135 lines
4.3 KiB
PHP
135 lines
4.3 KiB
PHP
<?php
|
|
//
|
|
// OpenSMTPD Admin
|
|
// by Mischa Peters <mischa at high5 dot nl>
|
|
// Copyright (c) 2022 High5!
|
|
// License Info: LICENSE.TXT
|
|
//
|
|
// File: create-admin.php
|
|
//
|
|
// Template File: admin_create-admin.tpl
|
|
//
|
|
//
|
|
// Template Variables:
|
|
//
|
|
// tMessage
|
|
// tUsername
|
|
// tDomains
|
|
//
|
|
// Form POST \ GET Variables:
|
|
//
|
|
// fUsername
|
|
// fPassword
|
|
// fPassword2
|
|
// fDomains
|
|
//
|
|
require_once("../functions.inc.php");
|
|
include("../languages/" . check_language() . ".lang");
|
|
|
|
$list_domains = list_domains();
|
|
$list_admins = list_admins();
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == "GET") {
|
|
$action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add';
|
|
if ($action == 'edit') {
|
|
$username = filter_input(INPUT_GET, 'username', FILTER_VALIDATE_EMAIL);
|
|
$domains['domains'] = array_column(list_domains($username), 'domain');
|
|
}
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
|
$action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add';
|
|
$username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);
|
|
$password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
|
|
$password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
|
|
$domains = filter_input_array(INPUT_POST, array('domains' => array('filter' => FILTER_VALIDATE_DOMAIN, 'flags' => FILTER_REQUIRE_ARRAY)));
|
|
|
|
|
|
if ($action == 'add') {
|
|
if (empty($username) || in_array($username, array_column($list_admins, 'username'))) {
|
|
$message = $PALANG['pAdminCreate_admin_username_error'];
|
|
}
|
|
|
|
if (empty($password1) || $password1 != $password2) {
|
|
$message = $PALANG['pAdminCreate_admin_password_error'];
|
|
}
|
|
|
|
if (empty($domains['domains'])) {
|
|
$message = $PALANG['pAdminCreate_admin_domain_error'];
|
|
}
|
|
|
|
if (empty($message)) {
|
|
$hashed = bcrypt($password1);
|
|
try {
|
|
$dbh = connect_db();
|
|
$sth = $dbh->prepare("INSERT INTO admin (username,password,created,modified) VALUES (?,?,NOW(),NOW())");
|
|
$sth->bindParam(1, $username, PDO::PARAM_STR);
|
|
$sth->bindParam(2, $hashed, PDO::PARAM_STR);
|
|
$sth->execute();
|
|
foreach ($domains['domains'] as $row) {
|
|
$sth = $dbh->prepare("INSERT INTO domain_admins (username,domain,created) VALUES (?,?,NOW())");
|
|
$sth->bindParam(1, $username, PDO::PARAM_STR);
|
|
$sth->bindParam(2, $row, PDO::PARAM_STR);
|
|
$sth->execute();
|
|
}
|
|
$message = $PALANG['pAdminCreate_admin_result_succes'] . "<br />($username)</br />";
|
|
} catch(PDOException $e) {
|
|
$message = $PALANG['pAdminCreate_admin_result_error'] . "<br />($username)<br />";
|
|
}
|
|
}
|
|
}
|
|
|
|
if (in_array($username, array_column($list_admins, 'username')) && $action == 'edit') {
|
|
if ($password1 != $password2) {
|
|
$message = $PALANG['pAdminCreate_admin_password_error'];
|
|
}
|
|
if (empty($message)) {
|
|
try {
|
|
$dbh = connect_db();
|
|
$hashed = bcrypt($password1);
|
|
$sth= $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");
|
|
$sth->bindParam(1, $hashed, PDO::PARAM_STR);
|
|
$sth->bindParam(2, $username, PDO::PARAM_STR);
|
|
$sth->execute();
|
|
} catch(PDOException $e) {
|
|
$message = $PALANG['pAdminEdit_admin_result_error'] . "<br />($username)<br />";
|
|
}
|
|
}
|
|
|
|
if (empty($domains['domains'])) {
|
|
$message = $PALANG['pAdminCreate_admin_domain_error'];
|
|
}
|
|
if (empty($message)) {
|
|
try {
|
|
$dbh = connect_db();
|
|
$sth = $dbh->prepare("SELECT COUNT(*) FROM domain_admins WHERE username=?");
|
|
$sth->execute(array($username));
|
|
$count_domain_admins = $sth->fetchColumn();
|
|
|
|
$sth = $dbh->prepare("DELETE FROM domain_admins WHERE username=?");
|
|
$sth->execute(array($username));
|
|
if ($sth->rowCount() != $count_domain_admins) {
|
|
throw new RuntimeException('Unable to delete entries from the domain_admins table.');
|
|
}
|
|
|
|
foreach ($domains['domains'] as $row) {
|
|
$sth = $dbh->prepare("INSERT INTO domain_admins (username,domain,created) VALUES (?,?,NOW())");
|
|
$sth->bindParam(1, $username, PDO::PARAM_STR);
|
|
$sth->bindParam(2, $row, PDO::PARAM_STR);
|
|
$sth->execute();
|
|
}
|
|
header("Location: list-admin.php");
|
|
} catch (RuntimeException $e) {
|
|
$message = $PALANG['pAdminEdit_admin_result_error'];
|
|
} catch (PDOException $e) {
|
|
$message = $PALANG['pAdminEdit_admin_result_error'];
|
|
}
|
|
}
|
|
}
|
|
}
|
|
include("../templates/header.tpl");
|
|
include("../templates/admin_menu.tpl");
|
|
include("../templates/admin_admin.tpl");
|
|
include("../templates/footer.tpl");
|
|
?>
|