2022-08-18 14:01:52 +02:00
< ? php
//
// OpenSMTPD Admin
// by Mischa Peters <mischa at high5 dot nl>
// Copyright (c) 2022 High5!
// License Info: LICENSE.TXT
//
// File: functions.inc.php
//
if ( preg_match ( " /functions.inc.php/ " , $_SERVER [ 'SCRIPT_NAME' ])) {
header ( " Location: login.php " );
2022-09-03 10:44:32 +02:00
die ();
2022-08-18 14:01:52 +02:00
}
2022-09-02 23:06:08 +02:00
DEFINE ( " VERSION " , " version 1.0.0 " );
DEFINE ( 'ROOT_PATH' , dirname ( __FILE__ ) . '/' );
require_once ROOT_PATH . 'conf.php' ;
require_once ROOT_PATH . 'config.inc.php' ;
2022-08-18 14:01:52 +02:00
//
2022-08-21 12:49:50 +02:00
// Check of debug is enabled or not
//
2022-09-02 23:06:08 +02:00
if ( DEBUG == 'true' ) {
2022-08-21 12:49:50 +02:00
ini_set ( 'display_errors' , 1 );
ini_set ( 'display_startup_errors' , 1 );
error_reporting ( E_ALL );
mysqli_report ( MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT );
} else {
ini_set ( 'display_errors' , 0 );
ini_set ( 'display_startup_errors' , 0 );
}
//
2022-08-18 14:01:52 +02:00
// check_session
// Action: Check if a session already exists, if not redirect to login.php
// Call: check_session() -or- check_user_session()
//
function check_session () {
session_start ();
if ( ! isset ( $_SESSION [ 'sessid' ][ 'username' ])) {
header ( " Location: login.php " );
exit ;
}
$SESSID_USERNAME = $_SESSION [ 'sessid' ][ 'username' ];
return $SESSID_USERNAME ;
}
function check_user_session () {
session_start ();
if ( ! isset ( $_SESSION [ 'userid' ][ 'username' ])) {
header ( " Location: login.php " );
exit ;
}
$USERID_USERNAME = $_SESSION [ 'userid' ][ 'username' ];
return $USERID_USERNAME ;
}
//
// check_language
// Action: checks what language the browser uses
// Call: check_language
//
function check_language () {
// Currently only English is supported, no need to run through the check now.
2022-09-03 10:44:32 +02:00
return DEFAULT_LANGUAGE ;
2022-08-18 14:01:52 +02:00
}
//
// check_string
// Action: checks if a string is valid and returns TRUE is this is the case.
// Call: check_string(string var)
//
function check_string ( $var ) {
if ( preg_match ( '/^([A-Za-z0-9 ]+)+$/' , $var )) {
return true ;
} else {
return false ;
}
}
//
// check_email
// Action: Checks if email is valid and returns TRUE if this is the case.
// Call: check_email(string email)
//
function check_email ( $email ) {
if ( preg_match ( '/^[-!#$%&\'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,10}$/i' , trim ( $email ))) {
return true ;
} else {
return false ;
}
}
//
// escape_string
// Action: Escape a string
// Call: escape_string(string string)
//
function escape_string ( $string ) {
global $CONF ;
$escaped_string = $string ;
return $escaped_string ;
}
//
// check_alias
// Action: Checks if the domain is still able to create aliases.
// Call: check_alias(string domain)
//
function check_alias ( $domain ) {
$limit = get_domain_properties ( $domain );
if ( $limit [ 'aliases' ] == 0 ) {
return true ;
}
if ( $limit [ 'aliases' ] < 0 ) {
return false ;
}
if ( $limit [ 'alias_count' ] >= $limit [ 'aliases' ]) {
return false ;
} else {
return true ;
}
}
//
// check_mailbox
// Action: Checks if the domain is still able to create mailboxes.
// Call: ceck_mailbox(string domain)
//
function check_mailbox ( $domain ) {
$limit = get_domain_properties ( $domain );
if ( $limit [ 'mailboxes' ] == 0 ) {
return true ;
}
if ( $limit [ 'mailboxes' ] < 0 ) {
return false ;
}
if ( $limit [ 'mailbox_count' ] >= $limit [ 'mailboxes' ]) {
return false ;
} else {
return true ;
}
}
//
2022-09-02 23:06:08 +02:00
// connect_db
// Action: make db connection
// Call: connect_db()
//
function connect_db () {
try {
$dbh = new PDO ( DB_TYPE . ':host=' . DB_HOST . ';dbname=' . DB_NAME , DB_USER , DB_PASS , array ( PDO :: ATTR_PERSISTENT => true ));
$dbh -> setAttribute ( PDO :: ATTR_ERRMODE , PDO :: ERRMODE_EXCEPTION );
return $dbh ;
} catch ( PDOException $e ) {
echo 'Connection failed: ' . $e ;
die ();
2022-08-18 14:01:52 +02:00
}
}
//
2022-09-02 23:06:08 +02:00
// list_domains
// Action: List all available domains.
// Call: list_domains(string admin (optional))
2022-08-18 14:01:52 +02:00
//
2022-09-02 23:06:08 +02:00
function list_domains ( $username = null ) {
$dbh = connect_db ();
if ( isset ( $username )) {
$sth = $dbh -> prepare ( " SELECT * FROM domain INNER JOIN domain_admins ON domain.domain=domain_admins.domain WHERE domain_admins.username=? ORDER BY domain_admins.domain " );
$sth -> bindParam ( 1 , $username , PDO :: PARAM_STR );
2022-08-18 14:01:52 +02:00
} else {
2022-09-02 23:06:08 +02:00
$sth = $dbh -> prepare ( 'SELECT * FROM domain ORDER BY domain' );
}
$sth -> execute ();
2022-09-03 10:44:32 +02:00
$list = $sth -> fetchAll ();
2022-09-02 23:06:08 +02:00
for ( $i = 0 ; $i < count ( $list ); $i ++ ) {
$sth = $dbh -> prepare ( " SELECT COUNT(*) FROM alias WHERE domain=? AND goto NOT IN ('vmail') " );
$sth -> bindParam ( 1 , $list [ $i ][ 'domain' ], PDO :: PARAM_STR );
$sth -> execute ();
$list [ $i ][ 'alias_count' ] = $sth -> fetchColumn ();
$sth = $dbh -> prepare ( " SELECT COUNT(*) FROM mailbox WHERE domain=? " );
$sth -> bindParam ( 1 , $list [ $i ][ 'domain' ], PDO :: PARAM_STR );
$sth -> execute ();
$list [ $i ][ 'mailbox_count' ] = $sth -> fetchColumn ();
2022-08-18 14:01:52 +02:00
}
2022-09-02 23:06:08 +02:00
return $list ;
2022-08-18 14:01:52 +02:00
}
//
2022-09-02 23:06:08 +02:00
// list_aliases
// Action: List all available aliases for domain.
// Call: list_aliases(string domain, int offset)
2022-08-18 14:01:52 +02:00
//
2022-09-02 23:06:08 +02:00
function list_aliases ( $domain , $offset , $limit ) {
$dbh = connect_db ();
if ( ALIAS_CONTROL == 'NO' ) {
$sth = $dbh -> prepare ( " SELECT alias.address,alias.goto,alias.modified FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.domain=? AND mailbox.maildir IS NULL ORDER BY alias.address LIMIT ?, ? " );
} else {
$sth = $dbh -> prepare ( " SELECT alias.address,alias.goto,alias.modified FROM alias WHERE alias.domain=? ORDER BY alias.address LIMIT ?, ? " );
2022-08-18 14:01:52 +02:00
}
2022-09-02 23:06:08 +02:00
$sth -> bindParam ( 1 , $domain , PDO :: PARAM_STR );
$sth -> bindParam ( 2 , $offset , PDO :: PARAM_INT );
$sth -> bindParam ( 3 , $limit , PDO :: PARAM_INT );
$sth -> execute ();
$list = $sth -> fetchAll ();
2022-08-18 14:01:52 +02:00
return $list ;
}
//
2022-09-02 23:06:08 +02:00
// list_mailboxes
// Action: List all available mailboxes for domain.
// Call: list_mailboxes(string domaini, int offset)
2022-08-18 14:01:52 +02:00
//
2022-09-02 23:06:08 +02:00
function list_mailboxes ( $domain , $offset , $limit ) {
$dbh = connect_db ();
$sth = $dbh -> prepare ( " SELECT * FROM mailbox WHERE domain=? ORDER BY username LIMIT ?, ? " );
$sth -> bindParam ( 1 , $domain , PDO :: PARAM_STR );
$sth -> bindParam ( 2 , $offset , PDO :: PARAM_INT );
$sth -> bindParam ( 3 , $limit , PDO :: PARAM_INT );
$sth -> execute ();
$list = $sth -> fetchAll ();
2022-08-18 14:01:52 +02:00
return $list ;
}
//
// admin_exist
// Action: Checks if the admin already exists.
// Call: admin_exist(string admin)
//
// was check_admin
//
function admin_exist ( $username ) {
$result = db_query ( " SELECT * FROM admin WHERE username=' $username ' " );
if ( $result [ 'rows' ] != 1 ) {
return false ;
} else {
return true ;
}
}
//
// domain_exist
// Action: Checks if the domain already exists.
// Call: domain_exist(string domain)
//
function domain_exist ( $domain ) {
$result = db_query ( " SELECT * FROM domain WHERE domain=' $domain ' " );
if ( $result [ 'rows' ] != 1 ) {
return false ;
} else {
return true ;
}
}
//
// list_admins
// Action: Lists all the admins
// Call: list_admins()
//
function list_admins () {
2022-09-02 23:06:08 +02:00
$dbh = new PDO ( DB_TYPE . ':host=' . DB_HOST . ';dbname=' . DB_NAME , DB_USER , DB_PASS );
$sth = $dbh -> prepare ( 'SELECT * FROM admin ORDER BY username' );
$sth -> execute ();
$list = $sth -> fetchAll ();
for ( $i = 0 ; $i < count ( $list ); $i ++ ) {
$sth = $dbh -> prepare ( " SELECT COUNT(*) FROM domain_admins WHERE username=? " );
$sth -> bindParam ( 1 , $list [ $i ][ 'username' ], PDO :: PARAM_STR );
$sth -> execute ();
$list [ $i ][ 'domain_count' ] = $sth -> fetchColumn ();
2022-08-18 14:01:52 +02:00
}
return $list ;
}
//
// generate_password
// Action: Generates a random password
// Call: generate_password()
//
function generate_password () {
$password = substr ( md5 ( mt_rand ()), 0 , 8 );
return $password ;
}
//
2022-09-02 23:06:08 +02:00
// bcrypt
// Action: Hashs the password with bcrypt
// Call: bcrypt(string cleartextpassword)
2022-08-18 14:01:52 +02:00
//
2022-09-02 23:06:08 +02:00
function bcrypt ( $password ) {
$options = [ 'cost' => 8 ];
$hashed = password_hash ( $password , PASSWORD_BCRYPT , $options );
$hashed = preg_replace ( '/\$2y\$/' , '\$2b\$' , $hashed );
return $hashed ;
2022-08-18 14:01:52 +02:00
}
//
// db_connect
// Action: Makes a connection to the database if it doesn't exist
// Call: db_connect()
//
$DEBUG_TEXT = " \n
< p /> \n
Please check the documentation and website for more information . \n
< p /> \n
" ;
function db_connect () {
global $CONF ;
global $DEBUG_TEXT ;
$link = " " ;
if ( $CONF [ 'database_type' ] == " mysqli " ) {
if ( function_exists ( " mysqli_connect " )) {
$link = @ mysqli_connect ( $CONF [ 'database_host' ], $CONF [ 'database_user' ], $CONF [ 'database_password' ]) or die ( " <p />DEBUG INFORMATION:<br />Connect: " . mysqli_connect_error () . " $DEBUG_TEXT " );
$succes = @ mysqli_select_db ( $link , $CONF [ 'database_name' ]) or die ( " <p />DEBUG INFORMATION:<br />MySQLi Select Database: " . mysqli_error () . " $DEBUG_TEXT " );
} else {
print " <p />DEBUG INFORMATION:<br />MySQL 4.1 functions not available!<br />database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT " ;
die ;
}
}
if ( $link ) {
return $link ;
} else {
print " DEBUG INFORMATION:<br /> \n " ;
print " Connect: Unable to connect to database<br /> \n " ;
print " <br /> \n " ;
print " Make sure that you have set the correct database type in the config.inc.php file<br /> \n " ;
print $DEBUG_TEXT ;
die ;
}
}
//
// db_query
// Action: Sends a query to the database and returns query result and number of rows
// Call: db_query(string query)
//
function db_query ( $query ) {
global $CONF ;
global $DEBUG_TEXT ;
$result = " " ;
$number_rows = " " ;
$link = db_connect ();
// database prefix workaround
if ( ! empty ( $CONF [ 'database_prefix' ])) {
if ( preg_match ( " /^SELECT/i " , $query )) {
$query = substr ( $query , 0 , 14 ) . $CONF [ 'database_prefix' ] . substr ( $query , 14 );
} else {
$query = substr ( $query , 0 , 6 ) . $CONF [ 'database_prefix' ] . substr ( $query , 7 );
}
}
if ( $CONF [ 'database_type' ] == " mysqli " ) $result = @ mysqli_query ( $link , $query ) or die ( " <p />DEBUG INFORMATION:<br />Invalid query: " . mysqli_error ( $link ) . " $DEBUG_TEXT " );
if ( preg_match ( " /^SELECT/i " , $query )) {
// if $query was a SELECT statement check the number of rows with [database_type]_num_rows().
if ( $CONF [ 'database_type' ] == " mysqli " ) $number_rows = mysqli_num_rows ( $result );
} else {
// if $query was something else, UPDATE, DELETE or INSERT check the number of rows with
// [database_type]_affected_rows().
if ( $CONF [ 'database_type' ] == " mysqli " ) $number_rows = mysqli_affected_rows ( $link );
}
if ( $CONF [ 'database_type' ] == " mysqli " ) mysqli_close ( $link );
$return = array (
" result " => $result ,
" rows " => $number_rows
);
return $return ;
}
// db_row
// Action: Returns a row from a table
// Call: db_row(int result)
//
function db_row ( $result ) {
global $CONF ;
$row = " " ;
if ( $CONF [ 'database_type' ] == " mysqli " ) $row = mysqli_fetch_row ( $result );
return $row ;
}
// db_array
// Action: Returns a row from a table
// Call: db_array(int result)
//
function db_array ( $result ) {
global $CONF ;
$row = " " ;
if ( $CONF [ 'database_type' ] == " mysqli " ) $row = mysqli_fetch_array ( $result );
return $row ;
}
// db_assoc
// Action: Returns a row from a table
// Call: db_assoc(int result)
//
function db_assoc ( $result ) {
global $CONF ;
$row = " " ;
if ( $CONF [ 'database_type' ] == " mysqli " ) $row = mysqli_fetch_assoc ( $result );
return $row ;
}
//
// db_delete
// Action: Deletes a row from a specified table
// Call: db_delete(string table, string where, string delete)
//
function db_delete ( $table , $where , $delete ) {
$result = db_query ( " DELETE FROM $table WHERE $where =' $delete ' " );
if ( $result [ 'rows' ] >= 1 ) {
return $result [ 'rows' ];
} else {
return true ;
}
}
2022-09-02 23:06:08 +02:00
// logging
// Action: Logs actions from admin
// Call: logging(string username, string domain, string action, string data)
//
function logging ( $username , $domain , $action , $data ) {
$remote_addr = $_SERVER [ 'HTTP_X_CLIENTIP' ] ? ? $_SERVER [ 'REMOTE_ADDR' ];
$username = $username . ' (' . $remote_addr . ')' ;
if ( LOGGING == 'YES' ) {
$dbh = connect_db ();
$sth = $dbh -> prepare ( " INSERT INTO log (timestamp,username,domain,action,data) VALUES (NOW(),?,?,?,?) " );
$sth -> bindParam ( 1 , $username , PDO :: PARAM_STR );
$sth -> bindParam ( 2 , $domain , PDO :: PARAM_STR );
$sth -> bindParam ( 3 , $action , PDO :: PARAM_STR );
$sth -> bindParam ( 4 , $data , PDO :: PARAM_STR );
$sth -> execute ();
}
}
2022-08-18 14:01:52 +02:00
//
// db_log
// Action: Logs actions from admin
// Call: db_log(string username, string domain, string action, string data)
//
function db_log ( $username , $domain , $action , $data ) {
global $CONF ;
2022-09-02 23:06:08 +02:00
if ( isset ( $_SERVER [ 'HTTP_X_CLIENTIP' ])) {
2022-08-18 14:01:52 +02:00
$REMOTE_ADDR = $_SERVER [ 'HTTP_X_CLIENTIP' ];
} else {
$REMOTE_ADDR = $_SERVER [ 'REMOTE_ADDR' ];
}
if ( $CONF [ 'logging' ] == 'YES' ) {
$result = db_query ( " INSERT INTO log (timestamp, username, domain, action, data) VALUES (NOW(), ' $username ( $REMOTE_ADDR )', ' $domain ', ' $action ', ' $data ') " );
if ( $result [ 'rows' ] != 1 ) {
return false ;
} else {
return true ;
}
}
}
?>
