3 386bf42a 2022-08-18 mischa // OpenSMTPD Admin
4 386bf42a 2022-08-18 mischa // by Mischa Peters <mischa at high5 dot nl>
5 b3d40d7e 2023-10-14 mischa // Copyright (c) 2022-2023 High5!
6 386bf42a 2022-08-18 mischa // License Info: LICENSE.TXT
8 386bf42a 2022-08-18 mischa // File: functions.inc.php
10 ce57049a 2022-09-11 mischa if (preg_match("/functions.inc.php/", $_SERVER['SCRIPT_NAME'])) {
11 386bf42a 2022-08-18 mischa header("Location: login.php");
15 d0886396 2023-10-15 mischa DEFINE("VERSION", "version 1.1");
16 57705772 2023-10-15 mischa DEFINE('ROOT_PATH', dirname(__FILE__) . DIRECTORY_SEPARATOR);
17 57705772 2023-10-15 mischa require_once ROOT_PATH . 'conf.php';
20 51829c6f 2022-09-05 mischa // Check if debug is enabled or not
22 461ed9a5 2022-09-02 mischa if (DEBUG == 'true') {
23 e1b16e25 2022-08-21 mischa ini_set('display_errors', 1);
24 e1b16e25 2022-08-21 mischa ini_set('display_startup_errors', 1);
25 e1b16e25 2022-08-21 mischa error_reporting(E_ALL);
27 e1b16e25 2022-08-21 mischa ini_set('display_errors', 0);
28 e1b16e25 2022-08-21 mischa ini_set('display_startup_errors', 0);
32 386bf42a 2022-08-18 mischa // check_session
33 386bf42a 2022-08-18 mischa // Action: Check if a session already exists, if not redirect to login.php
34 51829c6f 2022-09-05 mischa // Call: check_session()
36 ce57049a 2022-09-11 mischa function check_session() {
37 386bf42a 2022-08-18 mischa session_start();
38 ce57049a 2022-09-11 mischa if (empty($_SESSION['sessid']['username'])) {
39 386bf42a 2022-08-18 mischa header("Location: login.php");
42 ce57049a 2022-09-11 mischa return $_SESSION['sessid']['username'];
46 080e0cc0 2022-09-05 mischa // check_role
47 080e0cc0 2022-09-05 mischa // Action: Check which role is assighed
48 080e0cc0 2022-09-05 mischa // Call: check_role()
50 1575a178 2022-09-06 mischa function check_role($username) {
51 1575a178 2022-09-06 mischa $dbh = pdo_connect();
52 1575a178 2022-09-06 mischa $sth = $dbh->prepare("SELECT role FROM admin WHERE username=?");
53 1575a178 2022-09-06 mischa $sth->bindParam(1, $username, PDO::PARAM_STR);
54 1575a178 2022-09-06 mischa $sth->execute();
55 1575a178 2022-09-06 mischa $row = $sth->fetch(PDO::FETCH_ASSOC);
56 1575a178 2022-09-06 mischa if (!empty($row)) {
57 1575a178 2022-09-06 mischa return $row['role'];
62 386bf42a 2022-08-18 mischa // check_language
63 386bf42a 2022-08-18 mischa // Action: checks what language the browser uses
64 386bf42a 2022-08-18 mischa // Call: check_language
65 51829c6f 2022-09-05 mischa // Currently only English is supported, no need to run through the check now.
67 386bf42a 2022-08-18 mischa function check_language() {
68 1c10461f 2022-09-03 mischa return DEFAULT_LANGUAGE;
73 51829c6f 2022-09-05 mischa // Action: Hashes the password with bcrypt, make it OpenBSD friendly
74 759223e7 2022-09-04 mischa // Call: bcrypt(string cleartextpassword)
76 759223e7 2022-09-04 mischa function bcrypt($password) {
77 759223e7 2022-09-04 mischa $options = ['cost' => 8];
78 759223e7 2022-09-04 mischa $hashed = password_hash($password, PASSWORD_BCRYPT, $options);
79 759223e7 2022-09-04 mischa $hashed = preg_replace('/\$2y\$/', '\$2b\$', $hashed);
80 759223e7 2022-09-04 mischa return $hashed;
84 759223e7 2022-09-04 mischa // pdo_connect
85 51829c6f 2022-09-05 mischa // Action: make PDO db connection
86 759223e7 2022-09-04 mischa // Call: pdo_connect()
88 759223e7 2022-09-04 mischa function pdo_connect() {
90 461ed9a5 2022-09-02 mischa $dbh = new PDO(DB_TYPE . ':host='. DB_HOST . ';dbname='. DB_NAME , DB_USER, DB_PASS, array(PDO::ATTR_PERSISTENT => true));
91 461ed9a5 2022-09-02 mischa $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
92 461ed9a5 2022-09-02 mischa return $dbh;
93 461ed9a5 2022-09-02 mischa } catch (PDOException $e) {
94 461ed9a5 2022-09-02 mischa echo 'Connection failed: ' . $e;
100 461ed9a5 2022-09-02 mischa // list_domains
101 51829c6f 2022-09-05 mischa // Action: list all available domains for admin
102 461ed9a5 2022-09-02 mischa // Call: list_domains(string admin (optional))
104 461ed9a5 2022-09-02 mischa function list_domains($username = null) {
105 759223e7 2022-09-04 mischa $dbh = pdo_connect();
106 461ed9a5 2022-09-02 mischa if (isset($username)) {
107 461ed9a5 2022-09-02 mischa $sth = $dbh->prepare("SELECT * FROM domain INNER JOIN domain_admins ON domain.domain=domain_admins.domain WHERE domain_admins.username=? ORDER BY domain_admins.domain");
108 461ed9a5 2022-09-02 mischa $sth->bindParam(1, $username, PDO::PARAM_STR);
110 461ed9a5 2022-09-02 mischa $sth = $dbh->prepare('SELECT * FROM domain ORDER BY domain');
112 461ed9a5 2022-09-02 mischa $sth->execute();
113 1c10461f 2022-09-03 mischa $list = $sth->fetchAll();
115 461ed9a5 2022-09-02 mischa for ($i = 0; $i < count($list); $i++) {
116 461ed9a5 2022-09-02 mischa $sth = $dbh->prepare("SELECT COUNT(*) FROM alias WHERE domain=? AND goto NOT IN ('vmail')");
117 461ed9a5 2022-09-02 mischa $sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR);
118 461ed9a5 2022-09-02 mischa $sth->execute();
119 461ed9a5 2022-09-02 mischa $list[$i]['alias_count'] = $sth->fetchColumn();
121 461ed9a5 2022-09-02 mischa $sth = $dbh->prepare("SELECT COUNT(*) FROM mailbox WHERE domain=?");
122 461ed9a5 2022-09-02 mischa $sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR);
123 461ed9a5 2022-09-02 mischa $sth->execute();
124 461ed9a5 2022-09-02 mischa $list[$i]['mailbox_count'] = $sth->fetchColumn();
126 461ed9a5 2022-09-02 mischa return $list;
130 461ed9a5 2022-09-02 mischa // list_aliases
131 51829c6f 2022-09-05 mischa // Action: list all available aliases for domain
132 461ed9a5 2022-09-02 mischa // Call: list_aliases(string domain, int offset)
134 461ed9a5 2022-09-02 mischa function list_aliases($domain, $offset, $limit) {
135 759223e7 2022-09-04 mischa $dbh = pdo_connect();
136 461ed9a5 2022-09-02 mischa if (ALIAS_CONTROL == 'NO') {
137 461ed9a5 2022-09-02 mischa $sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.domain=? AND mailbox.maildir IS NULL ORDER BY alias.address LIMIT ?, ?");
139 461ed9a5 2022-09-02 mischa $sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias WHERE alias.domain=? ORDER BY alias.address LIMIT ?, ?");
141 461ed9a5 2022-09-02 mischa $sth->bindParam(1, $domain, PDO::PARAM_STR);
142 461ed9a5 2022-09-02 mischa $sth->bindParam(2, $offset, PDO::PARAM_INT);
143 461ed9a5 2022-09-02 mischa $sth->bindParam(3, $limit, PDO::PARAM_INT);
144 461ed9a5 2022-09-02 mischa $sth->execute();
145 461ed9a5 2022-09-02 mischa $list = $sth->fetchAll();
146 386bf42a 2022-08-18 mischa return $list;
150 461ed9a5 2022-09-02 mischa // list_mailboxes
151 51829c6f 2022-09-05 mischa // Action: list all available mailboxes for domain
152 461ed9a5 2022-09-02 mischa // Call: list_mailboxes(string domaini, int offset)
154 461ed9a5 2022-09-02 mischa function list_mailboxes($domain, $offset, $limit) {
155 759223e7 2022-09-04 mischa $dbh = pdo_connect();
156 461ed9a5 2022-09-02 mischa $sth = $dbh->prepare("SELECT * FROM mailbox WHERE domain=? ORDER BY username LIMIT ?, ?");
157 461ed9a5 2022-09-02 mischa $sth->bindParam(1, $domain, PDO::PARAM_STR);
158 461ed9a5 2022-09-02 mischa $sth->bindParam(2, $offset, PDO::PARAM_INT);
159 461ed9a5 2022-09-02 mischa $sth->bindParam(3, $limit, PDO::PARAM_INT);
160 461ed9a5 2022-09-02 mischa $sth->execute();
161 461ed9a5 2022-09-02 mischa $list = $sth->fetchAll();
162 386bf42a 2022-08-18 mischa return $list;
166 386bf42a 2022-08-18 mischa // list_admins
167 51829c6f 2022-09-05 mischa // Action: lists all the admins
168 386bf42a 2022-08-18 mischa // Call: list_admins()
170 386bf42a 2022-08-18 mischa function list_admins() {
171 51829c6f 2022-09-05 mischa $dbh = pdo_connect();
172 461ed9a5 2022-09-02 mischa $sth = $dbh->prepare('SELECT * FROM admin ORDER BY username');
173 461ed9a5 2022-09-02 mischa $sth->execute();
174 461ed9a5 2022-09-02 mischa $list = $sth->fetchAll();
176 461ed9a5 2022-09-02 mischa for ($i = 0; $i < count($list); $i++) {
177 461ed9a5 2022-09-02 mischa $sth = $dbh->prepare("SELECT COUNT(*) FROM domain_admins WHERE username=?");
178 461ed9a5 2022-09-02 mischa $sth->bindParam(1, $list[$i]['username'], PDO::PARAM_STR);
179 461ed9a5 2022-09-02 mischa $sth->execute();
180 461ed9a5 2022-09-02 mischa $list[$i]['domain_count'] = $sth->fetchColumn();
182 386bf42a 2022-08-18 mischa return $list;
185 461ed9a5 2022-09-02 mischa // logging
186 51829c6f 2022-09-05 mischa // Action: logs actions from admin
187 461ed9a5 2022-09-02 mischa // Call: logging(string username, string domain, string action, string data)
189 461ed9a5 2022-09-02 mischa function logging($username, $domain, $action, $data) {
190 461ed9a5 2022-09-02 mischa $remote_addr = $_SERVER['HTTP_X_CLIENTIP'] ?? $_SERVER['REMOTE_ADDR'];
191 461ed9a5 2022-09-02 mischa $username = $username . ' (' . $remote_addr . ')';
192 461ed9a5 2022-09-02 mischa if (LOGGING == 'YES') {
193 759223e7 2022-09-04 mischa $dbh = pdo_connect();
194 461ed9a5 2022-09-02 mischa $sth = $dbh->prepare("INSERT INTO log (timestamp,username,domain,action,data) VALUES (NOW(),?,?,?,?)");
195 461ed9a5 2022-09-02 mischa $sth->bindParam(1, $username, PDO::PARAM_STR);
196 461ed9a5 2022-09-02 mischa $sth->bindParam(2, $domain, PDO::PARAM_STR);
197 461ed9a5 2022-09-02 mischa $sth->bindParam(3, $action, PDO::PARAM_STR);
198 461ed9a5 2022-09-02 mischa $sth->bindParam(4, $data, PDO::PARAM_STR);
199 461ed9a5 2022-09-02 mischa $sth->execute();