4 // by Mischa Peters <mischa at high5 dot nl>
5 // Copyright (c) 2022-2023 High5!
6 // License Info: LICENSE.TXT
8 // File: functions.inc.php
10 if (preg_match("/functions.inc.php/", $_SERVER['SCRIPT_NAME'])) {
11 header("Location: login.php");
15 require_once (dirname(__FILE__) . DIRECTORY_SEPARATOR . 'conf.php');
16 define("VERSION", "version 1.0.1");
19 // Check if debug is enabled or not
21 if (DEBUG == 'true') {
22 ini_set('display_errors', 1);
23 ini_set('display_startup_errors', 1);
24 error_reporting(E_ALL);
26 ini_set('display_errors', 0);
27 ini_set('display_startup_errors', 0);
32 // Action: Check if a session already exists, if not redirect to login.php
33 // Call: check_session()
35 function check_session() {
37 if (empty($_SESSION['sessid']['username'])) {
38 header("Location: login.php");
41 return $_SESSION['sessid']['username'];
46 // Action: Check which role is assighed
49 function check_role($username) {
51 $sth = $dbh->prepare("SELECT role FROM admin WHERE username=?");
52 $sth->bindParam(1, $username, PDO::PARAM_STR);
54 $row = $sth->fetch(PDO::FETCH_ASSOC);
62 // Action: checks what language the browser uses
63 // Call: check_language
64 // Currently only English is supported, no need to run through the check now.
66 function check_language() {
67 return DEFAULT_LANGUAGE;
72 // Action: Hashes the password with bcrypt, make it OpenBSD friendly
73 // Call: bcrypt(string cleartextpassword)
75 function bcrypt($password) {
76 $options = ['cost' => 8];
77 $hashed = password_hash($password, PASSWORD_BCRYPT, $options);
78 $hashed = preg_replace('/\$2y\$/', '\$2b\$', $hashed);
84 // Action: make PDO db connection
85 // Call: pdo_connect()
87 function pdo_connect() {
89 $dbh = new PDO(DB_TYPE . ':host='. DB_HOST . ';dbname='. DB_NAME , DB_USER, DB_PASS, array(PDO::ATTR_PERSISTENT => true));
90 $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
92 } catch (PDOException $e) {
93 echo 'Connection failed: ' . $e;
100 // Action: list all available domains for admin
101 // Call: list_domains(string admin (optional))
103 function list_domains($username = null) {
104 $dbh = pdo_connect();
105 if (isset($username)) {
106 $sth = $dbh->prepare("SELECT * FROM domain INNER JOIN domain_admins ON domain.domain=domain_admins.domain WHERE domain_admins.username=? ORDER BY domain_admins.domain");
107 $sth->bindParam(1, $username, PDO::PARAM_STR);
109 $sth = $dbh->prepare('SELECT * FROM domain ORDER BY domain');
112 $list = $sth->fetchAll();
114 for ($i = 0; $i < count($list); $i++) {
115 $sth = $dbh->prepare("SELECT COUNT(*) FROM alias WHERE domain=? AND goto NOT IN ('vmail')");
116 $sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR);
118 $list[$i]['alias_count'] = $sth->fetchColumn();
120 $sth = $dbh->prepare("SELECT COUNT(*) FROM mailbox WHERE domain=?");
121 $sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR);
123 $list[$i]['mailbox_count'] = $sth->fetchColumn();
130 // Action: list all available aliases for domain
131 // Call: list_aliases(string domain, int offset)
133 function list_aliases($domain, $offset, $limit) {
134 $dbh = pdo_connect();
135 if (ALIAS_CONTROL == 'NO') {
136 $sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.domain=? AND mailbox.maildir IS NULL ORDER BY alias.address LIMIT ?, ?");
138 $sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias WHERE alias.domain=? ORDER BY alias.address LIMIT ?, ?");
140 $sth->bindParam(1, $domain, PDO::PARAM_STR);
141 $sth->bindParam(2, $offset, PDO::PARAM_INT);
142 $sth->bindParam(3, $limit, PDO::PARAM_INT);
144 $list = $sth->fetchAll();
150 // Action: list all available mailboxes for domain
151 // Call: list_mailboxes(string domaini, int offset)
153 function list_mailboxes($domain, $offset, $limit) {
154 $dbh = pdo_connect();
155 $sth = $dbh->prepare("SELECT * FROM mailbox WHERE domain=? ORDER BY username LIMIT ?, ?");
156 $sth->bindParam(1, $domain, PDO::PARAM_STR);
157 $sth->bindParam(2, $offset, PDO::PARAM_INT);
158 $sth->bindParam(3, $limit, PDO::PARAM_INT);
160 $list = $sth->fetchAll();
166 // Action: lists all the admins
167 // Call: list_admins()
169 function list_admins() {
170 $dbh = pdo_connect();
171 $sth = $dbh->prepare('SELECT * FROM admin ORDER BY username');
173 $list = $sth->fetchAll();
175 for ($i = 0; $i < count($list); $i++) {
176 $sth = $dbh->prepare("SELECT COUNT(*) FROM domain_admins WHERE username=?");
177 $sth->bindParam(1, $list[$i]['username'], PDO::PARAM_STR);
179 $list[$i]['domain_count'] = $sth->fetchColumn();
185 // Action: logs actions from admin
186 // Call: logging(string username, string domain, string action, string data)
188 function logging($username, $domain, $action, $data) {
189 $remote_addr = $_SERVER['HTTP_X_CLIENTIP'] ?? $_SERVER['REMOTE_ADDR'];
190 $username = $username . ' (' . $remote_addr . ')';
191 if (LOGGING == 'YES') {
192 $dbh = pdo_connect();
193 $sth = $dbh->prepare("INSERT INTO log (timestamp,username,domain,action,data) VALUES (NOW(),?,?,?,?)");
194 $sth->bindParam(1, $username, PDO::PARAM_STR);
195 $sth->bindParam(2, $domain, PDO::PARAM_STR);
196 $sth->bindParam(3, $action, PDO::PARAM_STR);
197 $sth->bindParam(4, $data, PDO::PARAM_STR);