Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / 7b2a3a1c374b0a853b379f41561dcf2796c55986 / . / mailcow / src / mailcow-dockerized / data / web / inc / functions.pushover.inc.php
blob: 74e8bb1c2b93436c319c341003243d35de8429a1 [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]1<?php
2function pushover($_action, $_data = null) {
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]3 global $pdo;
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]4 switch ($_action) {
5 case 'edit':
6 if (!isset($_SESSION['acl']['pushover']) || $_SESSION['acl']['pushover'] != "1" ) {
7 $_SESSION['return'][] = array(
8 'type' => 'danger',
9 'log' => array(__FUNCTION__, $_action, $_data),
10 'msg' => 'access_denied'
11 );
12 return false;
13 }
14 if (!is_array($_data['username'])) {
15 $usernames = array();
16 $usernames[] = $_data['username'];
17 }
18 else {
19 $usernames = $_data['username'];
20 }
21 foreach ($usernames as $username) {
22 if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
23 $_SESSION['return'][] = array(
24 'type' => 'danger',
25 'log' => array(__FUNCTION__, $_action, $_data),
26 'msg' => 'access_denied'
27 );
28 continue;
29 }
30 $delete = $_data['delete'];
31 if ($delete == "true") {
32 $stmt = $pdo->prepare("DELETE FROM `pushover` WHERE `username` = :username");
33 $stmt->execute(array(
34 ':username' => $username
35 ));
36 $_SESSION['return'][] = array(
37 'type' => 'success',
38 'log' => array(__FUNCTION__, $_action, $_data),
39 'msg' => 'pushover_settings_edited'
40 );
41 continue;
42 }
43 $is_now = pushover('get', $username);
44 if (!empty($is_now)) {
45 $key = (!empty($_data['key'])) ? $_data['key'] : $is_now['key'];
46 $token = (!empty($_data['token'])) ? $_data['token'] : $is_now['token'];
47 $senders = (isset($_data['senders'])) ? $_data['senders'] : $is_now['senders'];
48 $senders_regex = (isset($_data['senders_regex'])) ? $_data['senders_regex'] : $is_now['senders_regex'];
49 $title = (!empty($_data['title'])) ? $_data['title'] : $is_now['title'];
50 $text = (!empty($_data['text'])) ? $_data['text'] : $is_now['text'];
51 $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
52 $evaluate_x_prio = (isset($_data['evaluate_x_prio'])) ? intval($_data['evaluate_x_prio']) : $is_now['evaluate_x_prio'];
53 $only_x_prio = (isset($_data['only_x_prio'])) ? intval($_data['only_x_prio']) : $is_now['only_x_prio'];
54 }
55 else {
56 $_SESSION['return'][] = array(
57 'type' => 'danger',
58 'log' => array(__FUNCTION__, $_action, $_data),
59 'msg' => 'access_denied'
60 );
61 continue;
62 }
63 if (!empty($senders_regex) && !is_valid_regex($senders_regex)) {
64 $_SESSION['return'][] = array(
65 'type' => 'danger',
66 'log' => array(__FUNCTION__, $_action, $_data),
67 'msg' => 'Invalid regex'
68 );
69 continue;
70 }
71 $senders = array_map('trim', preg_split( "/( |,|;|\n)/", $senders));
72 foreach ($senders as $i => &$sender) {
73 if (empty($sender)) {
74 continue;
75 }
76 if (!filter_var($sender, FILTER_VALIDATE_EMAIL) === true) {
77 unset($senders[$i]);
78 continue;
79 }
80 $senders[$i] = preg_replace('/\.(?=.*?@gmail\.com$)/', '$1', $sender);
81 }
82 $senders = array_filter($senders);
83 if (empty($senders)) { $senders = ''; }
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]84 $senders = implode(",", (array)$senders);
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]85 if (!ctype_alnum($key) || strlen($key) != 30) {
86 $_SESSION['return'][] = array(
87 'type' => 'danger',
88 'log' => array(__FUNCTION__, $_action, $_data, $_data),
89 'msg' => 'pushover_key'
90 );
91 continue;
92 }
93 if (!ctype_alnum($token) || strlen($token) != 30) {
94 $_SESSION['return'][] = array(
95 'type' => 'danger',
96 'log' => array(__FUNCTION__, $_action, $_data, $_data),
97 'msg' => 'pushover_token'
98 );
99 continue;
100 }
101 $po_attributes = json_encode(
102 array(
103 'evaluate_x_prio' => strval(intval($evaluate_x_prio)),
104 'only_x_prio' => strval(intval($only_x_prio))
105 )
106 );
107 $stmt = $pdo->prepare("REPLACE INTO `pushover` (`username`, `key`, `attributes`, `senders_regex`, `senders`, `token`, `title`, `text`, `active`)
108 VALUES (:username, :key, :po_attributes, :senders_regex, :senders, :token, :title, :text, :active)");
109 $stmt->execute(array(
110 ':username' => $username,
111 ':key' => $key,
112 ':po_attributes' => $po_attributes,
113 ':senders_regex' => $senders_regex,
114 ':senders' => $senders,
115 ':token' => $token,
116 ':title' => $title,
117 ':text' => $text,
118 ':active' => $active
119 ));
120 $_SESSION['return'][] = array(
121 'type' => 'success',
122 'log' => array(__FUNCTION__, $_action, $_data),
123 'msg' => 'pushover_settings_edited'
124 );
125 }
126 break;
127 case 'get':
128 if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
129 $_SESSION['return'][] = array(
130 'type' => 'danger',
131 'log' => array(__FUNCTION__, $_action, $_data),
132 'msg' => 'access_denied'
133 );
134 return false;
135 }
136 $stmt = $pdo->prepare("SELECT * FROM `pushover` WHERE `username` = :username");
137 $stmt->execute(array(
138 ':username' => $_data
139 ));
140 $data = $stmt->fetch(PDO::FETCH_ASSOC);
141 $data['attributes'] = json_decode($data['attributes'], true);
142 if (empty($data)) {
143 return false;
144 }
145 else {
146 return $data;
147 }
148 break;
149 case 'test':
150 if (!isset($_SESSION['acl']['pushover']) || $_SESSION['acl']['pushover'] != "1" ) {
151 $_SESSION['return'][] = array(
152 'type' => 'danger',
153 'log' => array(__FUNCTION__, $_action, $_data),
154 'msg' => 'access_denied'
155 );
156 return false;
157 }
158 if (!is_array($_data['username'])) {
159 $usernames = array();
160 $usernames[] = $_data['username'];
161 }
162 else {
163 $usernames = $_data['username'];
164 }
165 foreach ($usernames as $username) {
166 if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
167 $_SESSION['return'][] = array(
168 'type' => 'danger',
169 'log' => array(__FUNCTION__, $_action, $_data),
170 'msg' => 'access_denied'
171 );
172 continue;
173 }
174 $stmt = $pdo->prepare("SELECT * FROM `pushover`
175 WHERE `username` = :username");
176 $stmt->execute(array(
177 ':username' => $username
178 ));
179 $api_data = $stmt->fetch(PDO::FETCH_ASSOC);
180 if (!empty($api_data)) {
181 $title = (!empty($api_data['title'])) ? $api_data['title'] : 'Mail';
182 $text = (!empty($api_data['text'])) ? $api_data['text'] : 'You\'ve got mail 📧';
183 curl_setopt_array($ch = curl_init(), array(
184 CURLOPT_URL => "https://api.pushover.net/1/users/validate.json",
185 CURLOPT_POSTFIELDS => array(
186 "token" => $api_data['token'],
187 "user" => $api_data['key']
188 ),
189 CURLOPT_SAFE_UPLOAD => true,
190 CURLOPT_RETURNTRANSFER => true,
191 ));
192 $result = curl_exec($ch);
193 $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
194 curl_close($ch);
195 if ($httpcode == 200) {
196 $_SESSION['return'][] = array(
197 'type' => 'success',
198 'log' => array(__FUNCTION__, $_action, $_data),
199 'msg' => sprintf('Pushover API OK (%d): %s', $httpcode, $result)
200 );
201 }
202 else {
203 $_SESSION['return'][] = array(
204 'type' => 'danger',
205 'log' => array(__FUNCTION__, $_action, $_data),
206 'msg' => sprintf('Pushover API ERR (%d): %s', $httpcode, $result)
207 );
208 }
209 }
210 else {
211 $_SESSION['return'][] = array(
212 'type' => 'danger',
213 'log' => array(__FUNCTION__, $_action, $_data),
214 'msg' => 'pushover_credentials_missing'
215 );
216 return false;
217 }
218 }
219 break;
220 }
221}