Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 1 | <?php
|
| 2 | function app_passwd($_action, $_data = null) {
|
| 3 | global $pdo;
|
| 4 | global $lang;
|
| 5 | $_data_log = $_data;
|
| 6 | !isset($_data_log['app_passwd']) ?: $_data_log['app_passwd'] = '*';
|
| 7 | !isset($_data_log['app_passwd2']) ?: $_data_log['app_passwd2'] = '*';
|
| 8 | if (isset($_data['username']) && filter_var($_data['username'], FILTER_VALIDATE_EMAIL)) {
|
| 9 | if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data['username'])) {
|
| 10 | $_SESSION['return'][] = array(
|
| 11 | 'type' => 'danger',
|
| 12 | 'log' => array(__FUNCTION__, $_action, $_data_log),
|
| 13 | 'msg' => 'access_denied'
|
| 14 | );
|
| 15 | return false;
|
| 16 | }
|
| 17 | else {
|
| 18 | $username = $_data['username'];
|
| 19 | }
|
| 20 | }
|
| 21 | else {
|
| 22 | $username = $_SESSION['mailcow_cc_username'];
|
| 23 | }
|
| 24 | switch ($_action) {
|
| 25 | case 'add':
|
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 26 | $app_name = htmlspecialchars(trim($_data['app_name']));
|
| 27 | $password = $_data['app_passwd'];
|
| 28 | $password2 = $_data['app_passwd2'];
|
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 29 | $active = intval($_data['active']);
|
Matthias Andreas Benkard | 12a5735 | 2021-12-28 18:02:04 +0100 | [diff] [blame^] | 30 | $protocols = (array)$_data['protocols'];
|
| 31 | $imap_access = (in_array('imap_access', $protocols)) ? 1 : 0;
|
| 32 | $dav_access = (in_array('dav_access', $protocols)) ? 1 : 0;
|
| 33 | $smtp_access = (in_array('smtp_access', $protocols)) ? 1 : 0;
|
| 34 | $eas_access = (in_array('eas_access', $protocols)) ? 1 : 0;
|
| 35 | $pop3_access = (in_array('pop3_access', $protocols)) ? 1 : 0;
|
| 36 | $sieve_access = (in_array('sieve_access', $protocols)) ? 1 : 0;
|
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 37 | $domain = mailbox('get', 'mailbox_details', $username)['domain'];
|
| 38 | if (empty($domain)) {
|
| 39 | $_SESSION['return'][] = array(
|
| 40 | 'type' => 'danger',
|
| 41 | 'log' => array(__FUNCTION__, $_action, $_data_log),
|
| 42 | 'msg' => 'access_denied'
|
| 43 | );
|
| 44 | return false;
|
| 45 | }
|
| 46 | if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
|
| 47 | $_SESSION['return'][] = array(
|
| 48 | 'type' => 'danger',
|
| 49 | 'log' => array(__FUNCTION__, $_action, $_data_log),
|
| 50 | 'msg' => 'password_complexity'
|
| 51 | );
|
| 52 | return false;
|
| 53 | }
|
| 54 | if ($password != $password2) {
|
| 55 | $_SESSION['return'][] = array(
|
| 56 | 'type' => 'danger',
|
| 57 | 'log' => array(__FUNCTION__, $_action, $_data_log),
|
| 58 | 'msg' => 'password_mismatch'
|
| 59 | );
|
| 60 | return false;
|
| 61 | }
|
| 62 | $password_hashed = hash_password($password);
|
| 63 | if (empty($app_name)) {
|
| 64 | $_SESSION['return'][] = array(
|
| 65 | 'type' => 'danger',
|
| 66 | 'log' => array(__FUNCTION__, $_action, $_data_log),
|
| 67 | 'msg' => 'app_name_empty'
|
| 68 | );
|
| 69 | return false;
|
| 70 | }
|
Matthias Andreas Benkard | 12a5735 | 2021-12-28 18:02:04 +0100 | [diff] [blame^] | 71 | $stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `imap_access`, `smtp_access`, `eas_access`, `dav_access`, `pop3_access`, `sieve_access`, `active`)
|
| 72 | VALUES (:app_name, :mailbox, :domain, :password, :imap_access, :smtp_access, :eas_access, :dav_access, :pop3_access, :sieve_access, :active)");
|
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 73 | $stmt->execute(array(
|
| 74 | ':app_name' => $app_name,
|
| 75 | ':mailbox' => $username,
|
| 76 | ':domain' => $domain,
|
| 77 | ':password' => $password_hashed,
|
Matthias Andreas Benkard | 12a5735 | 2021-12-28 18:02:04 +0100 | [diff] [blame^] | 78 | ':imap_access' => $imap_access,
|
| 79 | ':smtp_access' => $smtp_access,
|
| 80 | ':eas_access' => $eas_access,
|
| 81 | ':dav_access' => $dav_access,
|
| 82 | ':pop3_access' => $pop3_access,
|
| 83 | ':sieve_access' => $sieve_access,
|
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 84 | ':active' => $active
|
| 85 | ));
|
| 86 | $_SESSION['return'][] = array(
|
| 87 | 'type' => 'success',
|
| 88 | 'log' => array(__FUNCTION__, $_action, $_data_log),
|
| 89 | 'msg' => 'app_passwd_added'
|
| 90 | );
|
| 91 | break;
|
| 92 | case 'edit':
|
| 93 | $ids = (array)$_data['id'];
|
| 94 | foreach ($ids as $id) {
|
| 95 | $is_now = app_passwd('details', $id);
|
| 96 | if (!empty($is_now)) {
|
| 97 | $app_name = (!empty($_data['app_name'])) ? $_data['app_name'] : $is_now['name'];
|
| 98 | $password = (!empty($_data['password'])) ? $_data['password'] : null;
|
| 99 | $password2 = (!empty($_data['password2'])) ? $_data['password2'] : null;
|
Matthias Andreas Benkard | 12a5735 | 2021-12-28 18:02:04 +0100 | [diff] [blame^] | 100 | if (isset($_data['protocols'])) {
|
| 101 | $protocols = (array)$_data['protocols'];
|
| 102 | $imap_access = (in_array('imap_access', $protocols)) ? 1 : 0;
|
| 103 | $dav_access = (in_array('dav_access', $protocols)) ? 1 : 0;
|
| 104 | $smtp_access = (in_array('smtp_access', $protocols)) ? 1 : 0;
|
| 105 | $eas_access = (in_array('eas_access', $protocols)) ? 1 : 0;
|
| 106 | $pop3_access = (in_array('pop3_access', $protocols)) ? 1 : 0;
|
| 107 | $sieve_access = (in_array('sieve_access', $protocols)) ? 1 : 0;
|
| 108 | }
|
| 109 | else {
|
| 110 | $imap_access = $is_now['imap_access'];
|
| 111 | $smtp_access = $is_now['smtp_access'];
|
| 112 | $dav_access = $is_now['dav_access'];
|
| 113 | $eas_access = $is_now['eas_access'];
|
| 114 | $pop3_access = $is_now['pop3_access'];
|
| 115 | $sieve_access = $is_now['sieve_access'];
|
| 116 | }
|
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 117 | $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
|
| 118 | }
|
| 119 | else {
|
| 120 | $_SESSION['return'][] = array(
|
| 121 | 'type' => 'danger',
|
| 122 | 'log' => array(__FUNCTION__, $_action, $_data_log),
|
| 123 | 'msg' => array('app_passwd_id_invalid', $id)
|
| 124 | );
|
| 125 | continue;
|
| 126 | }
|
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 127 | $app_name = htmlspecialchars(trim($app_name));
|
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 128 | if (!empty($password) && !empty($password2)) {
|
| 129 | if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
|
| 130 | $_SESSION['return'][] = array(
|
| 131 | 'type' => 'danger',
|
| 132 | 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
| 133 | 'msg' => 'password_complexity'
|
| 134 | );
|
| 135 | continue;
|
| 136 | }
|
| 137 | if ($password != $password2) {
|
| 138 | $_SESSION['return'][] = array(
|
| 139 | 'type' => 'danger',
|
| 140 | 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
| 141 | 'msg' => 'password_mismatch'
|
| 142 | );
|
| 143 | continue;
|
| 144 | }
|
| 145 | $password_hashed = hash_password($password);
|
| 146 | $stmt = $pdo->prepare("UPDATE `app_passwd` SET
|
| 147 | `password` = :password_hashed
|
| 148 | WHERE `mailbox` = :username AND `id` = :id");
|
| 149 | $stmt->execute(array(
|
| 150 | ':password_hashed' => $password_hashed,
|
| 151 | ':username' => $username,
|
| 152 | ':id' => $id
|
| 153 | ));
|
| 154 | }
|
Matthias Andreas Benkard | 12a5735 | 2021-12-28 18:02:04 +0100 | [diff] [blame^] | 155 |
|
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 156 | $stmt = $pdo->prepare("UPDATE `app_passwd` SET
|
| 157 | `name` = :app_name,
|
| 158 | `mailbox` = :username,
|
Matthias Andreas Benkard | 12a5735 | 2021-12-28 18:02:04 +0100 | [diff] [blame^] | 159 | `imap_access` = :imap_access,
|
| 160 | `smtp_access` = :smtp_access,
|
| 161 | `eas_access` = :eas_access,
|
| 162 | `dav_access` = :dav_access,
|
| 163 | `pop3_access` = :pop3_access,
|
| 164 | `sieve_access` = :sieve_access,
|
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 165 | `active` = :active
|
| 166 | WHERE `id` = :id");
|
| 167 | $stmt->execute(array(
|
| 168 | ':app_name' => $app_name,
|
| 169 | ':username' => $username,
|
Matthias Andreas Benkard | 12a5735 | 2021-12-28 18:02:04 +0100 | [diff] [blame^] | 170 | ':imap_access' => $imap_access,
|
| 171 | ':smtp_access' => $smtp_access,
|
| 172 | ':eas_access' => $eas_access,
|
| 173 | ':dav_access' => $dav_access,
|
| 174 | ':pop3_access' => $pop3_access,
|
| 175 | ':sieve_access' => $sieve_access,
|
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 176 | ':active' => $active,
|
| 177 | ':id' => $id
|
| 178 | ));
|
| 179 | $_SESSION['return'][] = array(
|
| 180 | 'type' => 'success',
|
| 181 | 'log' => array(__FUNCTION__, $_action, $_data_log),
|
Matthias Andreas Benkard | 12a5735 | 2021-12-28 18:02:04 +0100 | [diff] [blame^] | 182 | 'msg' => array('object_modified', htmlspecialchars(implode(', ', $ids)))
|
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 183 | );
|
| 184 | }
|
| 185 | break;
|
| 186 | case 'delete':
|
| 187 | $ids = (array)$_data['id'];
|
| 188 | foreach ($ids as $id) {
|
| 189 | $stmt = $pdo->prepare("SELECT `mailbox` FROM `app_passwd` WHERE `id` = :id");
|
| 190 | $stmt->execute(array(':id' => $id));
|
| 191 | $mailbox = $stmt->fetch(PDO::FETCH_ASSOC)['mailbox'];
|
| 192 | if (empty($mailbox)) {
|
| 193 | $_SESSION['return'][] = array(
|
| 194 | 'type' => 'danger',
|
| 195 | 'log' => array(__FUNCTION__, $_action, $_data_log),
|
| 196 | 'msg' => 'app_passwd_id_invalid'
|
| 197 | );
|
| 198 | return false;
|
| 199 | }
|
| 200 | if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $mailbox)) {
|
| 201 | $_SESSION['return'][] = array(
|
| 202 | 'type' => 'danger',
|
| 203 | 'log' => array(__FUNCTION__, $_action, $_data_log),
|
| 204 | 'msg' => 'access_denied'
|
| 205 | );
|
| 206 | return false;
|
| 207 | }
|
| 208 | $stmt = $pdo->prepare("DELETE FROM `app_passwd` WHERE `id`= :id");
|
| 209 | $stmt->execute(array(':id' => $id));
|
| 210 | $_SESSION['return'][] = array(
|
| 211 | 'type' => 'success',
|
| 212 | 'log' => array(__FUNCTION__, $_action, $_data_log),
|
| 213 | 'msg' => array('app_passwd_removed', htmlspecialchars($id))
|
| 214 | );
|
| 215 | }
|
| 216 | break;
|
| 217 | case 'get':
|
| 218 | $app_passwds = array();
|
| 219 | $stmt = $pdo->prepare("SELECT `id`, `name` FROM `app_passwd` WHERE `mailbox` = :username");
|
| 220 | $stmt->execute(array(':username' => $username));
|
| 221 | $app_passwds = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
| 222 | return $app_passwds;
|
| 223 | break;
|
| 224 | case 'details':
|
| 225 | $app_passwd_data = array();
|
Matthias Andreas Benkard | 12a5735 | 2021-12-28 18:02:04 +0100 | [diff] [blame^] | 226 | $stmt = $pdo->prepare("SELECT *
|
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 227 | FROM `app_passwd`
|
| 228 | WHERE `id` = :id");
|
Matthias Andreas Benkard | 12a5735 | 2021-12-28 18:02:04 +0100 | [diff] [blame^] | 229 | $stmt->execute(array(':id' => $_data));
|
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 230 | $app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC);
|
| 231 | if (empty($app_passwd_data)) {
|
| 232 | return false;
|
| 233 | }
|
| 234 | if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $app_passwd_data['mailbox'])) {
|
| 235 | $app_passwd_data = array();
|
| 236 | return false;
|
| 237 | }
|
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 238 | $app_passwd_data['name'] = htmlspecialchars(trim($app_passwd_data['name']));
|
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 239 | return $app_passwd_data;
|
| 240 | break;
|
| 241 | }
|
Matthias Andreas Benkard | 12a5735 | 2021-12-28 18:02:04 +0100 | [diff] [blame^] | 242 | }
|