blob: 8785759a192890bf96ddf759bfcf23eeb0c21099 [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +01001<?php
2if (isset($_POST["verify_tfa_login"])) {
3 if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST["token"])) {
4 $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
5 $_SESSION['mailcow_cc_role'] = $_SESSION['pending_mailcow_cc_role'];
6 unset($_SESSION['pending_mailcow_cc_username']);
7 unset($_SESSION['pending_mailcow_cc_role']);
8 unset($_SESSION['pending_tfa_method']);
9 header("Location: /user");
10 }
11}
12
13if (isset($_POST["quick_release"])) {
14 quarantine('quick_release', $_POST["quick_release"]);
15}
16
17if (isset($_POST["quick_delete"])) {
18 quarantine('quick_delete', $_POST["quick_delete"]);
19}
20
21if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
22 $login_user = strtolower(trim($_POST["login_user"]));
23 $as = check_login($login_user, $_POST["pass_user"]);
24 if ($as == "admin") {
25 $_SESSION['mailcow_cc_username'] = $login_user;
26 $_SESSION['mailcow_cc_role'] = "admin";
27 $_SESSION['mailcow_cc_last_login'] = last_login($login_user);
28 header("Location: /admin");
29 }
30 elseif ($as == "domainadmin") {
31 $_SESSION['mailcow_cc_username'] = $login_user;
32 $_SESSION['mailcow_cc_role'] = "domainadmin";
33 $_SESSION['mailcow_cc_last_login'] = last_login($login_user);
34 header("Location: /mailbox");
35 }
36 elseif ($as == "user") {
37 $_SESSION['mailcow_cc_username'] = $login_user;
38 $_SESSION['mailcow_cc_role'] = "user";
39 $_SESSION['mailcow_cc_last_login'] = last_login($login_user);
40 $http_parameters = explode('&', $_SESSION['index_query_string']);
41 unset($_SESSION['index_query_string']);
42 if (in_array('mobileconfig', $http_parameters)) {
43 if (in_array('only_email', $http_parameters)) {
44 header("Location: /mobileconfig.php?email_only");
45 die();
46 }
47 header("Location: /mobileconfig.php");
48 die();
49 }
50 header("Location: /user");
51 }
52 elseif ($as != "pending") {
53 unset($_SESSION['pending_mailcow_cc_username']);
54 unset($_SESSION['pending_mailcow_cc_role']);
55 unset($_SESSION['pending_tfa_method']);
56 unset($_SESSION['mailcow_cc_username']);
57 unset($_SESSION['mailcow_cc_role']);
58 }
59}
60
61if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['acl']['login_as'] == "1") {
62 if (isset($_GET["duallogin"])) {
63 $duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));
64 if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {
65 if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {
66 $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
67 $_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role'];
68 $_SESSION['mailcow_cc_username'] = $duallogin;
69 $_SESSION['mailcow_cc_role'] = "user";
70 header("Location: /user");
71 }
72 }
73 else {
74 if (!empty(domain_admin('details', $duallogin))) {
75 $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
76 $_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role'];
77 $_SESSION['mailcow_cc_username'] = $duallogin;
78 $_SESSION['mailcow_cc_role'] = "domainadmin";
79 header("Location: /user");
80 }
81 }
82 }
83}
84
85if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin" || $_SESSION['mailcow_cc_role'] == "domainadmin")) {
86 if (isset($_POST["set_tfa"])) {
87 set_tfa($_POST);
88 }
89 if (isset($_POST["unset_tfa_key"])) {
90 unset_tfa_key($_POST);
91 }
92 if (isset($_POST["unset_fido2_key"])) {
93 fido2(array("action" => "unset_fido2_key", "post_data" => $_POST));
94 }
95}
96if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") {
97 // TODO: Move file upload to API?
98 if (isset($_POST["submit_main_logo"])) {
99 if ($_FILES['main_logo']['error'] == 0) {
100 customize('add', 'main_logo', $_FILES);
101 }
102 }
103 if (isset($_POST["reset_main_logo"])) {
104 customize('delete', 'main_logo');
105 }
106 // Some actions will not be available via API
107 if (isset($_POST["license_validate_now"])) {
108 license('verify');
109 }
110 if (isset($_POST["admin_api"])) {
111 if (isset($_POST["admin_api"]["ro"])) {
112 admin_api('ro', 'edit', $_POST);
113 }
114 elseif (isset($_POST["admin_api"]["rw"])) {
115 admin_api('rw', 'edit', $_POST);
116 }
117 }
118 if (isset($_POST["admin_api_regen_key"])) {
119 if (isset($_POST["admin_api_regen_key"]["ro"])) {
120 admin_api('ro', 'regen_key', $_POST);
121 }
122 elseif (isset($_POST["admin_api_regen_key"]["rw"])) {
123 admin_api('rw', 'regen_key', $_POST);
124 }
125 }
126 if (isset($_POST["rspamd_ui"])) {
127 rspamd_ui('edit', $_POST);
128 }
129 if (isset($_POST["mass_send"])) {
130 sys_mail($_POST);
131 }
132}
133?>