Better white/blacklist handling

master
andryyy 2016-12-10 09:18:00 +01:00
parent 9775b354f4
commit a7a597fead
6 changed files with 120 additions and 226 deletions

View File

@ -2176,206 +2176,6 @@ function get_spam_score($username) {
} }
} }
} }
function set_whitelist($postarray) {
global $lang;
global $pdo;
$username = $_SESSION['mailcow_cc_username'];
$whitelist_from = trim(strtolower($postarray['whitelist_from']));
$whitelist_from = preg_replace("/\.\*/", "*", $whitelist_from);
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['username_invalid'])
);
return false;
}
if (!ctype_alnum(str_replace(array('@', '.', '-', '*'), '', $whitelist_from))) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['whitelist_from_invalid'])
);
return false;
}
try {
$stmt = $pdo->prepare("SELECT `object` FROM `filterconf`
WHERE `option` = 'whitelist_from'
AND `object` = :username
AND `value` = :whitelist_from");
$stmt->execute(array(':username' => $username, ':whitelist_from' => $whitelist_from));
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
if ($num_results != 0) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['whitelist_exists'])
);
return false;
}
try {
$stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)
VALUES (:username, 'whitelist_from', :whitelist_from)");
$stmt->execute(array(
':username' => $username,
':whitelist_from' => $whitelist_from
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['mailbox_modified'], $username)
);
}
function delete_whitelist($postarray) {
global $lang;
global $pdo;
$username = $_SESSION['mailcow_cc_username'];
$prefid = $postarray['wlid'];
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['username_invalid'])
);
return false;
}
if (!is_numeric($prefid)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['whitelist_from_invalid'])
);
return false;
}
try {
$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username AND `prefid` = :prefid");
$stmt->execute(array(
':username' => $username,
':prefid' => $prefid
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['mailbox_modified'], $username)
);
}
function set_blacklist($postarray) {
global $lang;
global $pdo;
$username = $_SESSION['mailcow_cc_username'];
$blacklist_from = trim(strtolower($postarray['blacklist_from']));
$blacklist_from = preg_replace("/\.\*/", "*", $blacklist_from);
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['username_invalid'])
);
return false;
}
if (!ctype_alnum(str_replace(array('@', '.', '-', '*'), '', $blacklist_from))) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['blacklist_from_invalid'])
);
return false;
}
try {
$stmt = $pdo->prepare("SELECT `object` FROM `filterconf`
WHERE `option` = 'blacklist_from'
AND `object` = :username
AND `value` = :blacklist_from");
$stmt->execute(array(':username' => $username, ':blacklist_from' => $blacklist_from));
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
if ($num_results != 0) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['blacklist_exists'])
);
return false;
}
try {
$stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)
VALUES (:username, 'blacklist_from', :blacklist_from)");
$stmt->execute(array(
':username' => $username,
':blacklist_from' => $blacklist_from
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['mailbox_modified'], $username)
);
}
function delete_blacklist($postarray) {
global $lang;
global $pdo;
$username = $_SESSION['mailcow_cc_username'];
$prefid = $postarray['blid'];
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['username_invalid'])
);
return false;
}
if (!is_numeric($prefid)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['blacklist_from_invalid'])
);
return false;
}
try {
$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username AND `prefid` = :prefid");
$stmt->execute(array(
':username' => $username,
':prefid' => $prefid
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['mailbox_modified'], $username)
);
}
function set_spam_score($postarray) { function set_spam_score($postarray) {
global $lang; global $lang;
global $pdo; global $pdo;
@ -2429,6 +2229,107 @@ function set_spam_score($postarray) {
'msg' => sprintf($lang['success']['mailbox_modified'], $username) 'msg' => sprintf($lang['success']['mailbox_modified'], $username)
); );
} }
function set_policy_list($postarray) {
global $lang;
global $pdo;
(isset($postarray['domain'])) ? $object = $postarray['domain'] : $object = $_SESSION['mailcow_cc_username'];
($postarray['object_list'] == "bl") ? $object_list = "blacklist_from" : $object_list = "whitelist_from";
$object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($postarray['object_from']))), '.'));
if (!filter_var($object, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($object)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['username_invalid'])
);
return false;
}
if (is_valid_domain_name($object)) {
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
}
if (isset($postarray['prefid'])) {
if (!is_numeric($postarray['prefid'])) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
try {
$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid");
$stmt->execute(array(
':object' => $object,
':prefid' => $postarray['prefid']
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['mailbox_modified'], $object)
);
return true;
}
if (!ctype_alnum(str_replace(array('@', '.', '-', '*'), '', $object_from))) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['policy_list_from_invalid'])
);
return false;
}
try {
$stmt = $pdo->prepare("SELECT `object` FROM `filterconf`
WHERE (`option` = 'whitelist_from' OR `option` = 'blacklist_from')
AND `object` = :object
AND `value` = :object_from");
$stmt->execute(array(':object' => $object, ':object_from' => $object_from));
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
if ($num_results != 0) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['policy_list_from_exists'])
);
return false;
}
try {
$stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)
VALUES (:object, :object_list, :object_from)");
$stmt->execute(array(
':object' => $object,
':object_list' => $object_list,
':object_from' => $object_from
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['mailbox_modified'], $object)
);
}
function set_tls_policy($postarray) { function set_tls_policy($postarray) {
global $lang; global $lang;
global $pdo; global $pdo;

View File

@ -4,7 +4,7 @@
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<title>mailcow UI - <?php echo gethostname() ?></title> <title>mailcow UI</title>
<!--[if lt IE 9]> <!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>

View File

@ -51,17 +51,8 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "user
if (isset($_POST["trigger_set_spam_score"])) { if (isset($_POST["trigger_set_spam_score"])) {
set_spam_score($_POST); set_spam_score($_POST);
} }
if (isset($_POST["trigger_set_whitelist"])) { if (isset($_POST["trigger_set_policy_list"])) {
set_whitelist($_POST); set_policy_list($_POST);
}
if (isset($_POST["trigger_delete_whitelist"])) {
delete_whitelist($_POST);
}
if (isset($_POST["trigger_set_blacklist"])) {
set_blacklist($_POST);
}
if (isset($_POST["trigger_delete_blacklist"])) {
delete_blacklist($_POST);
} }
if (isset($_POST["trigger_set_tls_policy"])) { if (isset($_POST["trigger_set_tls_policy"])) {
set_tls_policy($_POST); set_tls_policy($_POST);

View File

@ -22,10 +22,8 @@ $lang['danger']['object_is_not_numeric'] = 'Wert %s ist nicht numerisch';
$lang['success']['domain_added'] = 'Domain %s wurde angelegt'; $lang['success']['domain_added'] = 'Domain %s wurde angelegt';
$lang['danger']['alias_empty'] = 'Alias-Adresse darf nicht leer sein'; $lang['danger']['alias_empty'] = 'Alias-Adresse darf nicht leer sein';
$lang['danger']['goto_empty'] = 'Ziel-Adresse darf nicht leer sein'; $lang['danger']['goto_empty'] = 'Ziel-Adresse darf nicht leer sein';
$lang['danger']['blacklist_exists'] = 'Ein Backlist-Eintrag mit diesem Wert existiert bereits'; $lang['danger']['policy_list_from_exists'] = 'Ein Eintrag mit diesem Wert existiert bereits';
$lang['danger']['blacklist_from_invalid'] = 'Backlist-Eintrag hat ungültiges Format'; $lang['danger']['policy_list_from_invalid'] = 'Eintrag hat ungültiges Format';
$lang['danger']['whitelist_exists'] = 'Ein Whitelist-Eintrag mit diesem Wert existiert bereits';
$lang['danger']['whitelist_from_invalid'] = 'Whitelist-Eintrag hat ungültiges Format';
$lang['danger']['alias_invalid'] = 'Alias-Adrese ist ungültig'; $lang['danger']['alias_invalid'] = 'Alias-Adrese ist ungültig';
$lang['danger']['goto_invalid'] = 'Ziel-Adrese ist ungültig'; $lang['danger']['goto_invalid'] = 'Ziel-Adrese ist ungültig';
$lang['danger']['alias_domain_invalid'] = 'Alias-Domain ist ungültig'; $lang['danger']['alias_domain_invalid'] = 'Alias-Domain ist ungültig';

View File

@ -22,8 +22,8 @@ $lang['danger']['object_is_not_numeric'] = "Value %s is not numeric";
$lang['success']['domain_added'] = "Added domain %s"; $lang['success']['domain_added'] = "Added domain %s";
$lang['danger']['alias_empty'] = "Alias address must not be empty"; $lang['danger']['alias_empty'] = "Alias address must not be empty";
$lang['danger']['goto_empty'] = "Goto address must not be empty"; $lang['danger']['goto_empty'] = "Goto address must not be empty";
$lang['danger']['blacklist_exists'] = "A blacklist record with that name exists"; $lang['danger']['policy_list_from_exists'] = "A record with given name exists";
$lang['danger']['blacklist_from_invalid'] = "Blacklist record has invalid format"; $lang['danger']['policy_list_from_invalid'] = "Record has invalid format";
$lang['danger']['whitelist_exists'] = "A whitelist record with that name exists"; $lang['danger']['whitelist_exists'] = "A whitelist record with that name exists";
$lang['danger']['whitelist_from_invalid'] = "Whitelist record has invalid format"; $lang['danger']['whitelist_from_invalid'] = "Whitelist record has invalid format";
$lang['danger']['alias_invalid'] = "Alias address is invalid"; $lang['danger']['alias_invalid'] = "Alias address is invalid";
@ -122,6 +122,7 @@ $lang['user']['spamfilter_table_rule'] = 'Rule';
$lang['user']['spamfilter_table_action'] = 'Action'; $lang['user']['spamfilter_table_action'] = 'Action';
$lang['user']['spamfilter_table_empty'] = 'No data to display'; $lang['user']['spamfilter_table_empty'] = 'No data to display';
$lang['user']['spamfilter_table_remove'] = 'remove'; $lang['user']['spamfilter_table_remove'] = 'remove';
$lang['user']['spamfilter_table_add'] = 'Add item';
$lang['user']['spamfilter_default_score'] = 'Spam score:'; $lang['user']['spamfilter_default_score'] = 'Spam score:';
$lang['user']['spamfilter_green'] = 'Green: this message is not spam'; $lang['user']['spamfilter_green'] = 'Green: this message is not spam';
$lang['user']['spamfilter_yellow'] = 'Yellow: this message may be spam, will be tagged as spam and moved to your junk folder'; $lang['user']['spamfilter_yellow'] = 'Yellow: this message may be spam, will be tagged as spam and moved to your junk folder';

View File

@ -143,6 +143,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
data-slider-max="30" data-slider-max="30"
data-slider-step="0.5" data-slider-step="0.5"
data-slider-range="true" data-slider-range="true"
data-slider-tooltip='always'
data-slider-id="slider1" data-slider-id="slider1"
data-slider-value="[<?=get_spam_score($_SESSION['mailcow_cc_username']);?>]" data-slider-value="[<?=get_spam_score($_SESSION['mailcow_cc_username']);?>]"
data-slider-step="1" /> data-slider-step="1" />
@ -189,11 +190,11 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
<form class="form-inline" method="post"> <form class="form-inline" method="post">
<div class="col-xs-6"><code><?=$whitelistRow['value'];?></code></div> <div class="col-xs-6"><code><?=$whitelistRow['value'];?></code></div>
<div class="col-xs-6"> <div class="col-xs-6">
<input type="hidden" name="wlid" value="<?=$whitelistRow['prefid'];?>"> <input type="hidden" name="prefid" value="<?=$whitelistRow['prefid'];?>">
<?php <?php
if ($whitelistRow['username'] != array_pop(explode('@', $username))): if ($whitelistRow['username'] != array_pop(explode('@', $username))):
?> ?>
<input type="hidden" id="trigger_delete_whitelist" name="trigger_delete_whitelist"> <input type="hidden" name="trigger_set_policy_list">
<a href="#n" onclick="$(this).closest('form').submit()"><?=$lang['user']['spamfilter_table_remove'];?></a> <a href="#n" onclick="$(this).closest('form').submit()"><?=$lang['user']['spamfilter_table_remove'];?></a>
<?php <?php
else: else:
@ -213,10 +214,11 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
<div class="row"> <div class="row">
<form class="form-inline" method="post"> <form class="form-inline" method="post">
<div class="col-xs-6"> <div class="col-xs-6">
<input type="text" class="form-control input-sm" name="whitelist_from" id="whitelist_from" placeholder="*@example.org" required> <input type="text" class="form-control input-sm" name="object_from" id="object_from" placeholder="*@example.org" required>
<input type="hidden" name="object_list" value="wl">
</div> </div>
<div class="col-xs-6"> <div class="col-xs-6">
<button type="submit" id="trigger_set_whitelist" name="trigger_set_whitelist" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button> <button type="submit" id="trigger_set_policy_list" name="trigger_set_policy_list" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
</div> </div>
</form> </form>
</div> </div>
@ -253,11 +255,11 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
<form class="form-inline" method="post"> <form class="form-inline" method="post">
<div class="col-xs-6"><code><?=$blacklistRow['value'];?></code></div> <div class="col-xs-6"><code><?=$blacklistRow['value'];?></code></div>
<div class="col-xs-6"> <div class="col-xs-6">
<input type="hidden" name="blid" value="<?=$blacklistRow['prefid'];?>"> <input type="hidden" name="prefid" value="<?=$blacklistRow['prefid'];?>">
<?php <?php
if ($blacklistRow['username'] != array_pop(explode('@', $username))): if ($blacklistRow['username'] != array_pop(explode('@', $username))):
?> ?>
<input type="hidden" id="trigger_delete_blacklist" name="trigger_delete_blacklist"> <input type="hidden" name="trigger_set_policy_list">
<a href="#n" onclick="$(this).closest('form').submit()"><?=$lang['user']['spamfilter_table_remove'];?></a> <a href="#n" onclick="$(this).closest('form').submit()"><?=$lang['user']['spamfilter_table_remove'];?></a>
<?php <?php
else: else:
@ -276,10 +278,11 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
<div class="row"> <div class="row">
<form class="form-inline" method="post"> <form class="form-inline" method="post">
<div class="col-xs-6"> <div class="col-xs-6">
<input type="text" class="form-control input-sm" name="blacklist_from" id="blacklist_from" placeholder="*@example.org" required> <input type="text" class="form-control input-sm" name="object_from" id="object_from" placeholder="*@example.org" required>
<input type="hidden" name="object_list" value="bl">
</div> </div>
<div class="col-xs-6"> <div class="col-xs-6">
<button type="submit" id="trigger_set_blacklist" name="trigger_set_blacklist" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button> <button type="submit" id="trigger_set_policy_list" name="trigger_set_policy_list" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
</div> </div>
</form> </form>
</div> </div>