diff --git a/functions.inc.php b/functions.inc.php
index 6254bf4..2758930 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -35,24 +35,13 @@ if (DEBUG == 'true') {
// Action: Check if a session already exists, if not redirect to login.php
// Call: check_session() -or- check_user_session()
//
-function check_session() {
+function check_session($session = "sessid") {
session_start();
- if (empty($_SESSION['sessid']['username'])) {
+ if (empty($_SESSION[$session]['username'])) {
header("Location: login.php");
exit;
}
- $SESSID_USERNAME = $_SESSION['sessid']['username'];
- return $SESSID_USERNAME;
-}
-
-function check_user_session() {
- session_start();
- if (empty($_SESSION['userid']['username'])) {
- header("Location: login.php");
- exit;
- }
- $USERID_USERNAME = $_SESSION['userid']['username'];
- return $USERID_USERNAME;
+ return $_SESSION[$session]['username'];
}
//
diff --git a/languages/en.lang b/languages/en.lang
index 24f6678..f2b6b76 100644
--- a/languages/en.lang
+++ b/languages/en.lang
@@ -255,5 +255,7 @@ $LANG['Logging_mailbox_add'] = 'add mailbox';
$LANG['Logging_mailbox_edit'] = 'edit mailbox';
$LANG['Logging_mailbox_delete'] = 'delete mailbox';
+$LANG['Logging_password_change'] = 'change password';
+
$LANG['Search_welcome'] = 'Searching for: ';
?>
diff --git a/list-virtual.php b/list-virtual.php
index 9c79c8f..cc9fc89 100644
--- a/list-virtual.php
+++ b/list-virtual.php
@@ -35,7 +35,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
$list_mailbox = list_mailboxes($domain, $offset, $limit);
}
}
-
include './templates/header.tpl';
include './templates/menu.tpl';
include './templates/list-virtual.tpl';
diff --git a/login.php b/login.php
index e7d9084..8a716cb 100644
--- a/login.php
+++ b/login.php
@@ -33,6 +33,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$sth->execute();
$row = $sth->fetch(PDO::FETCH_COLUMN);
}
+
if (!empty($row)) {
if (!password_verify($password, $row)) {
$message = $LANG['Login_incorrect'];
@@ -41,6 +42,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$message = $LANG['Login_incorrect'];
}
+
if (empty($message)) {
session_start();
$_SESSION['sessid']['username'] = $username;
diff --git a/logout.php b/logout.php
index 550fccf..2d6569d 100644
--- a/logout.php
+++ b/logout.php
@@ -17,8 +17,7 @@
//
// -none-
//
-require("./config.inc.php");
-require("./functions.inc.php");
+require_once './functions.inc.php';
$SESSID_USERNAME = check_session();
diff --git a/password.php b/password.php
index d03a0e0..fff4275 100644
--- a/password.php
+++ b/password.php
@@ -11,56 +11,56 @@
//
// Template Variables:
//
-// tMessage
+// message
//
// Form POST \ GET Variables:
//
-// fPassword_current
-// fPassword
-// fPassword2
+// password_current
+// password1
+// password2
//
-require("./functions.inc.php");
-include("./languages/" . check_language() . ".lang");
+require_once './functions.inc.php';
+include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
if ($_SERVER['REQUEST_METHOD'] == "POST") {
- $fPassword_current = escape_string($_POST['fPassword_current']);
- $fPassword = escape_string($_POST['fPassword']);
- $fPassword2 = escape_string($_POST['fPassword2']);
-
$username = $SESSID_USERNAME;
+ $password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);
+ $password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
+ $password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
- $result = db_query("SELECT * FROM admin WHERE username='$username'");
- if ($result['rows'] == 1) {
- $row = db_array($result['result']);
- if (!password_verify($fPassword_current, $row['assword'])) {
- $error = 1;
- $pPassword_password_current_text = $LANG['Password_password_current_text_error'];
- }
- } else {
- $error = 1;
- $pPassword_email_text = $LANG['Password_email_text_error'];
+ if (empty($password_current) || empty($password1) || $password1 != $password2) {
+ $message = $LANG['Password_password_text_error'];
}
- if (empty($fPassword) or ($fPassword != $fPassword2))
- {
- $error = 1;
- $pPassword_password_text = $LANG['Password_password_text_error'];
- }
-
- if ($error != 1) {
- $password = pacrypt($fPassword);
- $result = db_query("UPDATE admin SET password='$password',modified=NOW() WHERE username='$username'");
- if ($result['rows'] == 1) {
- $tMessage = $LANG['Password_result_succes'];
- } else {
- $tMessage = $LANG['Password_result_error'];
+ if (empty($message) && !empty($password_current)) {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
+ $sth->bindParam(1, $username, PDO::PARAM_STR);
+ $sth->execute();
+ $row = $sth->fetch(PDO::FETCH_COLUMN);
+ if (!password_verify($password_current, $row)) {
+ $message = $LANG['Password_password_current_text_error'];
}
+ }
+
+ if (empty($message) && !empty($password1)) {
+ $hashed = bcrypt($password1);
+ try {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");
+ $sth->bindParam(1, $hashed, PDO::PARAM_STR);
+ $sth->bindParam(2, $username, PDO::PARAM_STR);
+ $sth->execute();
+ $message = $LANG['Password_result_succes'];
+ } catch(PDOException $e) {
+ $message = $LANG['Password_result_error'];
+ }
}
}
-include("./templates/header.tpl");
-include("./templates/menu.tpl");
-include("./templates/password.tpl");
-include("./templates/footer.tpl");
+include './templates/header.tpl';
+include './templates/menu.tpl';
+include './templates/password.tpl';
+include './templates/footer.tpl';
?>
diff --git a/sendmail.php b/sendmail.php
index 495b481..16dadfa 100644
--- a/sendmail.php
+++ b/sendmail.php
@@ -47,7 +47,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
}
}
}
-
include './templates/header.tpl';
include './templates/menu.tpl';
include './templates/sendmail.tpl';
diff --git a/templates/password.tpl b/templates/password.tpl
index 5672e74..d0fc38f 100644
--- a/templates/password.tpl
+++ b/templates/password.tpl
@@ -2,33 +2,29 @@
diff --git a/templates/users_login.tpl b/templates/users_login.tpl
index 520ceb4..8338af5 100644
--- a/templates/users_login.tpl
+++ b/templates/users_login.tpl
@@ -6,17 +6,17 @@
|
- |
+ |
|
- |
+ |
|
- |
+ |
diff --git a/templates/users_password.tpl b/templates/users_password.tpl
index bbaae9a..12742ac 100644
--- a/templates/users_password.tpl
+++ b/templates/users_password.tpl
@@ -7,28 +7,24 @@
|
|
- |
|
|
- |
|
|
- |
|
|
- |
- |
+ |
- |
+ |
diff --git a/templates/users_vacation-get.tpl b/templates/users_vacation-get.tpl
deleted file mode 100644
index f537d5f..0000000
--- a/templates/users_vacation-get.tpl
+++ /dev/null
@@ -1,9 +0,0 @@
-
diff --git a/templates/users_vacation.tpl b/templates/users_vacation.tpl
index 8092423..2c09061 100644
--- a/templates/users_vacation.tpl
+++ b/templates/users_vacation.tpl
@@ -4,25 +4,29 @@
|
+
|
- |
+ |
|
|
-
|
|
- |
+ |
+
+ |
+
- |
+ |
diff --git a/users/edit-alias.php b/users/edit-alias.php
index 9d6faa1..215653d 100644
--- a/users/edit-alias.php
+++ b/users/edit-alias.php
@@ -20,12 +20,10 @@
// fDomain
// fGoto
//
-require("../variables.inc.php");
-require("../config.inc.php");
require("../functions.inc.php");
include("../languages/" . check_language() . ".lang");
-$USERID_USERNAME = check_user_session();
+$USERID_USERNAME = check_session('userid');
$USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1);
if ($_SERVER['REQUEST_METHOD'] == "GET") {
diff --git a/users/login.php b/users/login.php
index 687252b..b63e049 100644
--- a/users/login.php
+++ b/users/login.php
@@ -9,46 +9,47 @@
//
// Template File: login.tpl
//
-// Template Variables:
+// Template variables:
//
-// tMessage
-// tUsername
+// message
+// username
//
-// Form POST \ GET Variables:
+// GET / POST variables:
//
-// fUsername
-// fPassword
+// username
+// password
//
-require("../variables.inc.php");
-require("../config.inc.php");
-require("../functions.inc.php");
-include("../languages/" . check_language() . ".lang");
+require_once '../functions.inc.php';
+include '../languages/' . check_language () . '.lang';
if ($_SERVER['REQUEST_METHOD'] == "POST") {
- $fUsername = escape_string($_POST['fUsername']);
- $fPassword = escape_string($_POST['fPassword']);
+ $username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);
+ $password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);
- $result = db_query("SELECT password FROM mailbox WHERE username='$fUsername' AND active='1'");
- if ($result['rows'] == 1) {
- $row = db_array($result['result']);
- if (!password_verify($fPassword, $row['assword'])) {
- $error = 1;
- $tMessage = $LANG['Login_password_incorrect'];
- $tUsername = $fUsername;
- }
- } else {
- $error = 1;
- $tMessage = $LANG['Login_username_incorrect'];
+ if (!empty($username) && !empty($password)) {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
+ $sth->bindParam(1, $username, PDO::PARAM_STR);
+ $sth->execute();
+ $row = $sth->fetch(PDO::FETCH_COLUMN);
}
- if ($error != 1) {
+ if (!empty($row)) {
+ if (!password_verify($password, $row)) {
+ $message = $LANG['Login_incorrect'];
+ }
+ } else {
+ $message = $LANG['Login_incorrect'];
+ }
+
+ if (empty($message)) {
session_start();
- $_SESSION['userid']['username'] = $fUsername;
+ $_SESSION['userid']['username'] = $username;
header("Location: main.php");
exit;
}
}
-include("../templates/header.tpl");
-include("../templates/users_login.tpl");
-include("../templates/footer.tpl");
+include '../templates/header.tpl';
+include '../templates/users_login.tpl';
+include '../templates/footer.tpl';
?>
diff --git a/users/logout.php b/users/logout.php
index 2f7ebf8..3eebb19 100644
--- a/users/logout.php
+++ b/users/logout.php
@@ -17,10 +17,9 @@
//
// -none-
//
-require("../config.inc.php");
-require("../functions.inc.php");
+require_once '../functions.inc.php';
-$USERID_USERNAME = check_user_session();
+$USERID_USERNAME = check_session('userid');
session_unset();
session_destroy();
diff --git a/users/main.php b/users/main.php
index f40bd2c..4d5166d 100644
--- a/users/main.php
+++ b/users/main.php
@@ -17,13 +17,13 @@
//
// -none-
//
-require("../config.inc.php");
-require("../functions.inc.php");
-include("../languages/" . check_language() . ".lang");
+require_once '../functions.inc.php';
-$USERID_USERNAME = check_user_session();
+include '../languages/' . check_language() . '.lang';
-include("../templates/header.tpl");
-include("../templates/users_menu.tpl");
-include("../templates/users_main.tpl");
-include("../templates/footer.tpl");
+$SESSID_USERNAME = check_session('userid');
+
+include '../templates/header.tpl';
+include '../templates/users_menu.tpl';
+include '../templates/users_main.tpl';
+include '../templates/footer.tpl';
diff --git a/users/password.php b/users/password.php
index 3fa0503..044ff3d 100644
--- a/users/password.php
+++ b/users/password.php
@@ -7,64 +7,62 @@
//
// File: password.php
//
-// Template File: users_password.tpl
+// Template File: password.tpl
//
// Template Variables:
//
-// tMessage
+// message
//
// Form POST \ GET Variables:
//
-// fPassword_current
-// fPassword
-// fPassword2
+// password_current
+// password1
+// password2
//
-require("../variables.inc.php");
-require("../config.inc.php");
-require("../functions.inc.php");
-include("../languages/" . check_language() . ".lang");
+require_once '../functions.inc.php';
+include '../languages/' . check_language() . '.lang';
-$USERID_USERNAME = check_user_session();
-$USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1);
+$SESSID_USERNAME = check_session('userid');
+$admin = $SESSID_USERNAME ?? ADMIN_EMAIL;
if ($_SERVER['REQUEST_METHOD'] == "POST") {
- $fPassword_current = escape_string($_POST['fPassword_current']);
- $fPassword = escape_string($_POST['fPassword']);
- $fPassword2 = escape_string($_POST['fPassword2']);
-
- $username = $USERID_USERNAME;
+ $username = $SESSID_USERNAME;
+ $password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);
+ $password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
+ $password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
- $result = db_query("SELECT * FROM mailbox WHERE username='$username'");
- if ($result['rows'] == 1) {
- $row = db_array($result['result']);
- if (!password_verify($fPassword_current, $row['assword'])) {
- $error = 1;
- $pPassword_password_current_text = $LANG['Password_password_current_text_error'];
- }
- } else {
- $error = 1;
- $pPassword_email_text = $LANG['Password_email_text_error'];
+ if (empty($password_current) || empty($password1) || $password1 != $password2) {
+ $message = $LANG['Password_password_text_error'];
}
- if (empty($fPassword) or ($fPassword != $fPassword2))
- {
- $error = 1;
- $pPassword_password_text = $LANG['Password_password_text_error'];
- }
-
- if ($error != 1) {
- $password = pacrypt($fPassword);
- $result = db_query("UPDATE mailbox SET password='$password',modified=NOW(),scheme='' WHERE username='$username'");
- if ($result['rows'] == 1) {
- $tMessage = $LANG['Password_result_succes'];
- db_log($USERID_USERNAME, $USERID_DOMAIN, "change password", "$USERID_USERNAME");
- } else {
- $tMessage = $LANG['Password_result_error'];
+ if (empty($message) && !empty($password_current)) {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
+ $sth->bindParam(1, $username, PDO::PARAM_STR);
+ $sth->execute();
+ $row = $sth->fetch(PDO::FETCH_COLUMN);
+ if (!password_verify($password_current, $row)) {
+ $message = $LANG['Password_password_current_text_error'];
}
+ }
+
+ if (empty($message) && !empty($password1)) {
+ $hashed = bcrypt($password1);
+ try {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("UPDATE mailbox SET password=?,modified=NOW() WHERE username=?");
+ $sth->bindParam(1, $hashed, PDO::PARAM_STR);
+ $sth->bindParam(2, $username, PDO::PARAM_STR);
+ $sth->execute();
+ logging($admin, substr(strrchr($SESSID_USERNAME, "@"), 1), $LANG['Logging_password_change'], $admin);
+ $message = $LANG['Password_result_succes'];
+ } catch(PDOException $e) {
+ $message = $LANG['Password_result_error'];
+ }
}
}
-include("../templates/header.tpl");
-include("../templates/users_menu.tpl");
-include("../templates/users_password.tpl");
-include("../templates/footer.tpl");
+include '../templates/header.tpl';
+include '../templates/users_menu.tpl';
+include '../templates/password.tpl';
+include '../templates/footer.tpl';
?>
diff --git a/users/vacation.php b/users/vacation.php
index 3200ad3..bece113 100644
--- a/users/vacation.php
+++ b/users/vacation.php
@@ -20,58 +20,62 @@
// fSubject
// fBody
//
-require("../variables.inc.php");
-require("../config.inc.php");
-require("../functions.inc.php");
-include("../languages/" . check_language() . ".lang");
+require_once '../functions.inc.php';
+include '../languages/' . check_language() . '.lang';
-$USERID_USERNAME = check_user_session();
-$USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1);
+$SESSID_USERNAME = check_session('userid');
+$USERID_DOMAIN = substr(strrchr($SESSID_USERNAME, "@"), 1);
if ($_SERVER['REQUEST_METHOD'] == "GET") {
- $result = db_query("SELECT * FROM vacation WHERE email='$USERID_USERNAME'");
- if ($result['rows'] == 1) {
- $row = db_array($result['result']);
- $tMessage = $LANG['UsersVacation_welcome_text'];
- $template = "users_vacation-get.tpl";
+ $dbh = connect_db();
+ $sth = $dbh->prepare("SELECT COUNT(*) FROM vacation WHERE email=?");
+ $sth->execute(array($SESSID_USERNAME));
+
+ if ($sth->fetchColumn() == 1) {
+ $action = 'back';
+ $message = $LANG['UsersVacation_welcome_text'];
} else {
- $template = "users_vacation.tpl";
+ $action = 'away';
}
-
- include("../templates/header.tpl");
- include("../templates/users_menu.tpl");
- include("../templates/$template");
- include("../templates/footer.tpl");
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
- if (isset($_POST['fSubject'])) $fSubject = escape_string($_POST['fSubject']);
- if (isset($_POST['fBody'])) $fBody = escape_string($_POST['fBody']);
+ $subject = filter_input(INPUT_POST, 'subject', FILTER_DEFAULT);
+ $body = filter_input(INPUT_POST, 'body', FILTER_DEFAULT);
- if (!empty($_POST['fBack'])) {
- $result = db_query("DELETE FROM vacation WHERE email='$USERID_USERNAME'");
- if ($result['rows'] != 1) {
- $error = 1;
- $tMessage = $LANG['UsersVacation_result_error'];
+ if (!empty($_POST['back'])) {
+ $action = 'back';
+ $dbh = connect_db();
+ $sth = $dbh->prepare("DELETE FROM vacation WHERE email=?");
+ $sth->bindParam(1, $SESSID_USERNAME, PDO::PARAM_STR);
+ $sth->execute();
+ if ($sth->rowCount() != 1) {
+ $message = $LANG['UsersVacation_result_error'];
} else {
- $tMessage = $LANG['UsersVacation_result_succes'];
+ $action = 'away';
+ $essage = $LANG['UsersVacation_result_succes'];
}
}
- if (!empty($_POST['fAway'])) {
- $result = db_query("INSERT INTO vacation (email,subject,body,cache,domain,created,active) VALUES ('$USERID_USERNAME','$fSubject','$fBody','','$USERID_DOMAIN',NOW(),'1')");
- if ($result['rows'] != 1) {
- $error = 1;
- $tMessage = $LANG['UsersVacation_result_error'];
- } else {
+ if (!empty($_POST['away'])) {
+ $action = 'away';
+ try {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("INSERT INTO vacation (email,subject,body,cache,domain,created) VALUES (?,?,?,'',?,NOW())");
+ $sth->bindParam(1, $SESSID_USERNAME, PDO::PARAM_STR);
+ $sth->bindParam(2, $subject, PDO::PARAM_STR);
+ $sth->bindParam(3, $body, PDO::PARAM_STR);
+ $sth->bindParam(4, $USERID_DOMAIN, PDO::PARAM_STR);
+ $sth->execute();
header("Location: main.php");
- exit;
+ } catch(PDOException $e) {
+ $message = $LANG['UsersVacation_result_error'] . " " . $e->getMessage();
}
}
- include("../templates/header.tpl");
- include("../templates/users_menu.tpl");
- include("../templates/users_vacation.tpl");
- include("../templates/footer.tpl");
}
+include '../templates/header.tpl';
+include '../templates/users_menu.tpl';
+include '../templates/users_vacation.tpl';
+include '../templates/footer.tpl';
?>