opensmtpdadmin/functions.inc.php

204 lines
5.7 KiB
PHP
Raw Normal View History

2022-08-18 14:01:52 +02:00
<?php
//
// OpenSMTPD Admin
// by Mischa Peters <mischa at high5 dot nl>
// Copyright (c) 2022 High5!
// License Info: LICENSE.TXT
//
// File: functions.inc.php
//
if(preg_match("/functions.inc.php/", $_SERVER['SCRIPT_NAME'])) {
header("Location: login.php");
die();
2022-08-18 14:01:52 +02:00
}
2022-09-02 23:06:08 +02:00
DEFINE("VERSION", "version 1.0.0");
DEFINE('ROOT_PATH', dirname(__FILE__) . '/');
require_once ROOT_PATH . 'conf.php';
2022-08-18 14:01:52 +02:00
//
2022-09-05 09:57:06 +02:00
// Check if debug is enabled or not
2022-08-21 12:49:50 +02:00
//
2022-09-02 23:06:08 +02:00
if (DEBUG == 'true') {
2022-08-21 12:49:50 +02:00
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
} else {
ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
}
//
2022-08-18 14:01:52 +02:00
// check_session
// Action: Check if a session already exists, if not redirect to login.php
2022-09-05 09:57:06 +02:00
// Call: check_session()
2022-08-18 14:01:52 +02:00
//
2022-09-04 19:17:50 +02:00
function check_session($session = "sessid") {
2022-08-18 14:01:52 +02:00
session_start();
2022-09-04 19:17:50 +02:00
if (empty($_SESSION[$session]['username'])) {
2022-08-18 14:01:52 +02:00
header("Location: login.php");
exit;
}
2022-09-04 19:17:50 +02:00
return $_SESSION[$session]['username'];
2022-08-18 14:01:52 +02:00
}
//
// check_role
// Action: Check which role is assighed
// Call: check_role()
//
2022-09-06 13:56:05 +02:00
function check_role($username) {
$dbh = pdo_connect();
$sth = $dbh->prepare("SELECT role FROM admin WHERE username=?");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->execute();
$row = $sth->fetch(PDO::FETCH_ASSOC);
if (!empty($row)) {
return $row['role'];
2022-09-05 20:29:41 +02:00
}
}
2022-08-18 14:01:52 +02:00
//
// check_language
// Action: checks what language the browser uses
// Call: check_language
2022-09-05 09:57:06 +02:00
// Currently only English is supported, no need to run through the check now.
2022-08-18 14:01:52 +02:00
//
function check_language() {
return DEFAULT_LANGUAGE;
2022-08-18 14:01:52 +02:00
}
//
2022-09-04 20:50:21 +02:00
// bcrypt
2022-09-05 09:57:06 +02:00
// Action: Hashes the password with bcrypt, make it OpenBSD friendly
2022-09-04 20:50:21 +02:00
// Call: bcrypt(string cleartextpassword)
//
function bcrypt($password) {
$options = ['cost' => 8];
$hashed = password_hash($password, PASSWORD_BCRYPT, $options);
$hashed = preg_replace('/\$2y\$/', '\$2b\$', $hashed);
return $hashed;
}
//
// pdo_connect
2022-09-05 09:57:06 +02:00
// Action: make PDO db connection
2022-09-04 20:50:21 +02:00
// Call: pdo_connect()
2022-09-02 23:06:08 +02:00
//
2022-09-04 20:50:21 +02:00
function pdo_connect() {
2022-09-02 23:06:08 +02:00
try {
$dbh = new PDO(DB_TYPE . ':host='. DB_HOST . ';dbname='. DB_NAME , DB_USER, DB_PASS, array(PDO::ATTR_PERSISTENT => true));
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $dbh;
} catch (PDOException $e) {
echo 'Connection failed: ' . $e;
die();
2022-08-18 14:01:52 +02:00
}
}
//
2022-09-02 23:06:08 +02:00
// list_domains
2022-09-05 09:57:06 +02:00
// Action: list all available domains for admin
2022-09-02 23:06:08 +02:00
// Call: list_domains(string admin (optional))
2022-08-18 14:01:52 +02:00
//
2022-09-02 23:06:08 +02:00
function list_domains($username = null) {
2022-09-04 20:50:21 +02:00
$dbh = pdo_connect();
2022-09-02 23:06:08 +02:00
if (isset($username)) {
$sth = $dbh->prepare("SELECT * FROM domain INNER JOIN domain_admins ON domain.domain=domain_admins.domain WHERE domain_admins.username=? ORDER BY domain_admins.domain");
$sth->bindParam(1, $username, PDO::PARAM_STR);
2022-08-18 14:01:52 +02:00
} else {
2022-09-02 23:06:08 +02:00
$sth = $dbh->prepare('SELECT * FROM domain ORDER BY domain');
}
$sth->execute();
$list = $sth->fetchAll();
2022-09-02 23:06:08 +02:00
for ($i = 0; $i < count($list); $i++) {
$sth = $dbh->prepare("SELECT COUNT(*) FROM alias WHERE domain=? AND goto NOT IN ('vmail')");
$sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR);
$sth->execute();
$list[$i]['alias_count'] = $sth->fetchColumn();
$sth = $dbh->prepare("SELECT COUNT(*) FROM mailbox WHERE domain=?");
$sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR);
$sth->execute();
$list[$i]['mailbox_count'] = $sth->fetchColumn();
2022-08-18 14:01:52 +02:00
}
2022-09-02 23:06:08 +02:00
return $list;
2022-08-18 14:01:52 +02:00
}
//
2022-09-02 23:06:08 +02:00
// list_aliases
2022-09-05 09:57:06 +02:00
// Action: list all available aliases for domain
2022-09-02 23:06:08 +02:00
// Call: list_aliases(string domain, int offset)
2022-08-18 14:01:52 +02:00
//
2022-09-02 23:06:08 +02:00
function list_aliases($domain, $offset, $limit) {
2022-09-04 20:50:21 +02:00
$dbh = pdo_connect();
2022-09-02 23:06:08 +02:00
if (ALIAS_CONTROL == 'NO') {
$sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.domain=? AND mailbox.maildir IS NULL ORDER BY alias.address LIMIT ?, ?");
} else {
$sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias WHERE alias.domain=? ORDER BY alias.address LIMIT ?, ?");
2022-08-18 14:01:52 +02:00
}
2022-09-02 23:06:08 +02:00
$sth->bindParam(1, $domain, PDO::PARAM_STR);
$sth->bindParam(2, $offset, PDO::PARAM_INT);
$sth->bindParam(3, $limit, PDO::PARAM_INT);
$sth->execute();
$list = $sth->fetchAll();
2022-08-18 14:01:52 +02:00
return $list;
}
//
2022-09-02 23:06:08 +02:00
// list_mailboxes
2022-09-05 09:57:06 +02:00
// Action: list all available mailboxes for domain
2022-09-02 23:06:08 +02:00
// Call: list_mailboxes(string domaini, int offset)
2022-08-18 14:01:52 +02:00
//
2022-09-02 23:06:08 +02:00
function list_mailboxes($domain, $offset, $limit) {
2022-09-04 20:50:21 +02:00
$dbh = pdo_connect();
2022-09-02 23:06:08 +02:00
$sth = $dbh->prepare("SELECT * FROM mailbox WHERE domain=? ORDER BY username LIMIT ?, ?");
$sth->bindParam(1, $domain, PDO::PARAM_STR);
$sth->bindParam(2, $offset, PDO::PARAM_INT);
$sth->bindParam(3, $limit, PDO::PARAM_INT);
$sth->execute();
$list = $sth->fetchAll();
2022-08-18 14:01:52 +02:00
return $list;
}
//
// list_admins
2022-09-05 09:57:06 +02:00
// Action: lists all the admins
2022-08-18 14:01:52 +02:00
// Call: list_admins()
//
function list_admins() {
2022-09-05 09:57:06 +02:00
$dbh = pdo_connect();
2022-09-02 23:06:08 +02:00
$sth = $dbh->prepare('SELECT * FROM admin ORDER BY username');
$sth->execute();
$list = $sth->fetchAll();
for ($i = 0; $i < count($list); $i++) {
$sth = $dbh->prepare("SELECT COUNT(*) FROM domain_admins WHERE username=?");
$sth->bindParam(1, $list[$i]['username'], PDO::PARAM_STR);
$sth->execute();
$list[$i]['domain_count'] = $sth->fetchColumn();
2022-08-18 14:01:52 +02:00
}
return $list;
}
2022-09-02 23:06:08 +02:00
// logging
2022-09-05 09:57:06 +02:00
// Action: logs actions from admin
2022-09-02 23:06:08 +02:00
// Call: logging(string username, string domain, string action, string data)
//
function logging($username, $domain, $action, $data) {
$remote_addr = $_SERVER['HTTP_X_CLIENTIP'] ?? $_SERVER['REMOTE_ADDR'];
$username = $username . ' (' . $remote_addr . ')';
if (LOGGING == 'YES') {
2022-09-04 20:50:21 +02:00
$dbh = pdo_connect();
2022-09-02 23:06:08 +02:00
$sth = $dbh->prepare("INSERT INTO log (timestamp,username,domain,action,data) VALUES (NOW(),?,?,?,?)");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->bindParam(2, $domain, PDO::PARAM_STR);
$sth->bindParam(3, $action, PDO::PARAM_STR);
$sth->bindParam(4, $data, PDO::PARAM_STR);
$sth->execute();
}
}
2022-08-18 14:01:52 +02:00
?>