High5
/
opensmtpdadmin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more users things done

This commit is contained in:
mischa 2022-09-04 17:17:50 +00:00
parent 16de74e220
commit 6322a7e713
18 changed files with 186 additions and 209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
functions.inc.php
View File

@ -35,24 +35,13 @@ if (DEBUG == 'true') {
// Action: Check if a session already exists, if not redirect to login.php
// Call: check_session() -or- check_user_session()
//
function check_session() {
function check_session($session = "sessid") {
session_start();
if (empty($_SESSION['sessid']['username'])) {
if (empty($_SESSION[$session]['username'])) {
header("Location: login.php");
exit;
}
$SESSID_USERNAME = $_SESSION['sessid']['username'];
return $SESSID_USERNAME;
}
function check_user_session() {
session_start();
if (empty($_SESSION['userid']['username'])) {
header("Location: login.php");
exit;
}
$USERID_USERNAME = $_SESSION['userid']['username'];
return $USERID_USERNAME;
return $_SESSION[$session]['username'];
}
//

2
languages/en.lang
View File

@ -255,5 +255,7 @@ $LANG['Logging_mailbox_add'] = 'add mailbox';
$LANG['Logging_mailbox_edit'] = 'edit mailbox';
$LANG['Logging_mailbox_delete'] = 'delete mailbox';
$LANG['Logging_password_change'] = 'change password';
$LANG['Search_welcome'] = 'Searching for: ';
?>

1
list-virtual.php
View File

@ -35,7 +35,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
$list_mailbox = list_mailboxes($domain, $offset, $limit);
}
}
include './templates/header.tpl';
include './templates/menu.tpl';
include './templates/list-virtual.tpl';

2
login.php
View File

@ -33,6 +33,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$sth->execute();
$row = $sth->fetch(PDO::FETCH_COLUMN);
}
if (!empty($row)) {
if (!password_verify($password, $row)) {
$message = $LANG['Login_incorrect'];
@ -41,6 +42,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$message = $LANG['Login_incorrect'];
}
if (empty($message)) {
session_start();
$_SESSION['sessid']['username'] = $username;

3
logout.php
View File

@ -17,8 +17,7 @@
//
// -none-
//
require("./config.inc.php");
require("./functions.inc.php");
require_once './functions.inc.php';
$SESSID_USERNAME = check_session();

72
password.php
View File

@ -11,56 +11,56 @@
//
// Template Variables:
//
// tMessage
// message
//
// Form POST \ GET Variables:
//
// fPassword_current
// fPassword
// fPassword2
// password_current
// password1
// password2
//
require("./functions.inc.php");
include("./languages/" . check_language() . ".lang");
require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$fPassword_current = escape_string($_POST['fPassword_current']);
$fPassword = escape_string($_POST['fPassword']);
$fPassword2 = escape_string($_POST['fPassword2']);
$username = $SESSID_USERNAME;
$password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);
$password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
$password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
$result = db_query("SELECT * FROM admin WHERE username='$username'");
if ($result['rows'] == 1) {
$row = db_array($result['result']);
if (!password_verify($fPassword_current, $row['assword'])) {
$error = 1;
$pPassword_password_current_text = $LANG['Password_password_current_text_error'];
if (empty($password_current) || empty($password1) || $password1 != $password2) {
$message = $LANG['Password_password_text_error'];
}
if (empty($message) && !empty($password_current)) {
$dbh = connect_db();
$sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->execute();
$row = $sth->fetch(PDO::FETCH_COLUMN);
if (!password_verify($password_current, $row)) {
$message = $LANG['Password_password_current_text_error'];
}
} else {
$error = 1;
$pPassword_email_text = $LANG['Password_email_text_error'];
}
if (empty($fPassword) or ($fPassword != $fPassword2))
{
$error = 1;
$pPassword_password_text = $LANG['Password_password_text_error'];
}
if ($error != 1) {
$password = pacrypt($fPassword);
$result = db_query("UPDATE admin SET password='$password',modified=NOW() WHERE username='$username'");
if ($result['rows'] == 1) {
$tMessage = $LANG['Password_result_succes'];
} else {
$tMessage = $LANG['Password_result_error'];
if (empty($message) && !empty($password1)) {
$hashed = bcrypt($password1);
try {
$dbh = connect_db();
$sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");
$sth->bindParam(1, $hashed, PDO::PARAM_STR);
$sth->bindParam(2, $username, PDO::PARAM_STR);
$sth->execute();
$message = $LANG['Password_result_succes'];
} catch(PDOException $e) {
$message = $LANG['Password_result_error'];
}
}
}
include("./templates/header.tpl");
include("./templates/menu.tpl");
include("./templates/password.tpl");
include("./templates/footer.tpl");
include './templates/header.tpl';
include './templates/menu.tpl';
include './templates/password.tpl';
include './templates/footer.tpl';
?>

1
sendmail.php
View File

@ -47,7 +47,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
}
}
}
include './templates/header.tpl';
include './templates/menu.tpl';
include './templates/sendmail.tpl';

16
templates/password.tpl
View File

@ -2,33 +2,29 @@
<form name="password" method="post">
<table>
<tr>
<td colspan="3"><h3><?php echo $LANG['Password_welcome']; ?></h3></td>
<td colspan="2"><h3><?php echo $LANG['Password_welcome']; ?></h3></td>
</tr>
<tr>
<td><?php echo $LANG['Password_admin'] . ":"; ?></td>
<td><?php echo $SESSID_USERNAME; ?></td>
<td><?php echo $pPassword_admin_text; ?></td>
</tr>
<tr>
<td><?php echo $LANG['Password_password_current']; ?></td>
<td><input class="flat" type="password" name="fPassword_current" /></td>
<td><?php echo $pPassword_password_current_text; ?></td>
<td><input class="flat" type="password" name="password_current" /></td>
</tr>
<tr>
<td><?php echo $LANG['Password_password'] . ":"; ?></td>
<td><input class="flat" type="password" name="fPassword" /></td>
<td><?php echo $pPassword_password_text; ?></td>
<td><input class="flat" type="password" name="password1" /></td>
</tr>
<tr>
<td><?php echo $LANG['Password_password2'] . ":"; ?></td>
<td><input class="flat" type="password" name="fPassword2" /></td>
<td>&nbsp;</td>
<td><input class="flat" type="password" name="password2" /></td>
</tr>
<tr>
<td colspan="3" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['Password_button']; ?>" /></td>
<td colspan="2" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['Password_button']; ?>" /></td>
</tr>
<tr>
<td colspan="3" class="standout"><?php echo $tMessage; ?></td>
<td colspan="2" class="standout"><?php echo $message ?? '&nbsp;'; ?></td>
</tr>
</table>
</form>

6
templates/users_login.tpl
View File

@ -6,17 +6,17 @@
</tr>
<tr>
<td><?php echo $LANG['UsersLogin_username'] . ":"; ?></td>
<td><input class="flat" type="text" name="fUsername" value="<?php echo $tUsername; ?>" /></td>
<td><input class="flat" type="text" name="username" value="<?php echo $username ?? ''; ?>" /></td>
</tr>
<tr>
<td><?php echo $LANG['UsersLogin_password'] . ":"; ?></td>
<td><input class="flat" type="password" name="fPassword" /></td>
<td><input class="flat" type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['UsersLogin_button']; ?>" /></td>
</tr>
<tr>
<td colspan="2" class="standout"><?php echo $tMessage; ?></td>
<td colspan="2" class="standout"><?php echo $message ?? '&nbsp;'; ?></td>
</tr>
</table>
</form>

8
templates/users_password.tpl
View File

@ -7,28 +7,24 @@
<tr>
<td><?php echo $LANG['Password_admin'] . ":"; ?></td>
<td><?php echo $USERID_USERNAME; ?></td>
<td><?php echo $pPassword_admin_text; ?></td>
</tr>
<tr>
<td><?php echo $LANG['Password_password_current'] . ":"; ?></td>
<td><input class="flat" type="password" name="fPassword_current" ></td>
<td><?php echo $pPassword_password_current_text; ?></td>
</tr>
<tr>
<td><?php echo $LANG['Password_password'] . ":"; ?></td>
<td><input class="flat" type="password" name="fPassword" ></td>
<td><?php echo $pPassword_password_text; ?></td>
</tr>
<tr>
<td><?php echo $LANG['Password_password2'].":" ?></td>
<td><input class="flat" type="password" name="fPassword2" /></td>
<td>&nbsp;</td>
</tr>
<tr>
<td colspan="3" class="hlp_center"><input type="submit" name="submit" value="<?php echo $LANG['Password_button']; ?>" /></td>
<td colspan="2" class="hlp_center"><input type="submit" name="submit" value="<?php echo $LANG['Password_button']; ?>" /></td>
</tr>
<tr>
<td colspan="3" class="standout"><?php echo $tMessage; ?></td>
<td colspan="2" class="standout"><?php echo $message; ?></td>
</tr>
</table>
</form>

9
templates/users_vacation-get.tpl
View File

@ -1,9 +0,0 @@
<div id="edit_form">
<form name="vacation" method="post">
<table>
<tr>
<td class="hlp_center"><input class="button" type="submit" name="fBack" value="<?php echo $LANG['UsersVacation_button_back']; ?>" /></td>
</tr>
</table>
</form>
</div>

12
templates/users_vacation.tpl
View File

@ -4,25 +4,29 @@
<tr>
<td colspan="3"><h3><?php echo $LANG['UsersVacation_welcome']; ?></h3></td>
</tr>
<?php if ($action == 'away') { ?>
<tr>
<td><?php echo $LANG['UsersVacation_subject'] . ":"; ?></td>
<td><input type="text" name="fSubject" value="<?php echo $LANG['UsersVacation_subject_text']; ?>" /></td>
<td><input type="text" name="subject" value="<?php echo $LANG['UsersVacation_subject_text']; ?>" /></td>
<td>&nbsp;</td>
</tr>
<tr>
<td><?php echo $LANG['UsersVacation_body'] . ":"; ?></td>
<td>
<textarea rows="10" cols="80" name="fBody">
<textarea rows="10" cols="80" name="body">
<?php echo $LANG['UsersVacation_body_text']; ?>
</textarea>
</td>
<td>&nbsp;</td>
</tr>
<tr>
<td colspan="3" class="hlp_center"><input class="button" type="submit" name="fAway" value="<?php echo $LANG['UsersVacation_button_away']; ?>" /></td>
<td colspan="3" class="hlp_center"><input class="button" type="submit" name="away" value="<?php echo $LANG['UsersVacation_button_away']; ?>" /></td>
<?php } else { ?>
<td colspan="3" class="hlp_center"><input class="button" type="submit" name="back" value="<?php echo $LANG['UsersVacation_button_back']; ?>" /></td>
<?php } ?>
</tr>
<tr>
<td colspan="3" class="standout"><?php echo $tMessage; ?></td>
<td colspan="3" class="standout"><?php echo $message ?? '&nbsp;'; ?></td>
</tr>
</table>
</form>

4
users/edit-alias.php
View File

@ -20,12 +20,10 @@
// fDomain
// fGoto
//
require("../variables.inc.php");
require("../config.inc.php");
require("../functions.inc.php");
include("../languages/" . check_language() . ".lang");
$USERID_USERNAME = check_user_session();
$USERID_USERNAME = check_session('userid');
$USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1);
if ($_SERVER['REQUEST_METHOD'] == "GET") {

57
users/login.php
View File

@ -9,46 +9,47 @@
//
// Template File: login.tpl
//
// Template Variables:
// Template variables:
//
// tMessage
// tUsername
// message
// username
//
// Form POST \ GET Variables:
// GET / POST variables:
//
// fUsername
// fPassword
// username
// password
//
require("../variables.inc.php");
require("../config.inc.php");
require("../functions.inc.php");
include("../languages/" . check_language() . ".lang");
require_once '../functions.inc.php';
include '../languages/' . check_language () . '.lang';
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$fUsername = escape_string($_POST['fUsername']);
$fPassword = escape_string($_POST['fPassword']);
$username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);
$password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);
$result = db_query("SELECT password FROM mailbox WHERE username='$fUsername' AND active='1'");
if ($result['rows'] == 1) {
$row = db_array($result['result']);
if (!password_verify($fPassword, $row['assword'])) {
$error = 1;
$tMessage = $LANG['Login_password_incorrect'];
$tUsername = $fUsername;
}
} else {
$error = 1;
$tMessage = $LANG['Login_username_incorrect'];
if (!empty($username) && !empty($password)) {
$dbh = connect_db();
$sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->execute();
$row = $sth->fetch(PDO::FETCH_COLUMN);
}
if ($error != 1) {
if (!empty($row)) {
if (!password_verify($password, $row)) {
$message = $LANG['Login_incorrect'];
}
} else {
$message = $LANG['Login_incorrect'];
}
if (empty($message)) {
session_start();
$_SESSION['userid']['username'] = $fUsername;
$_SESSION['userid']['username'] = $username;
header("Location: main.php");
exit;
}
}
include("../templates/header.tpl");
include("../templates/users_login.tpl");
include("../templates/footer.tpl");
include '../templates/header.tpl';
include '../templates/users_login.tpl';
include '../templates/footer.tpl';
?>

5
users/logout.php
View File

@ -17,10 +17,9 @@
//
// -none-
//
require("../config.inc.php");
require("../functions.inc.php");
require_once '../functions.inc.php';
$USERID_USERNAME = check_user_session();
$USERID_USERNAME = check_session('userid');
session_unset();
session_destroy();

16
users/main.php
View File

@ -17,13 +17,13 @@
//
// -none-
//
require("../config.inc.php");
require("../functions.inc.php");
include("../languages/" . check_language() . ".lang");
require_once '../functions.inc.php';
$USERID_USERNAME = check_user_session();
include '../languages/' . check_language() . '.lang';
include("../templates/header.tpl");
include("../templates/users_menu.tpl");
include("../templates/users_main.tpl");
include("../templates/footer.tpl");
$SESSID_USERNAME = check_session('userid');
include '../templates/header.tpl';
include '../templates/users_menu.tpl';
include '../templates/users_main.tpl';
include '../templates/footer.tpl';

82
users/password.php
View File

@ -7,64 +7,62 @@
//
// File: password.php
//
// Template File: users_password.tpl
// Template File: password.tpl
//
// Template Variables:
//
// tMessage
// message
//
// Form POST \ GET Variables:
//
// fPassword_current
// fPassword
// fPassword2
// password_current
// password1
// password2
//
require("../variables.inc.php");
require("../config.inc.php");
require("../functions.inc.php");
include("../languages/" . check_language() . ".lang");
require_once '../functions.inc.php';
include '../languages/' . check_language() . '.lang';
$USERID_USERNAME = check_user_session();
$USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1);
$SESSID_USERNAME = check_session('userid');
$admin = $SESSID_USERNAME ?? ADMIN_EMAIL;
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$fPassword_current = escape_string($_POST['fPassword_current']);
$fPassword = escape_string($_POST['fPassword']);
$fPassword2 = escape_string($_POST['fPassword2']);
$username = $SESSID_USERNAME;
$password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);
$password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
$password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
$username = $USERID_USERNAME;
if (empty($password_current) || empty($password1) || $password1 != $password2) {
$message = $LANG['Password_password_text_error'];
}
$result = db_query("SELECT * FROM mailbox WHERE username='$username'");
if ($result['rows'] == 1) {
$row = db_array($result['result']);
if (!password_verify($fPassword_current, $row['assword'])) {
$error = 1;
$pPassword_password_current_text = $LANG['Password_password_current_text_error'];
if (empty($message) && !empty($password_current)) {
$dbh = connect_db();
$sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->execute();
$row = $sth->fetch(PDO::FETCH_COLUMN);
if (!password_verify($password_current, $row)) {
$message = $LANG['Password_password_current_text_error'];
}
} else {
$error = 1;
$pPassword_email_text = $LANG['Password_email_text_error'];
}
if (empty($fPassword) or ($fPassword != $fPassword2))
{
$error = 1;
$pPassword_password_text = $LANG['Password_password_text_error'];
}
if ($error != 1) {
$password = pacrypt($fPassword);
$result = db_query("UPDATE mailbox SET password='$password',modified=NOW(),scheme='' WHERE username='$username'");
if ($result['rows'] == 1) {
$tMessage = $LANG['Password_result_succes'];
db_log($USERID_USERNAME, $USERID_DOMAIN, "change password", "$USERID_USERNAME");
} else {
$tMessage = $LANG['Password_result_error'];
if (empty($message) && !empty($password1)) {
$hashed = bcrypt($password1);
try {
$dbh = connect_db();
$sth = $dbh->prepare("UPDATE mailbox SET password=?,modified=NOW() WHERE username=?");
$sth->bindParam(1, $hashed, PDO::PARAM_STR);
$sth->bindParam(2, $username, PDO::PARAM_STR);
$sth->execute();
logging($admin, substr(strrchr($SESSID_USERNAME, "@"), 1), $LANG['Logging_password_change'], $admin);
$message = $LANG['Password_result_succes'];
} catch(PDOException $e) {
$message = $LANG['Password_result_error'];
}
}
}
include("../templates/header.tpl");
include("../templates/users_menu.tpl");
include("../templates/users_password.tpl");
include("../templates/footer.tpl");
include '../templates/header.tpl';
include '../templates/users_menu.tpl';
include '../templates/password.tpl';
include '../templates/footer.tpl';
?>

78
users/vacation.php
View File

@ -20,58 +20,62 @@
// fSubject
// fBody
//
require("../variables.inc.php");
require("../config.inc.php");
require("../functions.inc.php");
include("../languages/" . check_language() . ".lang");
require_once '../functions.inc.php';
include '../languages/' . check_language() . '.lang';
$USERID_USERNAME = check_user_session();
$USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1);
$SESSID_USERNAME = check_session('userid');
$USERID_DOMAIN = substr(strrchr($SESSID_USERNAME, "@"), 1);
if ($_SERVER['REQUEST_METHOD'] == "GET") {
$result = db_query("SELECT * FROM vacation WHERE email='$USERID_USERNAME'");
if ($result['rows'] == 1) {
$row = db_array($result['result']);
$tMessage = $LANG['UsersVacation_welcome_text'];
$template = "users_vacation-get.tpl";
} else {
$template = "users_vacation.tpl";
}
$dbh = connect_db();
$sth = $dbh->prepare("SELECT COUNT(*) FROM vacation WHERE email=?");
$sth->execute(array($SESSID_USERNAME));
include("../templates/header.tpl");
include("../templates/users_menu.tpl");
include("../templates/$template");
include("../templates/footer.tpl");
if ($sth->fetchColumn() == 1) {
$action = 'back';
$message = $LANG['UsersVacation_welcome_text'];
} else {
$action = 'away';
}
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (isset($_POST['fSubject'])) $fSubject = escape_string($_POST['fSubject']);
if (isset($_POST['fBody'])) $fBody = escape_string($_POST['fBody']);
$subject = filter_input(INPUT_POST, 'subject', FILTER_DEFAULT);
$body = filter_input(INPUT_POST, 'body', FILTER_DEFAULT);
if (!empty($_POST['fBack'])) {
$result = db_query("DELETE FROM vacation WHERE email='$USERID_USERNAME'");
if ($result['rows'] != 1) {
$error = 1;
$tMessage = $LANG['UsersVacation_result_error'];
if (!empty($_POST['back'])) {
$action = 'back';
$dbh = connect_db();
$sth = $dbh->prepare("DELETE FROM vacation WHERE email=?");
$sth->bindParam(1, $SESSID_USERNAME, PDO::PARAM_STR);
$sth->execute();
if ($sth->rowCount() != 1) {
$message = $LANG['UsersVacation_result_error'];
} else {
$tMessage = $LANG['UsersVacation_result_succes'];
$action = 'away';
$essage = $LANG['UsersVacation_result_succes'];
}
}
if (!empty($_POST['fAway'])) {
$result = db_query("INSERT INTO vacation (email,subject,body,cache,domain,created,active) VALUES ('$USERID_USERNAME','$fSubject','$fBody','','$USERID_DOMAIN',NOW(),'1')");
if ($result['rows'] != 1) {
$error = 1;
$tMessage = $LANG['UsersVacation_result_error'];
} else {
if (!empty($_POST['away'])) {
$action = 'away';
try {
$dbh = connect_db();
$sth = $dbh->prepare("INSERT INTO vacation (email,subject,body,cache,domain,created) VALUES (?,?,?,'',?,NOW())");
$sth->bindParam(1, $SESSID_USERNAME, PDO::PARAM_STR);
$sth->bindParam(2, $subject, PDO::PARAM_STR);
$sth->bindParam(3, $body, PDO::PARAM_STR);
$sth->bindParam(4, $USERID_DOMAIN, PDO::PARAM_STR);
$sth->execute();
header("Location: main.php");
exit;
} catch(PDOException $e) {
$message = $LANG['UsersVacation_result_error'] . " " . $e->getMessage();
}
}
include("../templates/header.tpl");
include("../templates/users_menu.tpl");
include("../templates/users_vacation.tpl");
include("../templates/footer.tpl");
}
include '../templates/header.tpl';
include '../templates/users_menu.tpl';
include '../templates/users_vacation.tpl';
include '../templates/footer.tpl';
?>