// Copyright (c) 2022 High5! // License Info: LICENSE.TXT // // File: functions.inc.php // if(preg_match("/functions.inc.php/", $_SERVER['SCRIPT_NAME'])) { header("Location: login.php"); die(); } DEFINE("VERSION", "version 1.0.0"); DEFINE('ROOT_PATH', dirname(__FILE__) . '/'); require_once ROOT_PATH . 'conf.php'; require_once ROOT_PATH . 'config.inc.php'; // // Check of debug is enabled or not // if (DEBUG == 'true') { ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); } else { ini_set('display_errors', 0); ini_set('display_startup_errors', 0); } // // check_session // Action: Check if a session already exists, if not redirect to login.php // Call: check_session() -or- check_user_session() // function check_session() { session_start(); if (!isset($_SESSION['sessid']['username'])) { header("Location: login.php"); exit; } $SESSID_USERNAME = $_SESSION['sessid']['username']; return $SESSID_USERNAME; } function check_user_session() { session_start(); if (!isset($_SESSION['userid']['username'])) { header("Location: login.php"); exit; } $USERID_USERNAME = $_SESSION['userid']['username']; return $USERID_USERNAME; } // // check_language // Action: checks what language the browser uses // Call: check_language // function check_language() { // Currently only English is supported, no need to run through the check now. return DEFAULT_LANGUAGE; } // // check_string // Action: checks if a string is valid and returns TRUE is this is the case. // Call: check_string(string var) // function check_string($var) { if (preg_match('/^([A-Za-z0-9 ]+)+$/', $var)) { return true; } else { return false; } } // // check_email // Action: Checks if email is valid and returns TRUE if this is the case. // Call: check_email(string email) // function check_email($email) { if (preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,10}$/i', trim($email))) { return true; } else { return false; } } // // escape_string // Action: Escape a string // Call: escape_string(string string) // function escape_string($string) { global $CONF; $escaped_string = $string; return $escaped_string; } // // check_alias // Action: Checks if the domain is still able to create aliases. // Call: check_alias(string domain) // function check_alias($domain) { $limit = get_domain_properties($domain); if ($limit['aliases'] == 0) { return true; } if ($limit['aliases'] < 0) { return false; } if ($limit['alias_count'] >= $limit['aliases']) { return false; } else { return true; } } // // check_mailbox // Action: Checks if the domain is still able to create mailboxes. // Call: ceck_mailbox(string domain) // function check_mailbox($domain) { $limit = get_domain_properties($domain); if ($limit['mailboxes'] == 0) { return true; } if ($limit['mailboxes'] < 0) { return false; } if ($limit['mailbox_count'] >= $limit['mailboxes']) { return false; } else { return true; } } // // connect_db // Action: make db connection // Call: connect_db() // function connect_db() { try { $dbh = new PDO(DB_TYPE . ':host='. DB_HOST . ';dbname='. DB_NAME , DB_USER, DB_PASS, array(PDO::ATTR_PERSISTENT => true)); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); return $dbh; } catch (PDOException $e) { echo 'Connection failed: ' . $e; die(); } } // // list_domains // Action: List all available domains. // Call: list_domains(string admin (optional)) // function list_domains($username = null) { $dbh = connect_db(); if (isset($username)) { $sth = $dbh->prepare("SELECT * FROM domain INNER JOIN domain_admins ON domain.domain=domain_admins.domain WHERE domain_admins.username=? ORDER BY domain_admins.domain"); $sth->bindParam(1, $username, PDO::PARAM_STR); } else { $sth = $dbh->prepare('SELECT * FROM domain ORDER BY domain'); } $sth->execute(); $list = $sth->fetchAll(); for ($i = 0; $i < count($list); $i++) { $sth = $dbh->prepare("SELECT COUNT(*) FROM alias WHERE domain=? AND goto NOT IN ('vmail')"); $sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR); $sth->execute(); $list[$i]['alias_count'] = $sth->fetchColumn(); $sth = $dbh->prepare("SELECT COUNT(*) FROM mailbox WHERE domain=?"); $sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR); $sth->execute(); $list[$i]['mailbox_count'] = $sth->fetchColumn(); } return $list; } // // list_aliases // Action: List all available aliases for domain. // Call: list_aliases(string domain, int offset) // function list_aliases($domain, $offset, $limit) { $dbh = connect_db(); if (ALIAS_CONTROL == 'NO') { $sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.domain=? AND mailbox.maildir IS NULL ORDER BY alias.address LIMIT ?, ?"); } else { $sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias WHERE alias.domain=? ORDER BY alias.address LIMIT ?, ?"); } $sth->bindParam(1, $domain, PDO::PARAM_STR); $sth->bindParam(2, $offset, PDO::PARAM_INT); $sth->bindParam(3, $limit, PDO::PARAM_INT); $sth->execute(); $list = $sth->fetchAll(); return $list; } // // list_mailboxes // Action: List all available mailboxes for domain. // Call: list_mailboxes(string domaini, int offset) // function list_mailboxes($domain, $offset, $limit) { $dbh = connect_db(); $sth = $dbh->prepare("SELECT * FROM mailbox WHERE domain=? ORDER BY username LIMIT ?, ?"); $sth->bindParam(1, $domain, PDO::PARAM_STR); $sth->bindParam(2, $offset, PDO::PARAM_INT); $sth->bindParam(3, $limit, PDO::PARAM_INT); $sth->execute(); $list = $sth->fetchAll(); return $list; } // // admin_exist // Action: Checks if the admin already exists. // Call: admin_exist(string admin) // // was check_admin // function admin_exist($username) { $result = db_query("SELECT * FROM admin WHERE username='$username'"); if ($result['rows'] != 1) { return false; } else { return true; } } // // domain_exist // Action: Checks if the domain already exists. // Call: domain_exist(string domain) // function domain_exist($domain) { $result = db_query("SELECT * FROM domain WHERE domain='$domain'"); if ($result['rows'] != 1) { return false; } else { return true; } } // // list_admins // Action: Lists all the admins // Call: list_admins() // function list_admins() { $dbh = new PDO(DB_TYPE . ':host='. DB_HOST . ';dbname='. DB_NAME , DB_USER, DB_PASS); $sth = $dbh->prepare('SELECT * FROM admin ORDER BY username'); $sth->execute(); $list = $sth->fetchAll(); for ($i = 0; $i < count($list); $i++) { $sth = $dbh->prepare("SELECT COUNT(*) FROM domain_admins WHERE username=?"); $sth->bindParam(1, $list[$i]['username'], PDO::PARAM_STR); $sth->execute(); $list[$i]['domain_count'] = $sth->fetchColumn(); } return $list; } // // generate_password // Action: Generates a random password // Call: generate_password() // function generate_password() { $password = substr(md5(mt_rand()), 0, 8); return $password; } // // bcrypt // Action: Hashs the password with bcrypt // Call: bcrypt(string cleartextpassword) // function bcrypt($password) { $options = ['cost' => 8]; $hashed = password_hash($password, PASSWORD_BCRYPT, $options); $hashed = preg_replace('/\$2y\$/', '\$2b\$', $hashed); return $hashed; } // // db_connect // Action: Makes a connection to the database if it doesn't exist // Call: db_connect() // $DEBUG_TEXT = "\n

\n Please check the documentation and website for more information.\n

\n "; function db_connect() { global $CONF; global $DEBUG_TEXT; $link = ""; if ($CONF['database_type'] == "mysqli") { if(function_exists("mysqli_connect")) { $link = @mysqli_connect($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or die("

DEBUG INFORMATION:
Connect: " . mysqli_connect_error() . "$DEBUG_TEXT"); $succes = @mysqli_select_db($link, $CONF['database_name']) or die("

DEBUG INFORMATION:
MySQLi Select Database: " . mysqli_error() . "$DEBUG_TEXT"); } else { print "

DEBUG INFORMATION:
MySQL 4.1 functions not available!
database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT"; die; } } if ($link) { return $link; } else { print "DEBUG INFORMATION:
\n"; print "Connect: Unable to connect to database
\n"; print "
\n"; print "Make sure that you have set the correct database type in the config.inc.php file
\n"; print $DEBUG_TEXT; die; } } // // db_query // Action: Sends a query to the database and returns query result and number of rows // Call: db_query(string query) // function db_query($query) { global $CONF; global $DEBUG_TEXT; $result = ""; $number_rows = ""; $link = db_connect(); // database prefix workaround if (!empty($CONF['database_prefix'])) { if (preg_match("/^SELECT/i", $query)) { $query = substr($query, 0, 14) . $CONF['database_prefix'] . substr($query, 14); } else { $query = substr($query, 0, 6) . $CONF['database_prefix'] . substr($query, 7); } } if ($CONF['database_type'] == "mysqli") $result = @mysqli_query($link, $query) or die("

DEBUG INFORMATION:
Invalid query: " . mysqli_error($link) . "$DEBUG_TEXT"); if (preg_match("/^SELECT/i", $query)) { // if $query was a SELECT statement check the number of rows with [database_type]_num_rows(). if ($CONF['database_type'] == "mysqli") $number_rows = mysqli_num_rows($result); } else { // if $query was something else, UPDATE, DELETE or INSERT check the number of rows with // [database_type]_affected_rows(). if ($CONF['database_type'] == "mysqli") $number_rows = mysqli_affected_rows($link); } if ($CONF['database_type'] == "mysqli") mysqli_close($link); $return = array( "result" => $result, "rows" => $number_rows ); return $return; } // db_row // Action: Returns a row from a table // Call: db_row(int result) // function db_row($result) { global $CONF; $row = ""; if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_row($result); return $row; } // db_array // Action: Returns a row from a table // Call: db_array(int result) // function db_array($result) { global $CONF; $row = ""; if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_array($result); return $row; } // db_assoc // Action: Returns a row from a table // Call: db_assoc(int result) // function db_assoc($result) { global $CONF; $row = ""; if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_assoc($result); return $row; } // // db_delete // Action: Deletes a row from a specified table // Call: db_delete(string table, string where, string delete) // function db_delete($table,$where,$delete) { $result = db_query("DELETE FROM $table WHERE $where='$delete'"); if ($result['rows'] >= 1) { return $result['rows']; } else { return true; } } // logging // Action: Logs actions from admin // Call: logging(string username, string domain, string action, string data) // function logging($username, $domain, $action, $data) { $remote_addr = $_SERVER['HTTP_X_CLIENTIP'] ?? $_SERVER['REMOTE_ADDR']; $username = $username . ' (' . $remote_addr . ')'; if (LOGGING == 'YES') { $dbh = connect_db(); $sth = $dbh->prepare("INSERT INTO log (timestamp,username,domain,action,data) VALUES (NOW(),?,?,?,?)"); $sth->bindParam(1, $username, PDO::PARAM_STR); $sth->bindParam(2, $domain, PDO::PARAM_STR); $sth->bindParam(3, $action, PDO::PARAM_STR); $sth->bindParam(4, $data, PDO::PARAM_STR); $sth->execute(); } } // // db_log // Action: Logs actions from admin // Call: db_log(string username, string domain, string action, string data) // function db_log($username, $domain, $action, $data) { global $CONF; if (isset($_SERVER['HTTP_X_CLIENTIP'])) { $REMOTE_ADDR = $_SERVER['HTTP_X_CLIENTIP']; } else { $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; } if ($CONF['logging'] == 'YES') { $result = db_query("INSERT INTO log (timestamp, username, domain, action, data) VALUES (NOW(), '$username ($REMOTE_ADDR)', '$domain', '$action', '$data')"); if ($result['rows'] != 1) { return false; } else { return true; } } } ?>