Blame - mailcow/src/mailcow-dockerized/data/web/inc/functions.app_passwd.inc.php - kubeia

$stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `imap_access`, `smtp_access`, `eas_access`, `dav_access`, `pop3_access`, `sieve_access`, `active`)

72

VALUES (:app_name, :mailbox, :domain, :password, :imap_access, :smtp_access, :eas_access, :dav_access, :pop3_access, :sieve_access, :active)");

Matthias Andreas Benkard

b382b10

2021-01-02 15:32:21 +0100

[diff] [blame]

73

$stmt->execute(array(

74

':app_name' => $app_name,

75

':mailbox' => $username,

76

':domain' => $domain,

77

':password' => $password_hashed,

Matthias Andreas Benkard

12a5735

2021-12-28 18:02:04 +0100

[diff] [blame^]

78

':imap_access' => $imap_access,

79

':smtp_access' => $smtp_access,

80

':eas_access' => $eas_access,

81

':dav_access' => $dav_access,

82

':pop3_access' => $pop3_access,

83

':sieve_access' => $sieve_access,

Matthias Andreas Benkard

b382b10

2021-01-02 15:32:21 +0100

[diff] [blame]

84

':active' => $active

85

));

86

$_SESSION['return'][] = array(

87

'type' => 'success',

88

'log' => array(__FUNCTION__, $_action, $_data_log),

89

'msg' => 'app_passwd_added'

);

break;

case 'edit':

$ids = (array)$_data['id'];

94

foreach ($ids as $id) {

95

$is_now = app_passwd('details', $id);

96

if (!empty($is_now)) {

97

$app_name = (!empty($_data['app_name'])) ? $_data['app_name'] : $is_now['name'];

98

$password = (!empty($_data['password'])) ? $_data['password'] : null;

99

$password2 = (!empty($_data['password2'])) ? $_data['password2'] : null;

Matthias Andreas Benkard

12a5735

2021-12-28 18:02:04 +0100

[diff] [blame^]

100

if (isset($_data['protocols'])) {

101

$protocols = (array)$_data['protocols'];

102

$imap_access = (in_array('imap_access', $protocols)) ? 1 : 0;

103

$dav_access = (in_array('dav_access', $protocols)) ? 1 : 0;

104

$smtp_access = (in_array('smtp_access', $protocols)) ? 1 : 0;

105

$eas_access = (in_array('eas_access', $protocols)) ? 1 : 0;

106

$pop3_access = (in_array('pop3_access', $protocols)) ? 1 : 0;

107

$sieve_access = (in_array('sieve_access', $protocols)) ? 1 : 0;

108

}

109

else {

110

$imap_access = $is_now['imap_access'];

111

$smtp_access = $is_now['smtp_access'];

112

$dav_access = $is_now['dav_access'];

113

$eas_access = $is_now['eas_access'];

114

$pop3_access = $is_now['pop3_access'];

115

$sieve_access = $is_now['sieve_access'];

116

}

Matthias Andreas Benkard

b382b10

2021-01-02 15:32:21 +0100

[diff] [blame]

117

$active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];

118

}

119

else {

120

$_SESSION['return'][] = array(

121

'type' => 'danger',

122

'log' => array(__FUNCTION__, $_action, $_data_log),

123

'msg' => array('app_passwd_id_invalid', $id)

124

);

125

continue;

126

}

Matthias Andreas Benkard

7b2a3a1

2021-08-16 10:57:25 +0200

[diff] [blame]

127

$app_name = htmlspecialchars(trim($app_name));

Matthias Andreas Benkard

b382b10

2021-01-02 15:32:21 +0100

[diff] [blame]

128

if (!empty($password) && !empty($password2)) {

129

if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {

130

$_SESSION['return'][] = array(

131

'type' => 'danger',

132

'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

133

'msg' => 'password_complexity'

);

continue;

}

if ($password != $password2) {

138

$_SESSION['return'][] = array(

139

'type' => 'danger',

140

'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

141

'msg' => 'password_mismatch'

);

continue;

}

$password_hashed = hash_password($password);

146

$stmt = $pdo->prepare("UPDATE `app_passwd` SET

147

`password` = :password_hashed

148

WHERE `mailbox` = :username AND `id` = :id");

149

$stmt->execute(array(

150

':password_hashed' => $password_hashed,

151

':username' => $username,

152

':id' => $id

153

));

154

}

Matthias Andreas Benkard

12a5735

2021-12-28 18:02:04 +0100

[diff] [blame^]

155

Matthias Andreas Benkard

b382b10

2021-01-02 15:32:21 +0100

[diff] [blame]

156

$stmt = $pdo->prepare("UPDATE `app_passwd` SET

157

`name` = :app_name,

158

`mailbox` = :username,

Matthias Andreas Benkard

12a5735

2021-12-28 18:02:04 +0100

[diff] [blame^]

159

`imap_access` = :imap_access,

160

`smtp_access` = :smtp_access,

161

`eas_access` = :eas_access,

162

`dav_access` = :dav_access,

163

`pop3_access` = :pop3_access,

164

`sieve_access` = :sieve_access,

Matthias Andreas Benkard

b382b10

2021-01-02 15:32:21 +0100

[diff] [blame]

165

`active` = :active

166

WHERE `id` = :id");

167

$stmt->execute(array(

168

':app_name' => $app_name,

169

':username' => $username,

Matthias Andreas Benkard

12a5735

2021-12-28 18:02:04 +0100

[diff] [blame^]

170

':imap_access' => $imap_access,

171

':smtp_access' => $smtp_access,

172

':eas_access' => $eas_access,

173

':dav_access' => $dav_access,

174

':pop3_access' => $pop3_access,

175

':sieve_access' => $sieve_access,

Matthias Andreas Benkard

b382b10

2021-01-02 15:32:21 +0100

[diff] [blame]

176

':active' => $active,

177

':id' => $id

178

));

179

$_SESSION['return'][] = array(

180

'type' => 'success',

181

'log' => array(__FUNCTION__, $_action, $_data_log),

Matthias Andreas Benkard

12a5735

2021-12-28 18:02:04 +0100

[diff] [blame^]

182

'msg' => array('object_modified', htmlspecialchars(implode(', ', $ids)))

Matthias Andreas Benkard

b382b10

2021-01-02 15:32:21 +0100

[diff] [blame]

);

}

break;

case 'delete':

$ids = (array)$_data['id'];

188

foreach ($ids as $id) {

189

$stmt = $pdo->prepare("SELECT `mailbox` FROM `app_passwd` WHERE `id` = :id");

190

$stmt->execute(array(':id' => $id));

191

$mailbox = $stmt->fetch(PDO::FETCH_ASSOC)['mailbox'];

192

if (empty($mailbox)) {

193

$_SESSION['return'][] = array(

194

'type' => 'danger',

195

'log' => array(__FUNCTION__, $_action, $_data_log),

196

'msg' => 'app_passwd_id_invalid'

);

return false;

}

if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $mailbox)) {

201

$_SESSION['return'][] = array(

202

'type' => 'danger',

203

'log' => array(__FUNCTION__, $_action, $_data_log),

204

'msg' => 'access_denied'

);

return false;

}

$stmt = $pdo->prepare("DELETE FROM `app_passwd` WHERE `id`= :id");

209

$stmt->execute(array(':id' => $id));

210

$_SESSION['return'][] = array(

211

'type' => 'success',

212

'log' => array(__FUNCTION__, $_action, $_data_log),

213

'msg' => array('app_passwd_removed', htmlspecialchars($id))

);

}

break;

case 'get':

$app_passwds = array();

219

$stmt = $pdo->prepare("SELECT `id`, `name` FROM `app_passwd` WHERE `mailbox` = :username");

220

$stmt->execute(array(':username' => $username));

221

$app_passwds = $stmt->fetchAll(PDO::FETCH_ASSOC);

return $app_passwds;

break;

case 'details':

$app_passwd_data = array();

Matthias Andreas Benkard

12a5735

2021-12-28 18:02:04 +0100

[diff] [blame^]

226

$stmt = $pdo->prepare("SELECT *

Matthias Andreas Benkard

b382b10

2021-01-02 15:32:21 +0100

[diff] [blame]

227

FROM `app_passwd`

228

WHERE `id` = :id");

Matthias Andreas Benkard

12a5735

2021-12-28 18:02:04 +0100

[diff] [blame^]

229

$stmt->execute(array(':id' => $_data));

Matthias Andreas Benkard

b382b10

2021-01-02 15:32:21 +0100

[diff] [blame]

230

$app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC);

231

if (empty($app_passwd_data)) {

232

return false;

233

}

234

if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $app_passwd_data['mailbox'])) {

235

$app_passwd_data = array();

236

return false;

237

}

Matthias Andreas Benkard

7b2a3a1

2021-08-16 10:57:25 +0200

[diff] [blame]

238

$app_passwd_data['name'] = htmlspecialchars(trim($app_passwd_data['name']));

Matthias Andreas Benkard

b382b10

2021-01-02 15:32:21 +0100

[diff] [blame]

239

return $app_passwd_data;

240

break;

241

}

Matthias Andreas Benkard

12a5735

2021-12-28 18:02:04 +0100

[diff] [blame^]

242

}