Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 1 | <?php |
Matthias Andreas Benkard | d1f5b68 | 2023-11-18 13:18:30 +0100 | [diff] [blame] | 2 | // SSO Domain Admin |
| 3 | if (!empty($_GET['sso_token'])) { |
| 4 | $username = domain_admin_sso('check', $_GET['sso_token']); |
| 5 | |
| 6 | if ($username !== false) { |
| 7 | $_SESSION['mailcow_cc_username'] = $username; |
| 8 | $_SESSION['mailcow_cc_role'] = 'domainadmin'; |
| 9 | header('Location: /mailbox'); |
| 10 | } |
| 11 | } |
| 12 | |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 13 | if (isset($_POST["verify_tfa_login"])) { |
Matthias Andreas Benkard | 1ba5381 | 2022-12-27 17:32:58 +0100 | [diff] [blame] | 14 | if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) { |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 15 | $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username']; |
| 16 | $_SESSION['mailcow_cc_role'] = $_SESSION['pending_mailcow_cc_role']; |
| 17 | unset($_SESSION['pending_mailcow_cc_username']); |
| 18 | unset($_SESSION['pending_mailcow_cc_role']); |
Matthias Andreas Benkard | 1ba5381 | 2022-12-27 17:32:58 +0100 | [diff] [blame] | 19 | unset($_SESSION['pending_tfa_methods']); |
Matthias Andreas Benkard | d1f5b68 | 2023-11-18 13:18:30 +0100 | [diff] [blame] | 20 | |
Matthias Andreas Benkard | 1ba5381 | 2022-12-27 17:32:58 +0100 | [diff] [blame] | 21 | header("Location: /user"); |
| 22 | } else { |
| 23 | unset($_SESSION['pending_mailcow_cc_username']); |
| 24 | unset($_SESSION['pending_mailcow_cc_role']); |
| 25 | unset($_SESSION['pending_tfa_methods']); |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 26 | } |
| 27 | } |
| 28 | |
Matthias Andreas Benkard | 1ba5381 | 2022-12-27 17:32:58 +0100 | [diff] [blame] | 29 | if (isset($_GET["cancel_tfa_login"])) { |
| 30 | unset($_SESSION['pending_mailcow_cc_username']); |
| 31 | unset($_SESSION['pending_mailcow_cc_role']); |
| 32 | unset($_SESSION['pending_tfa_methods']); |
| 33 | |
| 34 | header("Location: /"); |
| 35 | } |
| 36 | |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 37 | if (isset($_POST["quick_release"])) { |
| 38 | quarantine('quick_release', $_POST["quick_release"]); |
| 39 | } |
| 40 | |
| 41 | if (isset($_POST["quick_delete"])) { |
| 42 | quarantine('quick_delete', $_POST["quick_delete"]); |
| 43 | } |
| 44 | |
| 45 | if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) { |
| 46 | $login_user = strtolower(trim($_POST["login_user"])); |
| 47 | $as = check_login($login_user, $_POST["pass_user"]); |
Matthias Andreas Benkard | d1f5b68 | 2023-11-18 13:18:30 +0100 | [diff] [blame] | 48 | |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 49 | if ($as == "admin") { |
| 50 | $_SESSION['mailcow_cc_username'] = $login_user; |
| 51 | $_SESSION['mailcow_cc_role'] = "admin"; |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 52 | header("Location: /admin"); |
| 53 | } |
| 54 | elseif ($as == "domainadmin") { |
| 55 | $_SESSION['mailcow_cc_username'] = $login_user; |
| 56 | $_SESSION['mailcow_cc_role'] = "domainadmin"; |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 57 | header("Location: /mailbox"); |
| 58 | } |
| 59 | elseif ($as == "user") { |
| 60 | $_SESSION['mailcow_cc_username'] = $login_user; |
| 61 | $_SESSION['mailcow_cc_role'] = "user"; |
Matthias Andreas Benkard | 1ba5381 | 2022-12-27 17:32:58 +0100 | [diff] [blame] | 62 | $http_parameters = explode('&', $_SESSION['index_query_string']); |
| 63 | unset($_SESSION['index_query_string']); |
| 64 | if (in_array('mobileconfig', $http_parameters)) { |
| 65 | if (in_array('only_email', $http_parameters)) { |
Matthias Andreas Benkard | d1f5b68 | 2023-11-18 13:18:30 +0100 | [diff] [blame] | 66 | header("Location: /mobileconfig.php?only_email"); |
Matthias Andreas Benkard | 1ba5381 | 2022-12-27 17:32:58 +0100 | [diff] [blame] | 67 | die(); |
| 68 | } |
| 69 | header("Location: /mobileconfig.php"); |
| 70 | die(); |
| 71 | } |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 72 | header("Location: /user"); |
| 73 | } |
| 74 | elseif ($as != "pending") { |
| 75 | unset($_SESSION['pending_mailcow_cc_username']); |
| 76 | unset($_SESSION['pending_mailcow_cc_role']); |
Matthias Andreas Benkard | 1ba5381 | 2022-12-27 17:32:58 +0100 | [diff] [blame] | 77 | unset($_SESSION['pending_tfa_methods']); |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 78 | unset($_SESSION['mailcow_cc_username']); |
| 79 | unset($_SESSION['mailcow_cc_role']); |
| 80 | } |
| 81 | } |
| 82 | |
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 83 | if (isset($_SESSION['mailcow_cc_role']) && (isset($_SESSION['acl']['login_as']) && $_SESSION['acl']['login_as'] == "1")) { |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 84 | if (isset($_GET["duallogin"])) { |
| 85 | $duallogin = html_entity_decode(rawurldecode($_GET["duallogin"])); |
| 86 | if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) { |
| 87 | if (!empty(mailbox('get', 'mailbox_details', $duallogin))) { |
| 88 | $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username']; |
| 89 | $_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role']; |
| 90 | $_SESSION['mailcow_cc_username'] = $duallogin; |
| 91 | $_SESSION['mailcow_cc_role'] = "user"; |
| 92 | header("Location: /user"); |
| 93 | } |
| 94 | } |
| 95 | else { |
| 96 | if (!empty(domain_admin('details', $duallogin))) { |
| 97 | $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username']; |
| 98 | $_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role']; |
| 99 | $_SESSION['mailcow_cc_username'] = $duallogin; |
| 100 | $_SESSION['mailcow_cc_role'] = "domainadmin"; |
| 101 | header("Location: /user"); |
| 102 | } |
| 103 | } |
| 104 | } |
| 105 | } |
| 106 | |
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 107 | if (isset($_SESSION['mailcow_cc_role'])) { |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 108 | if (isset($_POST["set_tfa"])) { |
| 109 | set_tfa($_POST); |
| 110 | } |
| 111 | if (isset($_POST["unset_tfa_key"])) { |
| 112 | unset_tfa_key($_POST); |
| 113 | } |
| 114 | if (isset($_POST["unset_fido2_key"])) { |
| 115 | fido2(array("action" => "unset_fido2_key", "post_data" => $_POST)); |
| 116 | } |
| 117 | } |
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 118 | if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin" && !isset($_SESSION['mailcow_cc_api'])) { |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 119 | // TODO: Move file upload to API? |
| 120 | if (isset($_POST["submit_main_logo"])) { |
| 121 | if ($_FILES['main_logo']['error'] == 0) { |
| 122 | customize('add', 'main_logo', $_FILES); |
| 123 | } |
Matthias Andreas Benkard | d1f5b68 | 2023-11-18 13:18:30 +0100 | [diff] [blame] | 124 | if ($_FILES['main_logo_dark']['error'] == 0) { |
| 125 | customize('add', 'main_logo_dark', $_FILES); |
| 126 | } |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 127 | } |
| 128 | if (isset($_POST["reset_main_logo"])) { |
| 129 | customize('delete', 'main_logo'); |
Matthias Andreas Benkard | d1f5b68 | 2023-11-18 13:18:30 +0100 | [diff] [blame] | 130 | customize('delete', 'main_logo_dark'); |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 131 | } |
| 132 | // Some actions will not be available via API |
| 133 | if (isset($_POST["license_validate_now"])) { |
| 134 | license('verify'); |
| 135 | } |
| 136 | if (isset($_POST["admin_api"])) { |
| 137 | if (isset($_POST["admin_api"]["ro"])) { |
| 138 | admin_api('ro', 'edit', $_POST); |
| 139 | } |
| 140 | elseif (isset($_POST["admin_api"]["rw"])) { |
| 141 | admin_api('rw', 'edit', $_POST); |
| 142 | } |
| 143 | } |
| 144 | if (isset($_POST["admin_api_regen_key"])) { |
| 145 | if (isset($_POST["admin_api_regen_key"]["ro"])) { |
| 146 | admin_api('ro', 'regen_key', $_POST); |
| 147 | } |
| 148 | elseif (isset($_POST["admin_api_regen_key"]["rw"])) { |
| 149 | admin_api('rw', 'regen_key', $_POST); |
| 150 | } |
| 151 | } |
| 152 | if (isset($_POST["rspamd_ui"])) { |
| 153 | rspamd_ui('edit', $_POST); |
| 154 | } |
| 155 | if (isset($_POST["mass_send"])) { |
| 156 | sys_mail($_POST); |
| 157 | } |
| 158 | } |
| 159 | ?> |