opensmtpdadmin/functions.inc.php

<?php
// 
// OpenSMTPD Admin 
// by Mischa Peters <mischa at high5 dot nl>
// Copyright (c) 2022-2023 High5!
// License Info: LICENSE.TXT
//
// File: functions.inc.php
//
if (preg_match("/functions.inc.php/", $_SERVER['SCRIPT_NAME'])) {
	header("Location: login.php");
	die();
}

DEFINE("VERSION",  "version 1.1");
DEFINE('ROOT_PATH', dirname(__FILE__) . DIRECTORY_SEPARATOR);
require_once ROOT_PATH . 'conf.php';

//
// Check if debug is enabled or not
//
if (DEBUG == 'true') {
	ini_set('display_errors', 1);
	ini_set('display_startup_errors', 1);
	error_reporting(E_ALL);
} else {
	ini_set('display_errors', 0);
	ini_set('display_startup_errors', 0);		
}

//
// check_session
// Action: Check if a session already exists, if not redirect to login.php
// Call: check_session()
//
function check_session() {
	session_start();
	if (empty($_SESSION['sessid']['username'])) {
		header("Location: login.php");
		exit;
	}
	return $_SESSION['sessid']['username'];
}

//
// check_role
// Action: Check which role is assighed
// Call: check_role()
//
function check_role($username) {
	$dbh = pdo_connect();
	$sth = $dbh->prepare("SELECT role FROM admin WHERE username=?");
	$sth->bindParam(1, $username, PDO::PARAM_STR);
	$sth->execute();
	$row = $sth->fetch(PDO::FETCH_ASSOC);
	if (!empty($row)) {
		return $row['role'];
	}
}

//
// check_language
// Action: checks what language the browser uses
// Call: check_language
// Currently only English is supported, no need to run through the check now.
//
function check_language() {
	return DEFAULT_LANGUAGE;
}

//
// bcrypt
// Action: Hashes the password with bcrypt, make it OpenBSD friendly
// Call: bcrypt(string cleartextpassword)
//
function bcrypt($password) {
	$options = ['cost' => 8];
	$hashed = password_hash($password, PASSWORD_BCRYPT, $options);
	$hashed = preg_replace('/\$2y\$/', '\$2b\$', $hashed);
	return $hashed;
}

//
// pdo_connect
// Action: make PDO db connection
// Call: pdo_connect()
//
function pdo_connect() {
	try {
		$dbh = new PDO(DB_TYPE . ':host='. DB_HOST . ';dbname='. DB_NAME , DB_USER, DB_PASS, array(PDO::ATTR_PERSISTENT => true));
		$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
		return $dbh;
	} catch (PDOException $e) {
		echo 'Connection failed: ' . $e;
		die();
	}
}

//
// list_domains
// Action: list all available domains for admin
// Call: list_domains(string admin (optional))
//
function list_domains($username = null) {
	$dbh = pdo_connect();
	if (isset($username)) {
		$sth = $dbh->prepare("SELECT * FROM domain INNER JOIN domain_admins ON domain.domain=domain_admins.domain WHERE domain_admins.username=? ORDER BY domain_admins.domain");
		$sth->bindParam(1, $username, PDO::PARAM_STR);
	} else {
		$sth = $dbh->prepare('SELECT * FROM domain ORDER BY domain');
	}
	$sth->execute();
	$list = $sth->fetchAll();

	for ($i = 0; $i < count($list); $i++) {
		$sth = $dbh->prepare("SELECT COUNT(*) FROM alias WHERE domain=? AND goto NOT IN ('vmail')");
		$sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR);
		$sth->execute();
		$list[$i]['alias_count'] = $sth->fetchColumn();

		$sth = $dbh->prepare("SELECT COUNT(*) FROM mailbox WHERE domain=?");
		$sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR);
		$sth->execute();
		$list[$i]['mailbox_count'] = $sth->fetchColumn();
	}
	return $list;
}

//
// list_aliases
// Action: list all available aliases for domain
// Call: list_aliases(string domain, int offset)
//
function list_aliases($domain, $offset, $limit) {
	$dbh = pdo_connect();
	if (ALIAS_CONTROL == 'NO') {
		$sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.domain=? AND mailbox.maildir IS NULL ORDER BY alias.address LIMIT ?, ?");
	} else {
		$sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias WHERE alias.domain=? ORDER BY alias.address LIMIT ?, ?");
	}
	$sth->bindParam(1, $domain, PDO::PARAM_STR);
	$sth->bindParam(2, $offset, PDO::PARAM_INT);
	$sth->bindParam(3, $limit, PDO::PARAM_INT);
	$sth->execute();
	$list = $sth->fetchAll();
	return $list;
}

//
// list_mailboxes
// Action: list all available mailboxes for domain
// Call: list_mailboxes(string domaini, int offset)
//
function list_mailboxes($domain, $offset, $limit) {
	$dbh = pdo_connect();
	$sth = $dbh->prepare("SELECT * FROM mailbox WHERE domain=? ORDER BY username LIMIT ?, ?");
	$sth->bindParam(1, $domain, PDO::PARAM_STR);
	$sth->bindParam(2, $offset, PDO::PARAM_INT);
	$sth->bindParam(3, $limit, PDO::PARAM_INT);
	$sth->execute();
	$list = $sth->fetchAll();
	return $list;
}

//
// list_admins
// Action: lists all the admins
// Call: list_admins()
//
function list_admins() {
	$dbh = pdo_connect();
	$sth = $dbh->prepare('SELECT * FROM admin ORDER BY username');
	$sth->execute();
	$list = $sth->fetchAll();

	for ($i = 0; $i < count($list); $i++) {
		$sth = $dbh->prepare("SELECT COUNT(*) FROM domain_admins WHERE username=?");
		$sth->bindParam(1, $list[$i]['username'], PDO::PARAM_STR);
		$sth->execute();
		$list[$i]['domain_count'] = $sth->fetchColumn();
	}
	return $list;
}

// logging
// Action: logs actions from admin
// Call: logging(string username, string domain, string action, string data)
//
function logging($username, $domain, $action, $data) {
	$remote_addr = $_SERVER['HTTP_X_CLIENTIP'] ?? $_SERVER['REMOTE_ADDR'];
	$username = $username . ' (' . $remote_addr . ')';
	if (LOGGING == 'YES') {
		$dbh = pdo_connect();
		$sth = $dbh->prepare("INSERT INTO log (timestamp,username,domain,action,data) VALUES (NOW(),?,?,?,?)");
		$sth->bindParam(1, $username, PDO::PARAM_STR);
		$sth->bindParam(2, $domain, PDO::PARAM_STR);
		$sth->bindParam(3, $action, PDO::PARAM_STR);
		$sth->bindParam(4, $data, PDO::PARAM_STR);
		$sth->execute();
	}
}
?>