[Web] Various fixes for app passwd functions

master
andryyy 2019-12-21 22:25:09 +01:00
parent 0b224d1e07
commit aece2558df
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
2 changed files with 46 additions and 56 deletions

View File

@ -59,25 +59,15 @@ function app_passwd($_action, $_data = null) {
);
return false;
}
try {
$stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `active`)
VALUES (:app_name, :mailbox, :domain, :password, :active)");
$stmt->execute(array(
':app_name' => $app_name,
':mailbox' => $username,
':domain' => $domain,
':password' => $password_hashed,
':active' => $active
));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
return false;
}
$stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `active`)
VALUES (:app_name, :mailbox, :domain, :password, :active)");
$stmt->execute(array(
':app_name' => $app_name,
':mailbox' => $username,
':domain' => $domain,
':password' => $password_hashed,
':active' => $active
));
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
@ -130,27 +120,17 @@ function app_passwd($_action, $_data = null) {
':id' => $id
));
}
try {
$stmt = $pdo->prepare("UPDATE `app_passwd` SET
`name` = :app_name,
`mailbox` = :username,
`active` = :active
WHERE `id` = :id");
$stmt->execute(array(
':app_name' => $app_name,
':username' => $username,
':active' => $active,
':id' => $id
));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
continue;
}
$stmt = $pdo->prepare("UPDATE `app_passwd` SET
`name` = :app_name,
`mailbox` = :username,
`active` = :active
WHERE `id` = :id");
$stmt->execute(array(
':app_name' => $app_name,
':username' => $username,
':active' => $active,
':id' => $id
));
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
@ -161,18 +141,27 @@ function app_passwd($_action, $_data = null) {
case 'delete':
$ids = (array)$_data['id'];
foreach ($ids as $id) {
try {
$stmt = $pdo->prepare("DELETE FROM `app_passwd` WHERE `id`= :id AND `mailbox`= :username");
$stmt->execute(array(':id' => $id, ':username' => $username));
}
catch (PDOException $e) {
$stmt = $pdo->prepare("SELECT `mailbox` FROM `app_passwd` WHERE `id` = :id");
$stmt->execute(array(':id' => $id));
$mailbox = $stmt->fetch(PDO::FETCH_ASSOC)['mailbox'];
if (empty($mailbox)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
'msg' => 'app_passwd_id_invalid'
);
return false;
}
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $mailbox)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
);
return false;
}
$stmt = $pdo->prepare("DELETE FROM `app_passwd` WHERE `id`= :id");
$stmt->execute(array(':id' => $id));
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
@ -198,10 +187,16 @@ function app_passwd($_action, $_data = null) {
`active` AS `active_int`,
CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
FROM `app_passwd`
WHERE `id` = :id
AND `mailbox` = :username");
$stmt->execute(array(':id' => $_data['id'], ':username' => $username));
WHERE `id` = :id");
$stmt->execute(array(':id' => $_data['id']));
$app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC);
if (empty($app_passwd_data)) {
return false;
}
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $app_passwd_data['mailbox'])) {
$app_passwd_data = array();
return false;
}
return $app_passwd_data;
break;
}

View File

@ -296,12 +296,7 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
}
if (!empty($app_passwds)) {
foreach ($app_passwds as $app_passwd) {
if (empty($extra)) {
$details = app_passwd('details', array('id' => $app_passwd['id']));
}
else {
$details = app_passwd('details', array('id' => $app_passwd['id'], 'username' => $extra));
}
$details = app_passwd('details', array('id' => $app_passwd['id']));
if ($details !== false) {
$data[] = $details;
}
@ -317,7 +312,7 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
break;
default:
$data = app_passwd('details', array('id' => $object));
$data = app_passwd('details', array('id' => $object['id']));
process_get_return($data);
break;
}