<?php | |
function app_passwd($_action, $_data = null) { | |
global $pdo; | |
global $lang; | |
$_data_log = $_data; | |
!isset($_data_log['app_passwd']) ?: $_data_log['app_passwd'] = '*'; | |
!isset($_data_log['app_passwd2']) ?: $_data_log['app_passwd2'] = '*'; | |
if (isset($_data['username']) && filter_var($_data['username'], FILTER_VALIDATE_EMAIL)) { | |
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data['username'])) { | |
$_SESSION['return'][] = array( | |
'type' => 'danger', | |
'log' => array(__FUNCTION__, $_action, $_data_log), | |
'msg' => 'access_denied' | |
); | |
return false; | |
} | |
else { | |
$username = $_data['username']; | |
} | |
} | |
else { | |
$username = $_SESSION['mailcow_cc_username']; | |
} | |
switch ($_action) { | |
case 'add': | |
$app_name = htmlspecialchars(trim($_data['app_name'])); | |
$password = $_data['app_passwd']; | |
$password2 = $_data['app_passwd2']; | |
$active = intval($_data['active']); | |
$protocols = (array)$_data['protocols']; | |
$imap_access = (in_array('imap_access', $protocols)) ? 1 : 0; | |
$dav_access = (in_array('dav_access', $protocols)) ? 1 : 0; | |
$smtp_access = (in_array('smtp_access', $protocols)) ? 1 : 0; | |
$eas_access = (in_array('eas_access', $protocols)) ? 1 : 0; | |
$pop3_access = (in_array('pop3_access', $protocols)) ? 1 : 0; | |
$sieve_access = (in_array('sieve_access', $protocols)) ? 1 : 0; | |
$domain = mailbox('get', 'mailbox_details', $username)['domain']; | |
if (empty($domain)) { | |
$_SESSION['return'][] = array( | |
'type' => 'danger', | |
'log' => array(__FUNCTION__, $_action, $_data_log), | |
'msg' => 'access_denied' | |
); | |
return false; | |
} | |
if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { | |
$_SESSION['return'][] = array( | |
'type' => 'danger', | |
'log' => array(__FUNCTION__, $_action, $_data_log), | |
'msg' => 'password_complexity' | |
); | |
return false; | |
} | |
if ($password != $password2) { | |
$_SESSION['return'][] = array( | |
'type' => 'danger', | |
'log' => array(__FUNCTION__, $_action, $_data_log), | |
'msg' => 'password_mismatch' | |
); | |
return false; | |
} | |
$password_hashed = hash_password($password); | |
if (empty($app_name)) { | |
$_SESSION['return'][] = array( | |
'type' => 'danger', | |
'log' => array(__FUNCTION__, $_action, $_data_log), | |
'msg' => 'app_name_empty' | |
); | |
return false; | |
} | |
$stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `imap_access`, `smtp_access`, `eas_access`, `dav_access`, `pop3_access`, `sieve_access`, `active`) | |
VALUES (:app_name, :mailbox, :domain, :password, :imap_access, :smtp_access, :eas_access, :dav_access, :pop3_access, :sieve_access, :active)"); | |
$stmt->execute(array( | |
':app_name' => $app_name, | |
':mailbox' => $username, | |
':domain' => $domain, | |
':password' => $password_hashed, | |
':imap_access' => $imap_access, | |
':smtp_access' => $smtp_access, | |
':eas_access' => $eas_access, | |
':dav_access' => $dav_access, | |
':pop3_access' => $pop3_access, | |
':sieve_access' => $sieve_access, | |
':active' => $active | |
)); | |
$_SESSION['return'][] = array( | |
'type' => 'success', | |
'log' => array(__FUNCTION__, $_action, $_data_log), | |
'msg' => 'app_passwd_added' | |
); | |
break; | |
case 'edit': | |
$ids = (array)$_data['id']; | |
foreach ($ids as $id) { | |
$is_now = app_passwd('details', $id); | |
if (!empty($is_now)) { | |
$app_name = (!empty($_data['app_name'])) ? $_data['app_name'] : $is_now['name']; | |
$password = (!empty($_data['password'])) ? $_data['password'] : null; | |
$password2 = (!empty($_data['password2'])) ? $_data['password2'] : null; | |
if (isset($_data['protocols'])) { | |
$protocols = (array)$_data['protocols']; | |
$imap_access = (in_array('imap_access', $protocols)) ? 1 : 0; | |
$dav_access = (in_array('dav_access', $protocols)) ? 1 : 0; | |
$smtp_access = (in_array('smtp_access', $protocols)) ? 1 : 0; | |
$eas_access = (in_array('eas_access', $protocols)) ? 1 : 0; | |
$pop3_access = (in_array('pop3_access', $protocols)) ? 1 : 0; | |
$sieve_access = (in_array('sieve_access', $protocols)) ? 1 : 0; | |
} | |
else { | |
$imap_access = $is_now['imap_access']; | |
$smtp_access = $is_now['smtp_access']; | |
$dav_access = $is_now['dav_access']; | |
$eas_access = $is_now['eas_access']; | |
$pop3_access = $is_now['pop3_access']; | |
$sieve_access = $is_now['sieve_access']; | |
} | |
$active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active']; | |
} | |
else { | |
$_SESSION['return'][] = array( | |
'type' => 'danger', | |
'log' => array(__FUNCTION__, $_action, $_data_log), | |
'msg' => array('app_passwd_id_invalid', $id) | |
); | |
continue; | |
} | |
$app_name = htmlspecialchars(trim($app_name)); | |
if (!empty($password) && !empty($password2)) { | |
if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { | |
$_SESSION['return'][] = array( | |
'type' => 'danger', | |
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), | |
'msg' => 'password_complexity' | |
); | |
continue; | |
} | |
if ($password != $password2) { | |
$_SESSION['return'][] = array( | |
'type' => 'danger', | |
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), | |
'msg' => 'password_mismatch' | |
); | |
continue; | |
} | |
$password_hashed = hash_password($password); | |
$stmt = $pdo->prepare("UPDATE `app_passwd` SET | |
`password` = :password_hashed | |
WHERE `mailbox` = :username AND `id` = :id"); | |
$stmt->execute(array( | |
':password_hashed' => $password_hashed, | |
':username' => $username, | |
':id' => $id | |
)); | |
} | |
$stmt = $pdo->prepare("UPDATE `app_passwd` SET | |
`name` = :app_name, | |
`mailbox` = :username, | |
`imap_access` = :imap_access, | |
`smtp_access` = :smtp_access, | |
`eas_access` = :eas_access, | |
`dav_access` = :dav_access, | |
`pop3_access` = :pop3_access, | |
`sieve_access` = :sieve_access, | |
`active` = :active | |
WHERE `id` = :id"); | |
$stmt->execute(array( | |
':app_name' => $app_name, | |
':username' => $username, | |
':imap_access' => $imap_access, | |
':smtp_access' => $smtp_access, | |
':eas_access' => $eas_access, | |
':dav_access' => $dav_access, | |
':pop3_access' => $pop3_access, | |
':sieve_access' => $sieve_access, | |
':active' => $active, | |
':id' => $id | |
)); | |
$_SESSION['return'][] = array( | |
'type' => 'success', | |
'log' => array(__FUNCTION__, $_action, $_data_log), | |
'msg' => array('object_modified', htmlspecialchars(implode(', ', $ids))) | |
); | |
} | |
break; | |
case 'delete': | |
$ids = (array)$_data['id']; | |
foreach ($ids as $id) { | |
$stmt = $pdo->prepare("SELECT `mailbox` FROM `app_passwd` WHERE `id` = :id"); | |
$stmt->execute(array(':id' => $id)); | |
$mailbox = $stmt->fetch(PDO::FETCH_ASSOC)['mailbox']; | |
if (empty($mailbox)) { | |
$_SESSION['return'][] = array( | |
'type' => 'danger', | |
'log' => array(__FUNCTION__, $_action, $_data_log), | |
'msg' => 'app_passwd_id_invalid' | |
); | |
return false; | |
} | |
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $mailbox)) { | |
$_SESSION['return'][] = array( | |
'type' => 'danger', | |
'log' => array(__FUNCTION__, $_action, $_data_log), | |
'msg' => 'access_denied' | |
); | |
return false; | |
} | |
$stmt = $pdo->prepare("DELETE FROM `app_passwd` WHERE `id`= :id"); | |
$stmt->execute(array(':id' => $id)); | |
$_SESSION['return'][] = array( | |
'type' => 'success', | |
'log' => array(__FUNCTION__, $_action, $_data_log), | |
'msg' => array('app_passwd_removed', htmlspecialchars($id)) | |
); | |
} | |
break; | |
case 'get': | |
$app_passwds = array(); | |
$stmt = $pdo->prepare("SELECT `id`, `name` FROM `app_passwd` WHERE `mailbox` = :username"); | |
$stmt->execute(array(':username' => $username)); | |
$app_passwds = $stmt->fetchAll(PDO::FETCH_ASSOC); | |
return $app_passwds; | |
break; | |
case 'details': | |
$app_passwd_data = array(); | |
$stmt = $pdo->prepare("SELECT * | |
FROM `app_passwd` | |
WHERE `id` = :id"); | |
$stmt->execute(array(':id' => $_data)); | |
$app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC); | |
if (empty($app_passwd_data)) { | |
return false; | |
} | |
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $app_passwd_data['mailbox'])) { | |
$app_passwd_data = array(); | |
return false; | |
} | |
$app_passwd_data['name'] = htmlspecialchars(trim($app_passwd_data['name'])); | |
return $app_passwd_data; | |
break; | |
} | |
} |