blob: a2342dfc51ef1bfda52d43bbe3c3ec5dddcc3449 [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +01001<?php
2if (isset($_POST["verify_tfa_login"])) {
3 if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST["token"])) {
4 $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
5 $_SESSION['mailcow_cc_role'] = $_SESSION['pending_mailcow_cc_role'];
6 unset($_SESSION['pending_mailcow_cc_username']);
7 unset($_SESSION['pending_mailcow_cc_role']);
8 unset($_SESSION['pending_tfa_method']);
9 header("Location: /user");
10 }
11}
12
13if (isset($_POST["quick_release"])) {
14 quarantine('quick_release', $_POST["quick_release"]);
15}
16
17if (isset($_POST["quick_delete"])) {
18 quarantine('quick_delete', $_POST["quick_delete"]);
19}
20
21if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
22 $login_user = strtolower(trim($_POST["login_user"]));
23 $as = check_login($login_user, $_POST["pass_user"]);
24 if ($as == "admin") {
25 $_SESSION['mailcow_cc_username'] = $login_user;
26 $_SESSION['mailcow_cc_role'] = "admin";
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010027 header("Location: /admin");
28 }
29 elseif ($as == "domainadmin") {
30 $_SESSION['mailcow_cc_username'] = $login_user;
31 $_SESSION['mailcow_cc_role'] = "domainadmin";
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010032 header("Location: /mailbox");
33 }
34 elseif ($as == "user") {
35 $_SESSION['mailcow_cc_username'] = $login_user;
36 $_SESSION['mailcow_cc_role'] = "user";
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010037 $http_parameters = explode('&', $_SESSION['index_query_string']);
38 unset($_SESSION['index_query_string']);
39 if (in_array('mobileconfig', $http_parameters)) {
40 if (in_array('only_email', $http_parameters)) {
41 header("Location: /mobileconfig.php?email_only");
42 die();
43 }
44 header("Location: /mobileconfig.php");
45 die();
46 }
47 header("Location: /user");
48 }
49 elseif ($as != "pending") {
50 unset($_SESSION['pending_mailcow_cc_username']);
51 unset($_SESSION['pending_mailcow_cc_role']);
52 unset($_SESSION['pending_tfa_method']);
53 unset($_SESSION['mailcow_cc_username']);
54 unset($_SESSION['mailcow_cc_role']);
55 }
56}
57
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +020058if (isset($_SESSION['mailcow_cc_role']) && (isset($_SESSION['acl']['login_as']) && $_SESSION['acl']['login_as'] == "1")) {
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010059 if (isset($_GET["duallogin"])) {
60 $duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));
61 if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {
62 if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {
63 $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
64 $_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role'];
65 $_SESSION['mailcow_cc_username'] = $duallogin;
66 $_SESSION['mailcow_cc_role'] = "user";
67 header("Location: /user");
68 }
69 }
70 else {
71 if (!empty(domain_admin('details', $duallogin))) {
72 $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
73 $_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role'];
74 $_SESSION['mailcow_cc_username'] = $duallogin;
75 $_SESSION['mailcow_cc_role'] = "domainadmin";
76 header("Location: /user");
77 }
78 }
79 }
80}
81
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +020082if (isset($_SESSION['mailcow_cc_role'])) {
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010083 if (isset($_POST["set_tfa"])) {
84 set_tfa($_POST);
85 }
86 if (isset($_POST["unset_tfa_key"])) {
87 unset_tfa_key($_POST);
88 }
89 if (isset($_POST["unset_fido2_key"])) {
90 fido2(array("action" => "unset_fido2_key", "post_data" => $_POST));
91 }
92}
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +020093if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin" && !isset($_SESSION['mailcow_cc_api'])) {
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010094 // TODO: Move file upload to API?
95 if (isset($_POST["submit_main_logo"])) {
96 if ($_FILES['main_logo']['error'] == 0) {
97 customize('add', 'main_logo', $_FILES);
98 }
99 }
100 if (isset($_POST["reset_main_logo"])) {
101 customize('delete', 'main_logo');
102 }
103 // Some actions will not be available via API
104 if (isset($_POST["license_validate_now"])) {
105 license('verify');
106 }
107 if (isset($_POST["admin_api"])) {
108 if (isset($_POST["admin_api"]["ro"])) {
109 admin_api('ro', 'edit', $_POST);
110 }
111 elseif (isset($_POST["admin_api"]["rw"])) {
112 admin_api('rw', 'edit', $_POST);
113 }
114 }
115 if (isset($_POST["admin_api_regen_key"])) {
116 if (isset($_POST["admin_api_regen_key"]["ro"])) {
117 admin_api('ro', 'regen_key', $_POST);
118 }
119 elseif (isset($_POST["admin_api_regen_key"]["rw"])) {
120 admin_api('rw', 'regen_key', $_POST);
121 }
122 }
123 if (isset($_POST["rspamd_ui"])) {
124 rspamd_ui('edit', $_POST);
125 }
126 if (isset($_POST["mass_send"])) {
127 sys_mail($_POST);
128 }
129}
130?>