From 4db75ba3287381df26d2e832b750899e872fe8a4 Mon Sep 17 00:00:00 2001 From: mischa Date: Mon, 5 Sep 2022 18:31:23 +0000 Subject: [PATCH] merge admin + superadmin --- admin.php | 143 +++++++++++++++++++++++++++++++++++++++++++ backup.php | 78 +++++++++++++++++++++++ domain.php | 96 +++++++++++++++++++++++++++++ list-admin.php | 38 ++++++++++++ templates/admin.tpl | 53 ++++++++++++++++ templates/domain.tpl | 47 ++++++++++++++ 6 files changed, 455 insertions(+) create mode 100644 admin.php create mode 100644 backup.php create mode 100644 domain.php create mode 100644 list-admin.php create mode 100644 templates/admin.tpl create mode 100644 templates/domain.tpl diff --git a/admin.php b/admin.php new file mode 100644 index 0000000..4e76234 --- /dev/null +++ b/admin.php @@ -0,0 +1,143 @@ + +// Copyright (c) 2022 High5! +// License Info: LICENSE.TXT +// +// File: admin.php +// +// Template File: admin_admin.tpl +// +// +// Template Variables: +// +// action +// message +// username +// domains +// +// POST / GET Variables: +// +// username +// password1 +// password2 +// domains +// +require_once './functions.inc.php'; +include './languages/' . check_language() . '.lang'; + +$SESSID_USERNAME = check_session(); +$PERMISSIONS = check_permissions(); + +if ($PERMISSIONS != ADMIN_RIGHTS) { + header("Location: list-domain.php"); + die();; +} + +$list_domains = list_domains(); +$list_admins = list_admins(); + +if ($_SERVER['REQUEST_METHOD'] == "GET") { + $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add'; + if ($action == 'edit') { + $username = filter_input(INPUT_GET, 'username', FILTER_VALIDATE_EMAIL); + $domains['domains'] = array_column(list_domains($username), 'domain'); + } +} + +if ($_SERVER['REQUEST_METHOD'] == "POST") { + $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add'; + $username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL); + $password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT); + $password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT); + $domains = filter_input_array(INPUT_POST, array('domains' => array('filter' => FILTER_VALIDATE_DOMAIN, 'flags' => FILTER_REQUIRE_ARRAY))); + + + if ($action == 'add') { + if (empty($username) || in_array($username, array_column($list_admins, 'username'))) { + $message = $LANG['AdminAdd_admin_username_error']; + } + + if (empty($password1) || $password1 != $password2) { + $message = $LANG['AdminAdd_admin_password_error']; + } + + if (empty($domains['domains'])) { + $message = $LANG['AdminAdd_admin_domain_error']; + } + + if (empty($message)) { + $hashed = bcrypt($password1); + try { + $dbh = pdo_connect(); + $sth = $dbh->prepare("INSERT INTO admin (username,password,created,modified) VALUES (?,?,NOW(),NOW())"); + $sth->bindParam(1, $username, PDO::PARAM_STR); + $sth->bindParam(2, $hashed, PDO::PARAM_STR); + $sth->execute(); + foreach ($domains['domains'] as $row) { + $sth = $dbh->prepare("INSERT INTO domain_admins (username,domain,created) VALUES (?,?,NOW())"); + $sth->bindParam(1, $username, PDO::PARAM_STR); + $sth->bindParam(2, $row, PDO::PARAM_STR); + $sth->execute(); + } + $message = $LANG['AdminAdd_admin_result_succes'] . "
($username)
"; + } catch(PDOException $e) { + $message = $LANG['AdminAdd_admin_result_error'] . "
($username)
"; + } + } + } + + if (in_array($username, array_column($list_admins, 'username')) && $action == 'edit') { + if ($password1 != $password2) { + $message = $LANG['AdminAdd_admin_password_error']; + } + if (empty($message) && !empty($password1)) { + $hashed = bcrypt($password1); + try { + $dbh = pdo_connect(); + $sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?"); + $sth->bindParam(1, $hashed, PDO::PARAM_STR); + $sth->bindParam(2, $username, PDO::PARAM_STR); + $sth->execute(); + } catch(PDOException $e) { + $message = $LANG['AdminEdit_admin_result_error'] . "
($username)
"; + } + } + + if (empty($domains['domains'])) { + $message = $LANG['AdminAdd_admin_domain_error']; + } + if (empty($message)) { + try { + $dbh = pdo_connect(); + $sth = $dbh->prepare("SELECT COUNT(*) FROM domain_admins WHERE username=?"); + $sth->execute(array($username)); + $count_domain_admins = $sth->fetchColumn(); + + $sth = $dbh->prepare("DELETE FROM domain_admins WHERE username=?"); + $sth->execute(array($username)); + if ($sth->rowCount() != $count_domain_admins) { + throw new RuntimeException('Unable to delete entries from the domain_admins table.'); + } + + foreach ($domains['domains'] as $row) { + $sth = $dbh->prepare("INSERT INTO domain_admins (username,domain,created) VALUES (?,?,NOW())"); + $sth->bindParam(1, $username, PDO::PARAM_STR); + $sth->bindParam(2, $row, PDO::PARAM_STR); + $sth->execute(); + } + header("Location: list-admin.php"); + } catch (RuntimeException $e) { + $message = $LANG['AdminEdit_admin_result_error']; + } catch (PDOException $e) { + $message = $LANG['AdminEdit_admin_result_error']; + } + } + } +} +include './templates/header.tpl'; +include './templates/menu.tpl'; +include './templates/admin.tpl'; +include './templates/footer.tpl'; +?> diff --git a/backup.php b/backup.php new file mode 100644 index 0000000..d9546e3 --- /dev/null +++ b/backup.php @@ -0,0 +1,78 @@ + +// Copyright (c) 2022 High5! +// License Info: LICENSE.TXT +// +// File: backup.php +// +// Template File: -none- +// +// Template Variables: +// +// -none- +// +// POST / GET Variables: +// +// -none- +// +require_once './functions.inc.php'; +include './languages/' . check_language() . '.lang'; +date_default_timezone_set('Europe/Amsterdam'); + +$SESSID_USERNAME = check_session(); +$PERMISSIONS = check_permissions(); + +if ($PERMISSIONS != ADMIN_RIGHTS) { + header("Location: list-domain.php"); + die();; +} + +if ($_SERVER['REQUEST_METHOD'] == "GET") { + umask(077); + $filename = "opensmtpadmin-" . date("Ymd") . "-" . getmypid() . ".sql"; + $backup = "/tmp/" . $filename; + $header = "#\n# OpenSMTPD Admin " . VERSION . "\n# Date: " . date("D M j G:i:s T Y") . "\n#\n"; + $tables = array('admin','alias','domain','domain_admins','log','mailbox','vacation'); + + if (!$fh = fopen($backup, 'w')) { + $message = "
Cannot open file ($backup)
"; + } + + if (empty($message)) { + fwrite($fh, $header); + $dbh = pdo_connect(); + foreach ($tables as $table) { + $sth = $dbh->query("SHOW CREATE TABLE $table"); + $row = $sth->fetch(PDO::FETCH_ASSOC); + fwrite ($fh, $row['Create Table']. "\n\n"); + } + foreach ($tables as $table) { + $sth = $dbh->query("SELECT * FROM $table"); + while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { + foreach ($row as $k => $v) { + $keys[] = $k; + $values[] = $v; + } + fwrite($fh, "INSERT INTO ". $table . " (". implode (',',$keys) . ") VALUES ('" . implode ('\',\'',$values) . "')\n"); + $keys = array(); + $values = array(); + } + } + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename=\"$filename\""); + header("Content-Transfer-Encoding: binary"); + header("Content-Length: " . filesize("$backup")); + header("Content-Description: OpenSMTPD Admin"); + $download_backup = fopen("$backup", "r"); + unlink("$backup"); + fpassthru($download_backup); + } else { + include './templates/header.tpl'; + include './templates/menu.tpl'; + include './templates/message.tpl'; + include './templates/footer.tpl'; + } +} +?> diff --git a/domain.php b/domain.php new file mode 100644 index 0000000..77985b2 --- /dev/null +++ b/domain.php @@ -0,0 +1,96 @@ + +// Copyright (c) 2022 High5! +// License Info: LICENSE.TXT +// +// File: domain.php +// +// Template File: domain.tpl +// +// Template Variables: +// +// action +// message +// domain +// description +// aliases +// mailboxes +// +// POST / GET Variables: +// +// domain +// description +// aliases +// mailboxes +// +require_once './functions.inc.php'; +include './languages/' . check_language() . '.lang'; + +$SESSID_USERNAME = check_session(); +$PERMISSIONS = check_permissions(); + +if ($PERMISSIONS != ADMIN_RIGHTS) { + header("Location: list-domain.php"); + die(); +} + +$list_domains = list_domains(); + +if ($_SERVER['REQUEST_METHOD'] == "GET") { + $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add'; + if ($action == 'edit') { + $domain = filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN); + $domain_key = array_search($domain, array_column($list_domains, 'domain')); + $description = $list_domains[$domain_key]['description']; + $aliases = $list_domains[$domain_key]['aliases']; + $mailboxes = $list_domains[$domain_key]['mailboxes']; + } +} + +if ($_SERVER['REQUEST_METHOD'] == "POST") { + $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add'; + $domain = strtolower(filter_input(INPUT_POST, 'domain', FILTER_VALIDATE_DOMAIN)); + $description = filter_input(INPUT_POST, 'description', FILTER_CALLBACK, array('options' => 'htmlspecialchars')); + $aliases = filter_input(INPUT_POST, 'aliases', FILTER_VALIDATE_INT); + $mailboxes = filter_input(INPUT_POST, 'mailboxes', FILTER_VALIDATE_INT); + + if (!in_array($domain, array_column($list_domains, 'domain'))) { + try { + $dbh = pdo_connect(); + $sth = $dbh->prepare("INSERT INTO domain (domain,description,aliases,mailboxes,created,modified) VALUES (?,?,?,?,NOW(),NOW())"); + $sth->bindParam(1, $domain, PDO::PARAM_STR); + $sth->bindParam(2, $description, PDO::PARAM_STR); + $sth->bindParam(3, $aliases, PDO::PARAM_INT); + $sth->bindParam(4, $mailboxes, PDO::PARAM_INT); + $sth->execute(); + $message = $LANG['AdminAdd_domain_result_succes'] . "
($domain)
"; + } catch(PDOException $e) { + $message = $LANG['AdminAdd_domain_result_error'] . "
($domain)
"; + } + } else { + $message = $LANG['AdminAdd_domain_domain_text_error']; + } + + if (in_array($domain, array_column($list_domains, 'domain')) && $action == 'edit') { + try { + $dbh = pdo_connect(); + $sth = $dbh->prepare("UPDATE domain SET description=?,aliases=?,mailboxes=?,modified=NOW() WHERE domain=?"); + $sth->bindParam(1, $description, PDO::PARAM_STR); + $sth->bindParam(2, $aliases, PDO::PARAM_INT); + $sth->bindParam(3, $mailboxes, PDO::PARAM_INT); + $sth->bindParam(4, $domain, PDO::PARAM_STR); + $sth->execute(); + header("Location: list-domain.php"); + } catch(PDOException $e) { + $message = $LANG['AdminEdit_domain_result_error']; + } + } +} + +include './templates/header.tpl'; +include './templates/menu.tpl'; +include './templates/domain.tpl'; +include './templates/footer.tpl'; +?> diff --git a/list-admin.php b/list-admin.php new file mode 100644 index 0000000..161567f --- /dev/null +++ b/list-admin.php @@ -0,0 +1,38 @@ + +// Copyright (c) 2022 High5! +// License Info: LICENSE.TXT +// +// File: list-admin.php +// +// Template File: list-admin.tpl +// +// Template Variables: +// +// list_admins +// +// POST / GET Variables: +// +// -none- +// +require './functions.inc.php'; +include './languages/' . check_language() . '.lang'; + +$SESSID_USERNAME = check_session(); +$PERMISSIONS = check_permissions(); +$admin = $SESSID_USERNAME ?? ADMIN_EMAIL; + +$list_admins = array(); + +if ($_SERVER['REQUEST_METHOD'] == "GET") { + if ($PERMISSIONS == ADMIN_RIGHTS) { + $list_admins = list_admins(); + } +} +include './templates/header.tpl'; +include './templates/menu.tpl'; +include './templates/admin_list-admin.tpl'; +include './templates/footer.tpl'; +?> diff --git a/templates/admin.tpl b/templates/admin.tpl new file mode 100644 index 0000000..53fd0ee --- /dev/null +++ b/templates/admin.tpl @@ -0,0 +1,53 @@ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

+ +
+
+
diff --git a/templates/domain.tpl b/templates/domain.tpl new file mode 100644 index 0000000..1507c4d --- /dev/null +++ b/templates/domain.tpl @@ -0,0 +1,47 @@ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

 
 
+
+