'danger', 'msg' => sprintf($lang['danger']['access_denied']) ); return false; } if (empty($postarray['domain'])) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['domain_invalid']) ); return false; } if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username)) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['username_invalid']) ); return false; } try { $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `username` = :username"); $stmt->execute(array(':username' => $username)); $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC)); $stmt = $pdo->prepare("SELECT `username` FROM `admin` WHERE `username` = :username"); $stmt->execute(array(':username' => $username)); $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC)); $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins` WHERE `username` = :username"); $stmt->execute(array(':username' => $username)); $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC)); } catch(PDOException $e) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e ); return false; } foreach ($num_results as $num_results_each) { if ($num_results_each != 0) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($username)) ); return false; } } if (!empty($password) && !empty($password2)) { if ($password != $password2) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['password_mismatch']) ); return false; } $password_hashed = hash_password($password); foreach ($postarray['domain'] as $domain) { if (!is_valid_domain_name($domain)) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['domain_invalid']) ); return false; } try { $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`) VALUES (:username, :domain, :created, :active)"); $stmt->execute(array( ':username' => $username, ':domain' => $domain, ':created' => date('Y-m-d H:i:s'), ':active' => $active )); } catch (PDOException $e) { delete_domain_admin(array('username' => $username)); $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e ); return false; } } try { $stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`) VALUES (:username, :password_hashed, '0', :created, :modified, :active)"); $stmt->execute(array( ':username' => $username, ':password_hashed' => $password_hashed, ':created' => date('Y-m-d H:i:s'), ':modified' => date('Y-m-d H:i:s'), ':active' => $active )); } catch (PDOException $e) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e ); return false; } } else { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['password_empty']) ); return false; } $_SESSION['return'] = array( 'type' => 'success', 'msg' => sprintf($lang['success']['domain_admin_added'], htmlspecialchars($username)) ); } function delete_domain_admin($postarray) { global $pdo; global $lang; if ($_SESSION['mailcow_cc_role'] != "admin") { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['access_denied']) ); return false; } $username = $postarray['username']; if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['username_invalid']) ); return false; } try { $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username"); $stmt->execute(array( ':username' => $username, )); $stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username"); $stmt->execute(array( ':username' => $username, )); } catch (PDOException $e) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e ); return false; } $_SESSION['return'] = array( 'type' => 'success', 'msg' => sprintf($lang['success']['domain_admin_removed'], htmlspecialchars($username)) ); } function get_domain_admins() { global $pdo; global $lang; $domainadmins = array(); if ($_SESSION['mailcow_cc_role'] != "admin") { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['access_denied']) ); return false; } try { $stmt = $pdo->query("SELECT DISTINCT `username` FROM `domain_admins` WHERE `username` IN ( SELECT `username` FROM `admin` WHERE `superadmin`!='1' )"); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); while ($row = array_shift($rows)) { $domainadmins[] = $row['username']; } } catch(PDOException $e) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e ); } return $domainadmins; } function get_domain_admin_details($domain_admin) { global $pdo; global $lang; $domainadmindata = array(); if ($_SESSION['mailcow_cc_role'] != "admin") { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['access_denied']) ); return false; } if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $domain_admin))) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['username_invalid']) ); return false; } try { $stmt = $pdo->prepare("SELECT `created`, `active` AS `active_int`, CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` FROM `domain_admins` WHERE `username`= :domain_admin"); $stmt->execute(array( ':domain_admin' => $domain_admin )); $row = $stmt->fetch(PDO::FETCH_ASSOC); $domainadmindata['active'] = $row['active']; $domainadmindata['active_int'] = $row['active_int']; $domainadmindata['created'] = $row['created']; // GET SELECTED $stmt = $pdo->prepare("SELECT `domain` FROM `domain` WHERE `domain` IN ( SELECT `domain` FROM `domain_admins` WHERE `username`= :domain_admin)"); $stmt->execute(array(':domain_admin' => $domain_admin)); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); while($row = array_shift($rows)) { $domainadmindata['selected_domains'][] = $row['domain']; } // GET UNSELECTED $stmt = $pdo->prepare("SELECT `domain` FROM `domain` WHERE `domain` NOT IN ( SELECT `domain` FROM `domain_admins` WHERE `username`= :domain_admin)"); $stmt->execute(array(':domain_admin' => $domain_admin)); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); while($row = array_shift($rows)) { $domainadmindata['unselected_domains'][] = $row['domain']; } } catch(PDOException $e) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e ); } return $domainadmindata; } function edit_domain_admin($postarray) { global $lang; global $pdo; $username = $postarray['username']; $password = $postarray['password']; $password2 = $postarray['password2']; isset($postarray['active']) ? $active = '1' : $active = '0'; if ($_SESSION['mailcow_cc_role'] != "admin") { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['access_denied']) ); return false; } if(isset($postarray['domain'])) { foreach ($postarray['domain'] as $domain) { if (!is_valid_domain_name($domain)) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['domain_invalid']) ); return false; } } } if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['username_invalid']) ); return false; } try { $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username"); $stmt->execute(array( ':username' => $username, )); } catch (PDOException $e) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e ); return false; } if(isset($postarray['domain'])) { foreach ($postarray['domain'] as $domain) { try { $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`) VALUES (:username, :domain, :created, :active)"); $stmt->execute(array( ':username' => $username, ':domain' => $domain, ':created' => date('Y-m-d H:i:s'), ':active' => $active )); } catch (PDOException $e) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e ); return false; } } } if (!empty($password) && !empty($password2)) { if ($password != $password2) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['password_mismatch']) ); return false; } $password_hashed = hash_password($password); try { $stmt = $pdo->prepare("UPDATE `admin` SET `modified` = :modified, `active` = :active, `password` = :password_hashed WHERE `username` = :username"); $stmt->execute(array( ':password_hashed' => $password_hashed, ':username' => $username, ':modified' => date('Y-m-d H:i:s'), ':active' => $active )); } catch (PDOException $e) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e ); return false; } } else { try { $stmt = $pdo->prepare("UPDATE `admin` SET `modified` = :modified, `active` = :active WHERE `username` = :username"); $stmt->execute(array( ':username' => $username, ':modified' => date('Y-m-d H:i:s'), ':active' => $active )); } catch (PDOException $e) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e ); return false; } } $_SESSION['return'] = array( 'type' => 'success', 'msg' => sprintf($lang['success']['domain_admin_modified'], htmlspecialchars($username)) ); }