Blob


1 <?php
2 //
3 // OpenSMTPD Admin
4 // by Mischa Peters <mischa at high5 dot nl>
5 // Copyright (c) 2022-2023 High5!
6 // License Info: LICENSE.TXT
7 //
8 // File: functions.inc.php
9 //
10 if (preg_match("/functions.inc.php/", $_SERVER['SCRIPT_NAME'])) {
11 header("Location: login.php");
12 die();
13 }
15 require_once (dirname(__FILE__) . DIRECTORY_SEPARATOR . 'conf.php');
16 define("VERSION", "version 1.0.1");
18 //
19 // Check if debug is enabled or not
20 //
21 if (DEBUG == 'true') {
22 ini_set('display_errors', 1);
23 ini_set('display_startup_errors', 1);
24 error_reporting(E_ALL);
25 } else {
26 ini_set('display_errors', 0);
27 ini_set('display_startup_errors', 0);
28 }
30 //
31 // check_session
32 // Action: Check if a session already exists, if not redirect to login.php
33 // Call: check_session()
34 //
35 function check_session() {
36 session_start();
37 if (empty($_SESSION['sessid']['username'])) {
38 header("Location: login.php");
39 exit;
40 }
41 return $_SESSION['sessid']['username'];
42 }
44 //
45 // check_role
46 // Action: Check which role is assighed
47 // Call: check_role()
48 //
49 function check_role($username) {
50 $dbh = pdo_connect();
51 $sth = $dbh->prepare("SELECT role FROM admin WHERE username=?");
52 $sth->bindParam(1, $username, PDO::PARAM_STR);
53 $sth->execute();
54 $row = $sth->fetch(PDO::FETCH_ASSOC);
55 if (!empty($row)) {
56 return $row['role'];
57 }
58 }
60 //
61 // check_language
62 // Action: checks what language the browser uses
63 // Call: check_language
64 // Currently only English is supported, no need to run through the check now.
65 //
66 function check_language() {
67 return DEFAULT_LANGUAGE;
68 }
70 //
71 // bcrypt
72 // Action: Hashes the password with bcrypt, make it OpenBSD friendly
73 // Call: bcrypt(string cleartextpassword)
74 //
75 function bcrypt($password) {
76 $options = ['cost' => 8];
77 $hashed = password_hash($password, PASSWORD_BCRYPT, $options);
78 $hashed = preg_replace('/\$2y\$/', '\$2b\$', $hashed);
79 return $hashed;
80 }
82 //
83 // pdo_connect
84 // Action: make PDO db connection
85 // Call: pdo_connect()
86 //
87 function pdo_connect() {
88 try {
89 $dbh = new PDO(DB_TYPE . ':host='. DB_HOST . ';dbname='. DB_NAME , DB_USER, DB_PASS, array(PDO::ATTR_PERSISTENT => true));
90 $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
91 return $dbh;
92 } catch (PDOException $e) {
93 echo 'Connection failed: ' . $e;
94 die();
95 }
96 }
98 //
99 // list_domains
100 // Action: list all available domains for admin
101 // Call: list_domains(string admin (optional))
102 //
103 function list_domains($username = null) {
104 $dbh = pdo_connect();
105 if (isset($username)) {
106 $sth = $dbh->prepare("SELECT * FROM domain INNER JOIN domain_admins ON domain.domain=domain_admins.domain WHERE domain_admins.username=? ORDER BY domain_admins.domain");
107 $sth->bindParam(1, $username, PDO::PARAM_STR);
108 } else {
109 $sth = $dbh->prepare('SELECT * FROM domain ORDER BY domain');
111 $sth->execute();
112 $list = $sth->fetchAll();
114 for ($i = 0; $i < count($list); $i++) {
115 $sth = $dbh->prepare("SELECT COUNT(*) FROM alias WHERE domain=? AND goto NOT IN ('vmail')");
116 $sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR);
117 $sth->execute();
118 $list[$i]['alias_count'] = $sth->fetchColumn();
120 $sth = $dbh->prepare("SELECT COUNT(*) FROM mailbox WHERE domain=?");
121 $sth->bindParam(1, $list[$i]['domain'], PDO::PARAM_STR);
122 $sth->execute();
123 $list[$i]['mailbox_count'] = $sth->fetchColumn();
125 return $list;
128 //
129 // list_aliases
130 // Action: list all available aliases for domain
131 // Call: list_aliases(string domain, int offset)
132 //
133 function list_aliases($domain, $offset, $limit) {
134 $dbh = pdo_connect();
135 if (ALIAS_CONTROL == 'NO') {
136 $sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.domain=? AND mailbox.maildir IS NULL ORDER BY alias.address LIMIT ?, ?");
137 } else {
138 $sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias WHERE alias.domain=? ORDER BY alias.address LIMIT ?, ?");
140 $sth->bindParam(1, $domain, PDO::PARAM_STR);
141 $sth->bindParam(2, $offset, PDO::PARAM_INT);
142 $sth->bindParam(3, $limit, PDO::PARAM_INT);
143 $sth->execute();
144 $list = $sth->fetchAll();
145 return $list;
148 //
149 // list_mailboxes
150 // Action: list all available mailboxes for domain
151 // Call: list_mailboxes(string domaini, int offset)
152 //
153 function list_mailboxes($domain, $offset, $limit) {
154 $dbh = pdo_connect();
155 $sth = $dbh->prepare("SELECT * FROM mailbox WHERE domain=? ORDER BY username LIMIT ?, ?");
156 $sth->bindParam(1, $domain, PDO::PARAM_STR);
157 $sth->bindParam(2, $offset, PDO::PARAM_INT);
158 $sth->bindParam(3, $limit, PDO::PARAM_INT);
159 $sth->execute();
160 $list = $sth->fetchAll();
161 return $list;
164 //
165 // list_admins
166 // Action: lists all the admins
167 // Call: list_admins()
168 //
169 function list_admins() {
170 $dbh = pdo_connect();
171 $sth = $dbh->prepare('SELECT * FROM admin ORDER BY username');
172 $sth->execute();
173 $list = $sth->fetchAll();
175 for ($i = 0; $i < count($list); $i++) {
176 $sth = $dbh->prepare("SELECT COUNT(*) FROM domain_admins WHERE username=?");
177 $sth->bindParam(1, $list[$i]['username'], PDO::PARAM_STR);
178 $sth->execute();
179 $list[$i]['domain_count'] = $sth->fetchColumn();
181 return $list;
184 // logging
185 // Action: logs actions from admin
186 // Call: logging(string username, string domain, string action, string data)
187 //
188 function logging($username, $domain, $action, $data) {
189 $remote_addr = $_SERVER['HTTP_X_CLIENTIP'] ?? $_SERVER['REMOTE_ADDR'];
190 $username = $username . ' (' . $remote_addr . ')';
191 if (LOGGING == 'YES') {
192 $dbh = pdo_connect();
193 $sth = $dbh->prepare("INSERT INTO log (timestamp,username,domain,action,data) VALUES (NOW(),?,?,?,?)");
194 $sth->bindParam(1, $username, PDO::PARAM_STR);
195 $sth->bindParam(2, $domain, PDO::PARAM_STR);
196 $sth->bindParam(3, $action, PDO::PARAM_STR);
197 $sth->bindParam(4, $data, PDO::PARAM_STR);
198 $sth->execute();
201 ?>