Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / d02ba580d49460c48886def8d315a5c20f989c50 / . / mailcow / src / mailcow-dockerized / data / web / inc / functions.pushover.inc.php
blob: 5393c0d5efec250fb75ccf598c3eaa0ae05ed59c [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]1<?php
2function pushover($_action, $_data = null) {
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]3 global $pdo;
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]4 switch ($_action) {
5 case 'edit':
6 if (!isset($_SESSION['acl']['pushover']) || $_SESSION['acl']['pushover'] != "1" ) {
7 $_SESSION['return'][] = array(
8 'type' => 'danger',
9 'log' => array(__FUNCTION__, $_action, $_data),
10 'msg' => 'access_denied'
11 );
12 return false;
13 }
14 if (!is_array($_data['username'])) {
15 $usernames = array();
16 $usernames[] = $_data['username'];
17 }
18 else {
19 $usernames = $_data['username'];
20 }
21 foreach ($usernames as $username) {
22 if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
23 $_SESSION['return'][] = array(
24 'type' => 'danger',
25 'log' => array(__FUNCTION__, $_action, $_data),
26 'msg' => 'access_denied'
27 );
28 continue;
29 }
30 $delete = $_data['delete'];
31 if ($delete == "true") {
32 $stmt = $pdo->prepare("DELETE FROM `pushover` WHERE `username` = :username");
33 $stmt->execute(array(
34 ':username' => $username
35 ));
36 $_SESSION['return'][] = array(
37 'type' => 'success',
38 'log' => array(__FUNCTION__, $_action, $_data),
39 'msg' => 'pushover_settings_edited'
40 );
41 continue;
42 }
43 $is_now = pushover('get', $username);
44 if (!empty($is_now)) {
45 $key = (!empty($_data['key'])) ? $_data['key'] : $is_now['key'];
46 $token = (!empty($_data['token'])) ? $_data['token'] : $is_now['token'];
47 $senders = (isset($_data['senders'])) ? $_data['senders'] : $is_now['senders'];
48 $senders_regex = (isset($_data['senders_regex'])) ? $_data['senders_regex'] : $is_now['senders_regex'];
49 $title = (!empty($_data['title'])) ? $_data['title'] : $is_now['title'];
50 $text = (!empty($_data['text'])) ? $_data['text'] : $is_now['text'];
51 $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
52 $evaluate_x_prio = (isset($_data['evaluate_x_prio'])) ? intval($_data['evaluate_x_prio']) : $is_now['evaluate_x_prio'];
53 $only_x_prio = (isset($_data['only_x_prio'])) ? intval($_data['only_x_prio']) : $is_now['only_x_prio'];
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]54 $sound = (isset($_data['sound'])) ? $_data['sound'] : $is_now['sound'];
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]55 }
56 else {
57 $_SESSION['return'][] = array(
58 'type' => 'danger',
59 'log' => array(__FUNCTION__, $_action, $_data),
60 'msg' => 'access_denied'
61 );
62 continue;
63 }
64 if (!empty($senders_regex) && !is_valid_regex($senders_regex)) {
65 $_SESSION['return'][] = array(
66 'type' => 'danger',
67 'log' => array(__FUNCTION__, $_action, $_data),
68 'msg' => 'Invalid regex'
69 );
70 continue;
71 }
72 $senders = array_map('trim', preg_split( "/( |,|;|\n)/", $senders));
73 foreach ($senders as $i => &$sender) {
74 if (empty($sender)) {
75 continue;
76 }
77 if (!filter_var($sender, FILTER_VALIDATE_EMAIL) === true) {
78 unset($senders[$i]);
79 continue;
80 }
81 $senders[$i] = preg_replace('/\.(?=.*?@gmail\.com$)/', '$1', $sender);
82 }
83 $senders = array_filter($senders);
84 if (empty($senders)) { $senders = ''; }
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]85 $senders = implode(",", (array)$senders);
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]86 if (!ctype_alnum($key) || strlen($key) != 30) {
87 $_SESSION['return'][] = array(
88 'type' => 'danger',
89 'log' => array(__FUNCTION__, $_action, $_data, $_data),
90 'msg' => 'pushover_key'
91 );
92 continue;
93 }
94 if (!ctype_alnum($token) || strlen($token) != 30) {
95 $_SESSION['return'][] = array(
96 'type' => 'danger',
97 'log' => array(__FUNCTION__, $_action, $_data, $_data),
98 'msg' => 'pushover_token'
99 );
100 continue;
101 }
102 $po_attributes = json_encode(
103 array(
104 'evaluate_x_prio' => strval(intval($evaluate_x_prio)),
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]105 'only_x_prio' => strval(intval($only_x_prio)),
106 'sound' => strval($sound)
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]107 )
108 );
109 $stmt = $pdo->prepare("REPLACE INTO `pushover` (`username`, `key`, `attributes`, `senders_regex`, `senders`, `token`, `title`, `text`, `active`)
110 VALUES (:username, :key, :po_attributes, :senders_regex, :senders, :token, :title, :text, :active)");
111 $stmt->execute(array(
112 ':username' => $username,
113 ':key' => $key,
114 ':po_attributes' => $po_attributes,
115 ':senders_regex' => $senders_regex,
116 ':senders' => $senders,
117 ':token' => $token,
118 ':title' => $title,
119 ':text' => $text,
120 ':active' => $active
121 ));
122 $_SESSION['return'][] = array(
123 'type' => 'success',
124 'log' => array(__FUNCTION__, $_action, $_data),
125 'msg' => 'pushover_settings_edited'
126 );
127 }
128 break;
129 case 'get':
130 if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
131 $_SESSION['return'][] = array(
132 'type' => 'danger',
133 'log' => array(__FUNCTION__, $_action, $_data),
134 'msg' => 'access_denied'
135 );
136 return false;
137 }
138 $stmt = $pdo->prepare("SELECT * FROM `pushover` WHERE `username` = :username");
139 $stmt->execute(array(
140 ':username' => $_data
141 ));
142 $data = $stmt->fetch(PDO::FETCH_ASSOC);
143 $data['attributes'] = json_decode($data['attributes'], true);
144 if (empty($data)) {
145 return false;
146 }
147 else {
148 return $data;
149 }
150 break;
151 case 'test':
152 if (!isset($_SESSION['acl']['pushover']) || $_SESSION['acl']['pushover'] != "1" ) {
153 $_SESSION['return'][] = array(
154 'type' => 'danger',
155 'log' => array(__FUNCTION__, $_action, $_data),
156 'msg' => 'access_denied'
157 );
158 return false;
159 }
160 if (!is_array($_data['username'])) {
161 $usernames = array();
162 $usernames[] = $_data['username'];
163 }
164 else {
165 $usernames = $_data['username'];
166 }
167 foreach ($usernames as $username) {
168 if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
169 $_SESSION['return'][] = array(
170 'type' => 'danger',
171 'log' => array(__FUNCTION__, $_action, $_data),
172 'msg' => 'access_denied'
173 );
174 continue;
175 }
176 $stmt = $pdo->prepare("SELECT * FROM `pushover`
177 WHERE `username` = :username");
178 $stmt->execute(array(
179 ':username' => $username
180 ));
181 $api_data = $stmt->fetch(PDO::FETCH_ASSOC);
182 if (!empty($api_data)) {
183 $title = (!empty($api_data['title'])) ? $api_data['title'] : 'Mail';
184 $text = (!empty($api_data['text'])) ? $api_data['text'] : 'You\'ve got mail 📧';
185 curl_setopt_array($ch = curl_init(), array(
186 CURLOPT_URL => "https://api.pushover.net/1/users/validate.json",
187 CURLOPT_POSTFIELDS => array(
188 "token" => $api_data['token'],
189 "user" => $api_data['key']
190 ),
191 CURLOPT_SAFE_UPLOAD => true,
192 CURLOPT_RETURNTRANSFER => true,
193 ));
194 $result = curl_exec($ch);
195 $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
196 curl_close($ch);
197 if ($httpcode == 200) {
198 $_SESSION['return'][] = array(
199 'type' => 'success',
200 'log' => array(__FUNCTION__, $_action, $_data),
201 'msg' => sprintf('Pushover API OK (%d): %s', $httpcode, $result)
202 );
203 }
204 else {
205 $_SESSION['return'][] = array(
206 'type' => 'danger',
207 'log' => array(__FUNCTION__, $_action, $_data),
208 'msg' => sprintf('Pushover API ERR (%d): %s', $httpcode, $result)
209 );
210 }
211 }
212 else {
213 $_SESSION['return'][] = array(
214 'type' => 'danger',
215 'log' => array(__FUNCTION__, $_action, $_data),
216 'msg' => 'pushover_credentials_missing'
217 );
218 return false;
219 }
220 }
221 break;
222 }
223}