paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Various fixes for app passwd functions

master
andryyy 2019-12-21 22:25:09 +01:00
parent 0b224d1e07
commit aece2558df
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
2 changed files with 46 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
data/web/inc/functions.app_passwd.inc.php
View File

@ -59,25 +59,15 @@ function app_passwd($_action, $_data = null) {
); );
return false; return false;
} }
try { $stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `active`)
$stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `active`) VALUES (:app_name, :mailbox, :domain, :password, :active)");
VALUES (:app_name, :mailbox, :domain, :password, :active)"); $stmt->execute(array(
$stmt->execute(array( ':app_name' => $app_name,
':app_name' => $app_name, ':mailbox' => $username,
':mailbox' => $username, ':domain' => $domain,
':domain' => $domain, ':password' => $password_hashed,
':password' => $password_hashed, ':active' => $active
':active' => $active ));
));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
return false;
}
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'success', 'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log), 'log' => array(__FUNCTION__, $_action, $_data_log),
@ -130,27 +120,17 @@ function app_passwd($_action, $_data = null) {
':id' => $id ':id' => $id
)); ));
} }
try { $stmt = $pdo->prepare("UPDATE `app_passwd` SET
$stmt = $pdo->prepare("UPDATE `app_passwd` SET `name` = :app_name,
`name` = :app_name, `mailbox` = :username,
`mailbox` = :username, `active` = :active
`active` = :active WHERE `id` = :id");
WHERE `id` = :id"); $stmt->execute(array(
$stmt->execute(array( ':app_name' => $app_name,
':app_name' => $app_name, ':username' => $username,
':username' => $username, ':active' => $active,
':active' => $active, ':id' => $id
':id' => $id ));
));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
continue;
}
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'success', 'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log), 'log' => array(__FUNCTION__, $_action, $_data_log),
@ -161,18 +141,27 @@ function app_passwd($_action, $_data = null) {
case 'delete': case 'delete':
$ids = (array)$_data['id']; $ids = (array)$_data['id'];
foreach ($ids as $id) { foreach ($ids as $id) {
try { $stmt = $pdo->prepare("SELECT `mailbox` FROM `app_passwd` WHERE `id` = :id");
$stmt = $pdo->prepare("DELETE FROM `app_passwd` WHERE `id`= :id AND `mailbox`= :username"); $stmt->execute(array(':id' => $id));
$stmt->execute(array(':id' => $id, ':username' => $username)); $mailbox = $stmt->fetch(PDO::FETCH_ASSOC)['mailbox'];
} if (empty($mailbox)) {
catch (PDOException $e) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log), 'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e) 'msg' => 'app_passwd_id_invalid'
); );
return false; return false;
} }
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $mailbox)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
);
return false;
}
$stmt = $pdo->prepare("DELETE FROM `app_passwd` WHERE `id`= :id");
$stmt->execute(array(':id' => $id));
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'success', 'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log), 'log' => array(__FUNCTION__, $_action, $_data_log),
@ -198,10 +187,16 @@ function app_passwd($_action, $_data = null) {
`active` AS `active_int`, `active` AS `active_int`,
CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
FROM `app_passwd` FROM `app_passwd`
WHERE `id` = :id WHERE `id` = :id");
AND `mailbox` = :username"); $stmt->execute(array(':id' => $_data['id']));
$stmt->execute(array(':id' => $_data['id'], ':username' => $username));
$app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC); $app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC);
if (empty($app_passwd_data)) {
return false;
}
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $app_passwd_data['mailbox'])) {
$app_passwd_data = array();
return false;
}
return $app_passwd_data; return $app_passwd_data;
break; break;
} }

9
data/web/json_api.php
View File

@ -296,12 +296,7 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
} }
if (!empty($app_passwds)) { if (!empty($app_passwds)) {
foreach ($app_passwds as $app_passwd) { foreach ($app_passwds as $app_passwd) {
if (empty($extra)) { $details = app_passwd('details', array('id' => $app_passwd['id']));
$details = app_passwd('details', array('id' => $app_passwd['id']));
}
else {
$details = app_passwd('details', array('id' => $app_passwd['id'], 'username' => $extra));
}
if ($details !== false) { if ($details !== false) {
$data[] = $details; $data[] = $details;
} }
@ -317,7 +312,7 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
break; break;
default: default:
$data = app_passwd('details', array('id' => $object)); $data = app_passwd('details', array('id' => $object['id']));
process_get_return($data); process_get_return($data);
break; break;
} }