From f9c77d55a9599b51803ab328b8a9375123fe4005 Mon Sep 17 00:00:00 2001 From: mischa Date: Mon, 5 Sep 2022 21:28:23 +0000 Subject: [PATCH] added script to add the ADMIN_ROLE admin --- admin/.htaccess | 8 +++ admin/admin.php | 118 +++++++++++++++++++++++++++++++++++++++++++ languages/en.lang | 11 ++-- templates/footer.tpl | 2 +- templates/menu.tpl | 2 +- 5 files changed, 135 insertions(+), 6 deletions(-) create mode 100644 admin/.htaccess create mode 100644 admin/admin.php diff --git a/admin/.htaccess b/admin/.htaccess new file mode 100644 index 0000000..4dc0a29 --- /dev/null +++ b/admin/.htaccess @@ -0,0 +1,8 @@ +AuthUserFile /usr/local/www/mailadmin.high5.net/admin/.htpasswd +AuthGroupFile /dev/null +AuthName "Postfix Admin" +AuthType Basic + + +require valid-user + diff --git a/admin/admin.php b/admin/admin.php new file mode 100644 index 0000000..34d5085 --- /dev/null +++ b/admin/admin.php @@ -0,0 +1,118 @@ + +// Copyright (c) 2022 High5! +// License Info: LICENSE.TXT +// +// File: admin.php +// +// Template File: admin.tpl +// +// +// Template Variables: +// +// action +// message +// username +// domains +// +// POST / GET Variables: +// +// username +// password1 +// password2 +// domains +// +require_once '../functions.inc.php'; +include '../languages/' . check_language() . '.lang'; + +$list_admins = list_admins(); + +if ($_SERVER['REQUEST_METHOD'] == "POST") { + $username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL); + $password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT); + $password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT); + $ROLE = ADMIN_ROLE; + + if (empty($username) || in_array($username, array_column($list_admins, 'username'))) { + $message = $LANG['AdminAdd_admin_username_error']; + } + + if (empty($password1) || $password1 != $password2) { + $message = $LANG['AdminAdd_admin_password_error']; + } + + if (empty($message)) { + $hashed = bcrypt($password1); + try { + $dbh = pdo_connect(); + $sth = $dbh->prepare("INSERT INTO admin (username,password,role,created,modified) VALUES (?,?,?,NOW(),NOW())"); + $sth->bindParam(1, $username, PDO::PARAM_STR); + $sth->bindParam(2, $hashed, PDO::PARAM_STR); + $sth->bindParam(3, $ROLE, PDO::PARAM_STR); + $sth->execute(); + $message = $LANG['AdminAdd_admin_result_succes'] . " ($username)
Go to the LOGIN page"; + } catch(PDOException $e) { + $message = $LANG['AdminAdd_admin_result_error'] . " ($username)
$e"; + } + } + +} +@header("Expires: Wed, 29 Feb 1984 00:00:00 GMT"); +@header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +@header("Cache-Control: no-store, no-cache, must-revalidate"); +@header("Cache-Control: post-check=0, pre-check=0", false); +@header("Pragma: no-cache"); +?> + + + + + +OpenSMTPD Admin - <?php echo $_SERVER['HTTP_HOST']; ?> + + +
+ + +
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +

 

+
+
+ + + + diff --git a/languages/en.lang b/languages/en.lang index a08a122..2def08e 100644 --- a/languages/en.lang +++ b/languages/en.lang @@ -146,9 +146,9 @@ $LANG['AdminAdd_domain_domain'] = 'Domain'; $LANG['AdminAdd_domain_domain_text_error'] = 'The domain already exists.'; $LANG['AdminAdd_domain_description'] = 'Description'; $LANG['AdminAdd_domain_aliases'] = 'Aliases'; -$LANG['AdminAdd_domain_aliases_text'] = '-1 = disable | 0 = unlimited'; +$LANG['AdminAdd_domain_aliases_text'] = '0 = unlimited'; $LANG['AdminAdd_domain_mailboxes'] = 'Mailboxes'; -$LANG['AdminAdd_domain_mailboxes_text'] = '-1 = disable | 0 = unlimited'; +$LANG['AdminAdd_domain_mailboxes_text'] = '0 = unlimited'; $LANG['AdminAdd_domain_button'] = 'Add Domain'; $LANG['AdminAdd_domain_result_error'] = 'Unable to add domain.'; $LANG['AdminAdd_domain_result_succes'] = 'Domain has been added.'; @@ -157,9 +157,9 @@ $LANG['AdminEdit_domain_welcome'] = 'Edit a domain'; $LANG['AdminEdit_domain_domain'] = 'Domain'; $LANG['AdminEdit_domain_description'] = 'Description'; $LANG['AdminEdit_domain_aliases'] = 'Aliases'; -$LANG['AdminEdit_domain_aliases_text'] = '-1 = disable | 0 = unlimited'; +$LANG['AdminEdit_domain_aliases_text'] = '0 = unlimited'; $LANG['AdminEdit_domain_mailboxes'] = 'Mailboxes'; -$LANG['AdminEdit_domain_mailboxes_text'] = '-1 = disable | 0 = unlimited'; +$LANG['AdminEdit_domain_mailboxes_text'] = '0 = unlimited'; $LANG['AdminEdit_domain_button'] = 'Edit Domain'; $LANG['AdminEdit_domain_result_error'] = 'Unable to modify domain.'; @@ -184,6 +184,9 @@ $LANG['AdminEdit_admin_button'] = 'Edit Admin'; $LANG['AdminEdit_admin_result_error'] = 'Unable to modify admin.'; $LANG['AdminEdit_admin_result_succes'] = 'Admin has been modified.'; +$LANG['Role_admin_welcome'] = 'Add a new '; +$LANG['Role_admin_warning'] = '

Make sure you remove or protect this file when you are done.

'; + $LANG['UsersLogin_welcome'] = 'Mailbox users login to change your password and aliases'; $LANG['UsersLogin_username'] = 'Login (email)'; $LANG['UsersLogin_password'] = 'Password'; diff --git a/templates/footer.tpl b/templates/footer.tpl index 40fdfe3..ffe1f72 100644 --- a/templates/footer.tpl +++ b/templates/footer.tpl @@ -1,5 +1,5 @@