysql_error', $e) - ); - return false; - } - $_SESSION['return'] = array( + $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`) + VALUES (:object, :object_list, :object_from)"); + $stmt->execute(array( + ':object' => $object, + ':object_list' => $object_list, + ':object_from' => $object_from + )); + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => array('mailbox_modified', $object) @@ -194,43 +156,34 @@ function policy($_action, $_scope, $_data = null) { (array)$prefids = $_data['prefid']; foreach ($prefids as $prefid) { if (!is_numeric($prefid)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'access_denied' ); - return false; - } - try { - $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` WHERE `prefid` = :prefid"); - $stmt->execute(array(':prefid' => $prefid)); - $object = $stmt->fetch(PDO::FETCH_ASSOC)['object']; - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), - 'msg' => array('mysql_error', $e) - ); + continue; } + $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` WHERE `prefid` = :prefid"); + $stmt->execute(array(':prefid' => $prefid)); + $object = $stmt->fetch(PDO::FETCH_ASSOC)['object']; if (is_valid_domain_name($object)) { if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'access_denied' ); - return false; + continue; } $object = idn_to_ascii(strtolower(trim($object))); } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'access_denied' ); - return false; + continue; } try { $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid"); @@ -240,19 +193,19 @@ function policy($_action, $_scope, $_data = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => array('mysql_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), + 'msg' => array('item_deleted',$prefid) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), - 'msg' => array('items_deleted', implode(', ', $prefids)) - ); break; case 'mailbox': if (!is_array($_data['prefid'])) { @@ -263,7 +216,7 @@ function policy($_action, $_scope, $_data = null) { $prefids = $_data['prefid']; } if (!isset($_SESSION['acl']['spam_policy']) || $_SESSION['acl']['spam_policy'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'access_denied' @@ -272,32 +225,23 @@ function policy($_action, $_scope, $_data = null) { } foreach ($prefids as $prefid) { if (!is_numeric($prefid)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'access_denied' ); - return false; - } - try { - $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` WHERE `prefid` = :prefid"); - $stmt->execute(array(':prefid' => $prefid)); - $object = $stmt->fetch(PDO::FETCH_ASSOC)['object']; - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), - 'msg' => array('mysql_error', $e) - ); + continue; } + $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` WHERE `prefid` = :prefid"); + $stmt->execute(array(':prefid' => $prefid)); + $object = $stmt->fetch(PDO::FETCH_ASSOC)['object']; if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => 'access_denied' ); - return false; + continue; } try { $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid"); @@ -307,19 +251,19 @@ function policy($_action, $_scope, $_data = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), 'msg' => array('mysql_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), + 'msg' => array('items_deleted', implode(', ', $prefids)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), - 'msg' => array('items_deleted', implode(', ', $prefids)) - ); break; } break; @@ -335,23 +279,16 @@ function policy($_action, $_scope, $_data = null) { } $_data = idn_to_ascii(strtolower(trim($_data))); } - try { - // WHITELIST - $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND (`object` LIKE :object_mail OR `object` = :object_domain)"); - $stmt->execute(array(':object_mail' => '%@' . $_data, ':object_domain' => $_data)); - $rows['whitelist'] = $stmt->fetchAll(PDO::FETCH_ASSOC); - // BLACKLIST - $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND (`object` LIKE :object_mail OR `object` = :object_domain)"); - $stmt->execute(array(':object_mail' => '%@' . $_data, ':object_domain' => $_data)); - $rows['blacklist'] = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), - 'msg' => array('mysql_error', $e) - ); - } + + // WHITELIST + $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND (`object` LIKE :object_mail OR `object` = :object_domain)"); + $stmt->execute(array(':object_mail' => '%@' . $_data, ':object_domain' => $_data)); + $rows['whitelist'] = $stmt->fetchAll(PDO::FETCH_ASSOC); + // BLACKLIST + $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND (`object` LIKE :object_mail OR `object` = :object_domain)"); + $stmt->execute(array(':object_mail' => '%@' . $_data, ':object_domain' => $_data)); + $rows['blacklist'] = $stmt->fetchAll(PDO::FETCH_ASSOC); + return $rows; break; case 'mailbox': @@ -367,23 +304,14 @@ function policy($_action, $_scope, $_data = null) { if (empty($domain)) { return false; } - try { - // WHITELIST - $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND (`object` = :username OR `object` = :domain)"); - $stmt->execute(array(':username' => $_data, ':domain' => $domain)); - $rows['whitelist'] = $stmt->fetchAll(PDO::FETCH_ASSOC); - // BLACKLIST - $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND (`object` = :username OR `object` = :domain)"); - $stmt->execute(array(':username' => $_data, ':domain' => $domain)); - $rows['blacklist'] = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), - 'msg' => array('mysql_error', $e) - ); - } + // WHITELIST + $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND (`object` = :username OR `object` = :domain)"); + $stmt->execute(array(':username' => $_data, ':domain' => $domain)); + $rows['whitelist'] = $stmt->fetchAll(PDO::FETCH_ASSOC); + // BLACKLIST + $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND (`object` = :username OR `object` = :domain)"); + $stmt->execute(array(':username' => $_data, ':domain' => $domain)); + $rows['blacklist'] = $stmt->fetchAll(PDO::FETCH_ASSOC); return $rows; break; } diff --git a/data/web/inc/functions.quarantine.inc.php b/data/web/inc/functions.quarantine.inc.php index 865a0f08..c92a2cdd 100644 --- a/data/web/inc/functions.quarantine.inc.php +++ b/data/web/inc/functions.quarantine.inc.php @@ -14,7 +14,7 @@ function quarantine($_action, $_data = null) { $ids = $_data['id']; } if (!isset($_SESSION['acl']['quarantine']) || $_SESSION['acl']['quarantine'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -23,59 +23,40 @@ function quarantine($_action, $_data = null) { } foreach ($ids as $id) { if (!is_numeric($id)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' ); - return false; + continue; } - try { - $stmt = $pdo->prepare('SELECT `rcpt` FROM `quarantine` WHERE `id` = :id'); - $stmt->execute(array(':id' => $id)); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) { - try { - $stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE `id` = :id"); - $stmt->execute(array( - ':id' => $id - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); - return false; - } - } - else { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'access_denied' - ); - return false; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( + $stmt = $pdo->prepare('SELECT `rcpt` FROM `quarantine` WHERE `id` = :id'); + $stmt->execute(array(':id' => $id)); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt']) && $_SESSION['mailcow_cc_role'] != 'admin') { + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) + 'msg' => 'access_denied' ); + continue; } + else { + $stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE `id` = :id"); + $stmt->execute(array( + ':id' => $id + )); + } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => array('item_deleted', $id) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('items_deleted', implode(', ', $ids)) - ); break; case 'edit': if (!isset($_SESSION['acl']['quarantine']) || $_SESSION['acl']['quarantine'] != "1" ) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -85,7 +66,7 @@ function quarantine($_action, $_data = null) { // Edit settings if ($_data['action'] == 'settings') { if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -101,14 +82,14 @@ function quarantine($_action, $_data = null) { $redis->Set('Q_EXCLUDE_DOMAINS', json_encode($exclude_domains)); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('redis_error', $e) ); return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'saved_settings' @@ -125,31 +106,22 @@ function quarantine($_action, $_data = null) { } foreach ($ids as $id) { if (!is_numeric($id)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' ); - return false; + continue; } - try { - $stmt = $pdo->prepare('SELECT `msg`, `qid`, `sender`, `rcpt` FROM `quarantine` WHERE `id` = :id'); - $stmt->execute(array(':id' => $id)); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'access_denied' - ); - return false; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( + $stmt = $pdo->prepare('SELECT `msg`, `qid`, `sender`, `rcpt` FROM `quarantine` WHERE `id` = :id'); + $stmt->execute(array(':id' => $id)); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) { + $_SESSION['return'][] = array( 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) + 'msg' => 'access_denied' ); + continue; } $sender = (isset($row['sender'])) ? $row['sender'] : 'sender-unknown@rspamd'; try { @@ -170,12 +142,12 @@ function quarantine($_action, $_data = null) { $postfix = 'postfix'; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'warning', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('release_send_failed', 'Cannot determine Postfix host') ); - return false; + continue; } $mail->Host = $postfix; $mail->Port = 590; @@ -193,12 +165,12 @@ function quarantine($_action, $_data = null) { } catch (phpmailerException $e) { unlink($msg_tmpf); - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'warning', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('release_send_failed', $e->errorMessage()) ); - return false; + continue; } try { $stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE `id` = :id"); @@ -207,63 +179,179 @@ function quarantine($_action, $_data = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => array('item_released', $id) + ); + } + } + elseif ($_data['action'] == 'learnspam') { + if (!is_array($_data['id'])) { + $ids = array(); + $ids[] = $_data['id']; + } + else { + $ids = $_data['id']; + } + foreach ($ids as $id) { + if (!is_numeric($id)) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => 'access_denied' + ); + continue; + } + $stmt = $pdo->prepare('SELECT `msg`, `rcpt` FROM `quarantine` WHERE `id` = :id'); + $stmt->execute(array(':id' => $id)); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt']) && $_SESSION['mailcow_cc_role'] != 'admin') { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'msg' => 'access_denied' + ); + continue; + } + $curl = curl_init(); + curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/rspamd-sock/rspamd.sock'); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($curl, CURLOPT_POST, 1); + curl_setopt($curl, CURLOPT_TIMEOUT, 30); + curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain')); + curl_setopt($curl, CURLOPT_URL,"http://rspamd/learnspam"); + curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']); + $response = curl_exec($curl); + if (!curl_errno($curl)) { + $response = json_decode($response, true); + if (isset($response['error'])) { + if (stripos($response['error'], 'already learned') === false) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__), + 'msg' => array('spam_learn_error', $response['error']) + ); + continue; + } + } + curl_close($curl); + $curl = curl_init(); + curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/rspamd-sock/rspamd.sock'); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($curl, CURLOPT_POST, 1); + curl_setopt($curl, CURLOPT_TIMEOUT, 30); + curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain', 'Flag: 11')); + curl_setopt($curl, CURLOPT_URL,"http://rspamd/fuzzyadd"); + curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']); + $response = curl_exec($curl); + if (!curl_errno($curl)) { + $response = json_decode($response, true); + if (isset($response['error'])) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__), + 'msg' => array('fuzzy_learn_error', $response['error']) + ); + continue; + } + curl_close($curl); + try { + $stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE `id` = :id"); + $stmt->execute(array( + ':id' => $id + )); + } + catch (PDOException $e) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => array('mysql_error', $e) + ); + continue; + } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__), + 'msg' => 'qlearn_spam' + ); + continue; + } + else { + curl_close($curl); + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__), + 'msg' => array('spam_learn_error', 'curl error ' . curl_errno($curl)) + ); + continue; + } + curl_close($curl); + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__), + 'msg' => array('learn_spam_error', 'unknown') + ); + continue; + } + else { + curl_close($curl); + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__), + 'msg' => array('spam_learn_error', 'curl error ' . curl_errno($curl)) + ); + continue; + } + curl_close($curl); + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__), + 'msg' => array('learn_spam_error', 'unknown') + ); + continue; } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'items_released' - ); } return true; break; case 'get': - try { - if ($_SESSION['mailcow_cc_role'] == "user") { - $stmt = $pdo->prepare('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine` WHERE `rcpt` = :mbox'); - $stmt->execute(array(':mbox' => $_SESSION['mailcow_cc_username'])); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $q_meta[] = $row; - } - } - elseif ($_SESSION['mailcow_cc_role'] == "admin") { - $stmt = $pdo->query('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine`'); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $q_meta[] = $row; - } - } - else { - $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains')); - foreach ($domains as $domain) { - $stmt = $pdo->prepare('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine` WHERE `rcpt` REGEXP :domain'); - $stmt->execute(array(':domain' => '@' . $domain . '$')); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - while($row = array_shift($rows)) { - $q_meta[] = $row; - } - } + if ($_SESSION['mailcow_cc_role'] == "user") { + $stmt = $pdo->prepare('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine` WHERE `rcpt` = :mbox'); + $stmt->execute(array(':mbox' => $_SESSION['mailcow_cc_username'])); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $q_meta[] = $row; } } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); + elseif ($_SESSION['mailcow_cc_role'] == "admin") { + $stmt = $pdo->query('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine`'); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $q_meta[] = $row; + } + } + else { + $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains')); + foreach ($domains as $domain) { + $stmt = $pdo->prepare('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine` WHERE `rcpt` REGEXP :domain'); + $stmt->execute(array(':domain' => '@' . $domain . '$')); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $q_meta[] = $row; + } + } } return $q_meta; break; case 'settings': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -276,7 +364,7 @@ function quarantine($_action, $_data = null) { $settings['retention_size'] = $redis->Get('Q_RETENTION_SIZE'); } catch (RedisException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('redis_error', $e) @@ -289,21 +377,11 @@ function quarantine($_action, $_data = null) { if (!is_numeric($_data) || empty($_data)) { return false; } - try { - $stmt = $pdo->prepare('SELECT `rcpt`, `symbols`, `msg`, `domain` FROM `quarantine` WHERE `id`= :id'); - $stmt->execute(array(':id' => $_data)); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) { - return $row; - } - return false; - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); + $stmt = $pdo->prepare('SELECT `rcpt`, `symbols`, `msg`, `domain` FROM `quarantine` WHERE `id`= :id'); + $stmt->execute(array(':id' => $_data)); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) { + return $row; } return false; break; diff --git a/data/web/inc/functions.relayhost.inc.php b/data/web/inc/functions.relayhost.inc.php index 8faad80a..a3e1ffda 100644 --- a/data/web/inc/functions.relayhost.inc.php +++ b/data/web/inc/functions.relayhost.inc.php @@ -6,7 +6,7 @@ function relayhost($_action, $_data = null) { switch ($_action) { case 'add': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -17,7 +17,7 @@ function relayhost($_action, $_data = null) { $username = str_replace(':', '\:', trim($_data['username'])); $password = str_replace(':', '\:', trim($_data['password'])); if (empty($hostname)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('invalid_host', htmlspecialchars($host)) @@ -35,14 +35,14 @@ function relayhost($_action, $_data = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) ); return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('relayhost_added', htmlspecialchars(implode(', ', $hosts))) @@ -50,7 +50,7 @@ function relayhost($_action, $_data = null) { break; case 'edit': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -67,12 +67,12 @@ function relayhost($_action, $_data = null) { $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active_int']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'relayhost_invalid' + 'msg' => array('relayhost_invalid', $id) ); - return false; + continue; } try { $stmt = $pdo->prepare("UPDATE `relayhosts` SET @@ -90,23 +90,23 @@ function relayhost($_action, $_data = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => array('object_modified', htmlspecialchars(implode(', ', $hostnames))) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('object_modified', htmlspecialchars(implode(', ', $hostnames))) - ); break; case 'delete': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -122,36 +122,27 @@ function relayhost($_action, $_data = null) { $stmt->execute(array(':id' => $id)); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => array('relayhost_removed', htmlspecialchars($id)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('relayhost_removed', htmlspecialchars(implode(', ', $hostnames))) - ); break; case 'get': if ($_SESSION['mailcow_cc_role'] != "admin") { return false; } $relayhosts = array(); - try { - $stmt = $pdo->query("SELECT `id`, `hostname`, `username` FROM `relayhosts`"); - $relayhosts = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); - } + $stmt = $pdo->query("SELECT `id`, `hostname`, `username` FROM `relayhosts`"); + $relayhosts = $stmt->fetchAll(PDO::FETCH_ASSOC); return $relayhosts; break; case 'details': @@ -159,33 +150,23 @@ function relayhost($_action, $_data = null) { return false; } $relayhostdata = array(); - try { - $stmt = $pdo->prepare("SELECT `id`, - `hostname`, - `username`, - `password`, - `active` AS `active_int`, - CONCAT(LEFT(`password`, 3), '...') AS `password_short`, - CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` - FROM `relayhosts` - WHERE `id` = :id"); + $stmt = $pdo->prepare("SELECT `id`, + `hostname`, + `username`, + `password`, + `active` AS `active_int`, + CONCAT(LEFT(`password`, 3), '...') AS `password_short`, + CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` + FROM `relayhosts` + WHERE `id` = :id"); + $stmt->execute(array(':id' => $_data)); + $relayhostdata = $stmt->fetch(PDO::FETCH_ASSOC); + if (!empty($relayhostdata)) { + $stmt = $pdo->prepare("SELECT GROUP_CONCAT(`domain` SEPARATOR ', ') AS `used_by_domains` FROM `domain` WHERE `relayhost` = :id"); $stmt->execute(array(':id' => $_data)); - $relayhostdata = $stmt->fetch(PDO::FETCH_ASSOC); - - if (!empty($relayhostdata)) { - $stmt = $pdo->prepare("SELECT GROUP_CONCAT(`domain` SEPARATOR ', ') AS `used_by_domains` FROM `domain` WHERE `relayhost` = :id"); - $stmt->execute(array(':id' => $_data)); - $used_by_domains = $stmt->fetch(PDO::FETCH_ASSOC)['used_by_domains']; - $used_by_domains = (empty($used_by_domains)) ? '' : $used_by_domains; - $relayhostdata['used_by_domains'] = $used_by_domains; - } - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); + $used_by_domains = $stmt->fetch(PDO::FETCH_ASSOC)['used_by_domains']; + $used_by_domains = (empty($used_by_domains)) ? '' : $used_by_domains; + $relayhostdata['used_by_domains'] = $used_by_domains; } return $relayhostdata; break; diff --git a/data/web/inc/functions.rsettings.inc.php b/data/web/inc/functions.rsettings.inc.php index 9f13a4c3..fbf8922b 100644 --- a/data/web/inc/functions.rsettings.inc.php +++ b/data/web/inc/functions.rsettings.inc.php @@ -6,7 +6,7 @@ function rsettings($_action, $_data = null) { switch ($_action) { case 'add': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -17,7 +17,7 @@ function rsettings($_action, $_data = null) { $desc = $_data['desc']; $active = intval($_data['active']); if (empty($content)) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'map_content_empty' @@ -34,14 +34,14 @@ function rsettings($_action, $_data = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) ); return false; } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'settings_map_added' @@ -49,7 +49,7 @@ function rsettings($_action, $_data = null) { break; case 'edit': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -65,12 +65,12 @@ function rsettings($_action, $_data = null) { $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active_int']; } else { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'settings_map_invalid' + 'msg' => array('settings_map_invalid', $id) ); - return false; + continue; } $content = trim($content); try { @@ -87,23 +87,23 @@ function rsettings($_action, $_data = null) { )); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) ); - return false; + continue; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => array('object_modified', htmlspecialchars($ids)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('object_modified', htmlspecialchars(implode(', ', $ids))) - ); break; case 'delete': if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'access_denied' @@ -117,36 +117,27 @@ function rsettings($_action, $_data = null) { $stmt->execute(array(':id' => $id)); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => array('mysql_error', $e) ); return false; } + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => array('settings_map_removed', htmlspecialchars($id)) + ); } - $_SESSION['return'] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('settings_map_removed', htmlspecialchars(implode(', ', $ids))) - ); break; case 'get': if ($_SESSION['mailcow_cc_role'] != "admin") { return false; } $settingsmaps = array(); - try { - $stmt = $pdo->query("SELECT `id`, `desc`, `active` FROM `settingsmap`"); - $settingsmaps = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); - } + $stmt = $pdo->query("SELECT `id`, `desc`, `active` FROM `settingsmap`"); + $settingsmaps = $stmt->fetchAll(PDO::FETCH_ASSOC); return $settingsmaps; break; case 'details': @@ -154,24 +145,15 @@ function rsettings($_action, $_data = null) { return false; } $settingsmapdata = array(); - try { - $stmt = $pdo->prepare("SELECT `id`, - `desc`, - `content`, - `active` AS `active_int`, - CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` - FROM `settingsmap` - WHERE `id` = :id"); - $stmt->execute(array(':id' => $_data)); - $settingsmapdata = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); - } + $stmt = $pdo->prepare("SELECT `id`, + `desc`, + `content`, + `active` AS `active_int`, + CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` + FROM `settingsmap` + WHERE `id` = :id"); + $stmt->execute(array(':id' => $_data)); + $settingsmapdata = $stmt->fetch(PDO::FETCH_ASSOC); return $settingsmapdata; break; } diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php index b938a56b..c99484d5 100644 --- a/data/web/inc/init_db.inc.php +++ b/data/web/inc/init_db.inc.php @@ -3,7 +3,7 @@ function init_db_schema() { try { global $pdo; - $db_version = "05072018_2319"; + $db_version = "10082018_2019"; $stmt = $pdo->query("SHOW TABLES LIKE 'versions'"); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); @@ -112,6 +112,7 @@ function init_db_schema() { ), "alias" => array( "cols" => array( + "id" => "INT NOT NULL AUTO_INCREMENT", "address" => "VARCHAR(255) NOT NULL", "goto" => "TEXT NOT NULL", "domain" => "VARCHAR(255) NOT NULL", @@ -121,7 +122,10 @@ function init_db_schema() { ), "keys" => array( "primary" => array( - "" => array("address") + "" => array("id") + ), + "unique" => array( + "address" => array("address") ), "key" => array( "domain" => array("domain") @@ -366,6 +370,7 @@ function init_db_schema() { "logs" => array( "cols" => array( "id" => "INT NOT NULL AUTO_INCREMENT", + "task" => "CHAR(32) NOT NULL DEFAULT '000000'", "type" => "VARCHAR(32) DEFAULT ''", "msg" => "TEXT", "call" => "TEXT", @@ -754,6 +759,8 @@ function init_db_schema() { if ($num_results == 0) { if (strpos($type, 'AUTO_INCREMENT') !== false) { $type = $type . ' PRIMARY KEY '; + // Adding an AUTO_INCREMENT key, need to drop primary keys first + $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY"); } $pdo->query("ALTER TABLE `" . $table . "` ADD `" . $column . "` " . $type); } @@ -933,7 +940,7 @@ DELIMITER ;'; WHERE `username` = :username"); $stmt->execute(array(':tls_enforce_in' => $tls_options['tls_enforce_in'], ':tls_enforce_out' => $tls_options['tls_enforce_out'], ':username' => $tls_user)); } - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__), 'msg' => 'db_init_complete' @@ -943,7 +950,7 @@ DELIMITER ;'; $stmt = $pdo->query("INSERT INTO `user_acl` (`username`) SELECT `username` FROM `mailbox` WHERE `kind` = '' AND NOT EXISTS (SELECT `username` FROM `user_acl`);"); } catch (PDOException $e) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__), 'msg' => array('mysql_error', $e) diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php index 1370155e..0ec41fab 100644 --- a/data/web/inc/prerequisites.inc.php +++ b/data/web/inc/prerequisites.inc.php @@ -51,6 +51,25 @@ catch (PDOException $e) { 'danger', + 'log' => array(__FUNCTION__), + 'msg' => array('mysql_error', $e) + ); + return false; + } + else { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__), + 'msg' => array('mysql_error', 'unknown error') + ); + return false; + } +} +set_exception_handler('pdo_exception_handler'); // TODO: Move function function get_remote_ip($anonymize = null) { diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php index fe1cdfa2..a3b81407 100644 --- a/data/web/inc/sessions.inc.php +++ b/data/web/inc/sessions.inc.php @@ -52,7 +52,7 @@ function session_check() { return true; } if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'warning', 'msg' => 'session_ua' ); @@ -60,7 +60,7 @@ function session_check() { } if (!empty($_POST)) { if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) { - $_SESSION['return'] = array( + $_SESSION['return'][] = array( 'type' => 'warning', 'msg' => 'session_token' ); diff --git a/data/web/js/api.js b/data/web/js/api.js index 3f9bc4b7..2e770f7b 100644 --- a/data/web/js/api.js +++ b/data/web/js/api.js @@ -3,6 +3,10 @@ $(document).ready(function() { if ($(elem).data('submitted') == '1') { return true; } else { + var parent_btn_grp = $(elem).parentsUntil(".btn-group").parent(); + if (parent_btn_grp.hasClass('btn-group')) { + parent_btn_grp.replaceWith('
- +
@@ -97,7 +97,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
- +
diff --git a/data/web/modals/mailbox.php b/data/web/modals/mailbox.php index 149f579c..94f881e4 100644 --- a/data/web/modals/mailbox.php +++ b/data/web/modals/mailbox.php @@ -614,9 +614,9 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
- +
- +
diff --git a/data/web/quarantine.php b/data/web/quarantine.php index ec3ebb44..87f565a1 100644 --- a/data/web/quarantine.php +++ b/data/web/quarantine.php @@ -24,6 +24,8 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
    • +
    • +