4 // by Mischa Peters <mischa at high5 dot nl>
5 // Copyright (c) 2022-2023 High5!
6 // License Info: LICENSE.TXT
8 // File: functions.inc.php
10 if (preg_match("/functions.inc.php/", $_SERVER['SCRIPT_NAME'])) {
11 header("Location: login.php");
15 DEFINE("VERSION", "version 1.1");
16 DEFINE('ROOT_PATH', dirname(__FILE__) . DIRECTORY_SEPARATOR);
17 require_once ROOT_PATH . 'conf.php';
20 // Check if debug is enabled or not
22 if (DEBUG == 'true') {
23 ini_set('display_errors', 1);
24 ini_set('display_startup_errors', 1);
25 error_reporting(E_ALL);
27 ini_set('display_errors', 0);
28 ini_set('display_startup_errors', 0);
33 // Action: Check if a session already exists, if not redirect to login.php
34 // Call: check_session()
36 function check_session() {
38 if (empty($_SESSION['sessid']['username'])) {
39 header("Location: login.php");
42 return $_SESSION['sessid']['username'];
47 // Action: Check which role is assighed
50 function check_role($username) {
52 $sth = $dbh->prepare("SELECT role FROM admin WHERE username=?");
53 $sth->bindParam(1, $username, PDO::PARAM_STR);
55 $row = $sth->fetch(PDO::FETCH_ASSOC);
63 // Action: checks what language the browser uses
64 // Call: check_language
65 // Currently only English is supported, no need to run through the check now.
67 function check_language() {
68 return DEFAULT_LANGUAGE;
73 // Action: Hashes the password with bcrypt, make it OpenBSD friendly
74 // Call: bcrypt(string cleartextpassword)
76 function bcrypt($password) {
77 $options = ['cost' => 8];
78 $hashed = password_hash($password, PASSWORD_BCRYPT, $options);
79 $hashed = preg_replace('/\$2y\$/', '\$2b\$', $hashed);
85 // Action: make PDO db connection
86 // Call: pdo_connect()
88 function pdo_connect() {
90 $dbh = new PDO(DB_TYPE . ':host='. DB_HOST . ';dbname='. DB_NAME , DB_USER, DB_PASS, array(PDO::ATTR_PERSISTENT => true));
91 $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
93 } catch (PDOException $e) {
94 echo 'Connection failed: ' . $e;
101 // Action: list all available domains for admin
102 // Call: list_domains(string admin (optional))
104 function list_domains($username = null) {
105 $dbh = pdo_connect();
106 if (isset($username)) {
107 $sth = $dbh->prepare("SELECT * FROM domain INNER JOIN domain_admins ON domain.domain=domain_admins.domain WHERE domain_admins.username=? ORDER BY domain_admins.domain");
108 $sth->bindParam(1, $username, PDO::PARAM_STR);
110 $sth = $dbh->prepare('SELECT * FROM domain ORDER BY domain');
113 $list = $sth->fetchAll();
115 for ($i = 0; $i < count($list); $i++) {
116 $sth = $dbh->prepare("SELECT COUNT(*) FROM alias WHERE domain=? AND goto NOT IN ('vmail')");
117 $sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR);
119 $list[$i]['alias_count'] = $sth->fetchColumn();
121 $sth = $dbh->prepare("SELECT COUNT(*) FROM mailbox WHERE domain=?");
122 $sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR);
124 $list[$i]['mailbox_count'] = $sth->fetchColumn();
131 // Action: list all available aliases for domain
132 // Call: list_aliases(string domain, int offset)
134 function list_aliases($domain, $offset, $limit) {
135 $dbh = pdo_connect();
136 if (ALIAS_CONTROL == 'NO') {
137 $sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.domain=? AND mailbox.maildir IS NULL ORDER BY alias.address LIMIT ?, ?");
139 $sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias WHERE alias.domain=? ORDER BY alias.address LIMIT ?, ?");
141 $sth->bindParam(1, $domain, PDO::PARAM_STR);
142 $sth->bindParam(2, $offset, PDO::PARAM_INT);
143 $sth->bindParam(3, $limit, PDO::PARAM_INT);
145 $list = $sth->fetchAll();
151 // Action: list all available mailboxes for domain
152 // Call: list_mailboxes(string domaini, int offset)
154 function list_mailboxes($domain, $offset, $limit) {
155 $dbh = pdo_connect();
156 $sth = $dbh->prepare("SELECT * FROM mailbox WHERE domain=? ORDER BY username LIMIT ?, ?");
157 $sth->bindParam(1, $domain, PDO::PARAM_STR);
158 $sth->bindParam(2, $offset, PDO::PARAM_INT);
159 $sth->bindParam(3, $limit, PDO::PARAM_INT);
161 $list = $sth->fetchAll();
167 // Action: lists all the admins
168 // Call: list_admins()
170 function list_admins() {
171 $dbh = pdo_connect();
172 $sth = $dbh->prepare('SELECT * FROM admin ORDER BY username');
174 $list = $sth->fetchAll();
176 for ($i = 0; $i < count($list); $i++) {
177 $sth = $dbh->prepare("SELECT COUNT(*) FROM domain_admins WHERE username=?");
178 $sth->bindParam(1, $list[$i]['username'], PDO::PARAM_STR);
180 $list[$i]['domain_count'] = $sth->fetchColumn();
186 // Action: logs actions from admin
187 // Call: logging(string username, string domain, string action, string data)
189 function logging($username, $domain, $action, $data) {
190 $remote_addr = $_SERVER['HTTP_X_CLIENTIP'] ?? $_SERVER['REMOTE_ADDR'];
191 $username = $username . ' (' . $remote_addr . ')';
192 if (LOGGING == 'YES') {
193 $dbh = pdo_connect();
194 $sth = $dbh->prepare("INSERT INTO log (timestamp,username,domain,action,data) VALUES (NOW(),?,?,?,?)");
195 $sth->bindParam(1, $username, PDO::PARAM_STR);
196 $sth->bindParam(2, $domain, PDO::PARAM_STR);
197 $sth->bindParam(3, $action, PDO::PARAM_STR);
198 $sth->bindParam(4, $data, PDO::PARAM_STR);