blob: c4b00260ff6d969b908b4ec86348280e7317e491 [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +01001<?php
2function app_passwd($_action, $_data = null) {
3 global $pdo;
4 global $lang;
5 $_data_log = $_data;
6 !isset($_data_log['app_passwd']) ?: $_data_log['app_passwd'] = '*';
7 !isset($_data_log['app_passwd2']) ?: $_data_log['app_passwd2'] = '*';
8 if (isset($_data['username']) && filter_var($_data['username'], FILTER_VALIDATE_EMAIL)) {
9 if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data['username'])) {
10 $_SESSION['return'][] = array(
11 'type' => 'danger',
12 'log' => array(__FUNCTION__, $_action, $_data_log),
13 'msg' => 'access_denied'
14 );
15 return false;
16 }
17 else {
18 $username = $_data['username'];
19 }
20 }
21 else {
22 $username = $_SESSION['mailcow_cc_username'];
23 }
24 switch ($_action) {
25 case 'add':
26 $app_name = trim($_data['app_name']);
27 $password = $_data['app_passwd'];
28 $password2 = $_data['app_passwd2'];
29 $active = intval($_data['active']);
30 $domain = mailbox('get', 'mailbox_details', $username)['domain'];
31 if (empty($domain)) {
32 $_SESSION['return'][] = array(
33 'type' => 'danger',
34 'log' => array(__FUNCTION__, $_action, $_data_log),
35 'msg' => 'access_denied'
36 );
37 return false;
38 }
39 if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
40 $_SESSION['return'][] = array(
41 'type' => 'danger',
42 'log' => array(__FUNCTION__, $_action, $_data_log),
43 'msg' => 'password_complexity'
44 );
45 return false;
46 }
47 if ($password != $password2) {
48 $_SESSION['return'][] = array(
49 'type' => 'danger',
50 'log' => array(__FUNCTION__, $_action, $_data_log),
51 'msg' => 'password_mismatch'
52 );
53 return false;
54 }
55 $password_hashed = hash_password($password);
56 if (empty($app_name)) {
57 $_SESSION['return'][] = array(
58 'type' => 'danger',
59 'log' => array(__FUNCTION__, $_action, $_data_log),
60 'msg' => 'app_name_empty'
61 );
62 return false;
63 }
64 $stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `active`)
65 VALUES (:app_name, :mailbox, :domain, :password, :active)");
66 $stmt->execute(array(
67 ':app_name' => $app_name,
68 ':mailbox' => $username,
69 ':domain' => $domain,
70 ':password' => $password_hashed,
71 ':active' => $active
72 ));
73 $_SESSION['return'][] = array(
74 'type' => 'success',
75 'log' => array(__FUNCTION__, $_action, $_data_log),
76 'msg' => 'app_passwd_added'
77 );
78 break;
79 case 'edit':
80 $ids = (array)$_data['id'];
81 foreach ($ids as $id) {
82 $is_now = app_passwd('details', $id);
83 if (!empty($is_now)) {
84 $app_name = (!empty($_data['app_name'])) ? $_data['app_name'] : $is_now['name'];
85 $password = (!empty($_data['password'])) ? $_data['password'] : null;
86 $password2 = (!empty($_data['password2'])) ? $_data['password2'] : null;
87 $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
88 }
89 else {
90 $_SESSION['return'][] = array(
91 'type' => 'danger',
92 'log' => array(__FUNCTION__, $_action, $_data_log),
93 'msg' => array('app_passwd_id_invalid', $id)
94 );
95 continue;
96 }
97 $app_name = trim($app_name);
98 if (!empty($password) && !empty($password2)) {
99 if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
100 $_SESSION['return'][] = array(
101 'type' => 'danger',
102 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
103 'msg' => 'password_complexity'
104 );
105 continue;
106 }
107 if ($password != $password2) {
108 $_SESSION['return'][] = array(
109 'type' => 'danger',
110 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
111 'msg' => 'password_mismatch'
112 );
113 continue;
114 }
115 $password_hashed = hash_password($password);
116 $stmt = $pdo->prepare("UPDATE `app_passwd` SET
117 `password` = :password_hashed
118 WHERE `mailbox` = :username AND `id` = :id");
119 $stmt->execute(array(
120 ':password_hashed' => $password_hashed,
121 ':username' => $username,
122 ':id' => $id
123 ));
124 }
125 $stmt = $pdo->prepare("UPDATE `app_passwd` SET
126 `name` = :app_name,
127 `mailbox` = :username,
128 `active` = :active
129 WHERE `id` = :id");
130 $stmt->execute(array(
131 ':app_name' => $app_name,
132 ':username' => $username,
133 ':active' => $active,
134 ':id' => $id
135 ));
136 $_SESSION['return'][] = array(
137 'type' => 'success',
138 'log' => array(__FUNCTION__, $_action, $_data_log),
139 'msg' => array('object_modified', htmlspecialchars($ids))
140 );
141 }
142 break;
143 case 'delete':
144 $ids = (array)$_data['id'];
145 foreach ($ids as $id) {
146 $stmt = $pdo->prepare("SELECT `mailbox` FROM `app_passwd` WHERE `id` = :id");
147 $stmt->execute(array(':id' => $id));
148 $mailbox = $stmt->fetch(PDO::FETCH_ASSOC)['mailbox'];
149 if (empty($mailbox)) {
150 $_SESSION['return'][] = array(
151 'type' => 'danger',
152 'log' => array(__FUNCTION__, $_action, $_data_log),
153 'msg' => 'app_passwd_id_invalid'
154 );
155 return false;
156 }
157 if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $mailbox)) {
158 $_SESSION['return'][] = array(
159 'type' => 'danger',
160 'log' => array(__FUNCTION__, $_action, $_data_log),
161 'msg' => 'access_denied'
162 );
163 return false;
164 }
165 $stmt = $pdo->prepare("DELETE FROM `app_passwd` WHERE `id`= :id");
166 $stmt->execute(array(':id' => $id));
167 $_SESSION['return'][] = array(
168 'type' => 'success',
169 'log' => array(__FUNCTION__, $_action, $_data_log),
170 'msg' => array('app_passwd_removed', htmlspecialchars($id))
171 );
172 }
173 break;
174 case 'get':
175 $app_passwds = array();
176 $stmt = $pdo->prepare("SELECT `id`, `name` FROM `app_passwd` WHERE `mailbox` = :username");
177 $stmt->execute(array(':username' => $username));
178 $app_passwds = $stmt->fetchAll(PDO::FETCH_ASSOC);
179 return $app_passwds;
180 break;
181 case 'details':
182 $app_passwd_data = array();
183 $stmt = $pdo->prepare("SELECT `id`,
184 `name`,
185 `mailbox`,
186 `domain`,
187 `created`,
188 `modified`,
189 `active`
190 FROM `app_passwd`
191 WHERE `id` = :id");
192 $stmt->execute(array(':id' => $_data['id']));
193 $app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC);
194 if (empty($app_passwd_data)) {
195 return false;
196 }
197 if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $app_passwd_data['mailbox'])) {
198 $app_passwd_data = array();
199 return false;
200 }
201 return $app_passwd_data;
202 break;
203 }
204}