commit - 7df7b1d82470aa6c1f238481c600764935540ffa
commit + 4db75ba3287381df26d2e832b750899e872fe8a4
blob - /dev/null
blob + 4e76234c0e2295b006a2c38e2145078e74237552 (mode 644)
--- /dev/null
+++ admin.php
+<?php
+//
+// OpenSMTPD Admin
+// by Mischa Peters <mischa at high5 dot nl>
+// Copyright (c) 2022 High5!
+// License Info: LICENSE.TXT
+//
+// File: admin.php
+//
+// Template File: admin_admin.tpl
+//
+//
+// Template Variables:
+//
+// action
+// message
+// username
+// domains
+//
+// POST / GET Variables:
+//
+// username
+// password1
+// password2
+// domains
+//
+require_once './functions.inc.php';
+include './languages/' . check_language() . '.lang';
+
+$SESSID_USERNAME = check_session();
+$PERMISSIONS = check_permissions();
+
+if ($PERMISSIONS != ADMIN_RIGHTS) {
+ header("Location: list-domain.php");
+ die();;
+}
+
+$list_domains = list_domains();
+$list_admins = list_admins();
+
+if ($_SERVER['REQUEST_METHOD'] == "GET") {
+ $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add';
+ if ($action == 'edit') {
+ $username = filter_input(INPUT_GET, 'username', FILTER_VALIDATE_EMAIL);
+ $domains['domains'] = array_column(list_domains($username), 'domain');
+ }
+}
+
+if ($_SERVER['REQUEST_METHOD'] == "POST") {
+ $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add';
+ $username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);
+ $password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
+ $password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
+ $domains = filter_input_array(INPUT_POST, array('domains' => array('filter' => FILTER_VALIDATE_DOMAIN, 'flags' => FILTER_REQUIRE_ARRAY)));
+
+
+ if ($action == 'add') {
+ if (empty($username) || in_array($username, array_column($list_admins, 'username'))) {
+ $message = $LANG['AdminAdd_admin_username_error'];
+ }
+
+ if (empty($password1) || $password1 != $password2) {
+ $message = $LANG['AdminAdd_admin_password_error'];
+ }
+
+ if (empty($domains['domains'])) {
+ $message = $LANG['AdminAdd_admin_domain_error'];
+ }
+
+ if (empty($message)) {
+ $hashed = bcrypt($password1);
+ try {
+ $dbh = pdo_connect();
+ $sth = $dbh->prepare("INSERT INTO admin (username,password,created,modified) VALUES (?,?,NOW(),NOW())");
+ $sth->bindParam(1, $username, PDO::PARAM_STR);
+ $sth->bindParam(2, $hashed, PDO::PARAM_STR);
+ $sth->execute();
+ foreach ($domains['domains'] as $row) {
+ $sth = $dbh->prepare("INSERT INTO domain_admins (username,domain,created) VALUES (?,?,NOW())");
+ $sth->bindParam(1, $username, PDO::PARAM_STR);
+ $sth->bindParam(2, $row, PDO::PARAM_STR);
+ $sth->execute();
+ }
+ $message = $LANG['AdminAdd_admin_result_succes'] . "<br />($username)</br />";
+ } catch(PDOException $e) {
+ $message = $LANG['AdminAdd_admin_result_error'] . "<br />($username)<br />";
+ }
+ }
+ }
+
+ if (in_array($username, array_column($list_admins, 'username')) && $action == 'edit') {
+ if ($password1 != $password2) {
+ $message = $LANG['AdminAdd_admin_password_error'];
+ }
+ if (empty($message) && !empty($password1)) {
+ $hashed = bcrypt($password1);
+ try {
+ $dbh = pdo_connect();
+ $sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");
+ $sth->bindParam(1, $hashed, PDO::PARAM_STR);
+ $sth->bindParam(2, $username, PDO::PARAM_STR);
+ $sth->execute();
+ } catch(PDOException $e) {
+ $message = $LANG['AdminEdit_admin_result_error'] . "<br />($username)<br />";
+ }
+ }
+
+ if (empty($domains['domains'])) {
+ $message = $LANG['AdminAdd_admin_domain_error'];
+ }
+ if (empty($message)) {
+ try {
+ $dbh = pdo_connect();
+ $sth = $dbh->prepare("SELECT COUNT(*) FROM domain_admins WHERE username=?");
+ $sth->execute(array($username));
+ $count_domain_admins = $sth->fetchColumn();
+
+ $sth = $dbh->prepare("DELETE FROM domain_admins WHERE username=?");
+ $sth->execute(array($username));
+ if ($sth->rowCount() != $count_domain_admins) {
+ throw new RuntimeException('Unable to delete entries from the domain_admins table.');
+ }
+
+ foreach ($domains['domains'] as $row) {
+ $sth = $dbh->prepare("INSERT INTO domain_admins (username,domain,created) VALUES (?,?,NOW())");
+ $sth->bindParam(1, $username, PDO::PARAM_STR);
+ $sth->bindParam(2, $row, PDO::PARAM_STR);
+ $sth->execute();
+ }
+ header("Location: list-admin.php");
+ } catch (RuntimeException $e) {
+ $message = $LANG['AdminEdit_admin_result_error'];
+ } catch (PDOException $e) {
+ $message = $LANG['AdminEdit_admin_result_error'];
+ }
+ }
+ }
+}
+include './templates/header.tpl';
+include './templates/menu.tpl';
+include './templates/admin.tpl';
+include './templates/footer.tpl';
+?>
blob - /dev/null
blob + d9546e3965c2045cc96af93609b3027237514033 (mode 644)
--- /dev/null
+++ backup.php
+<?php
+//
+// OpenSMTPD Admin
+// by Mischa Peters <mischa at high5 dot nl>
+// Copyright (c) 2022 High5!
+// License Info: LICENSE.TXT
+//
+// File: backup.php
+//
+// Template File: -none-
+//
+// Template Variables:
+//
+// -none-
+//
+// POST / GET Variables:
+//
+// -none-
+//
+require_once './functions.inc.php';
+include './languages/' . check_language() . '.lang';
+date_default_timezone_set('Europe/Amsterdam');
+
+$SESSID_USERNAME = check_session();
+$PERMISSIONS = check_permissions();
+
+if ($PERMISSIONS != ADMIN_RIGHTS) {
+ header("Location: list-domain.php");
+ die();;
+}
+
+if ($_SERVER['REQUEST_METHOD'] == "GET") {
+ umask(077);
+ $filename = "opensmtpadmin-" . date("Ymd") . "-" . getmypid() . ".sql";
+ $backup = "/tmp/" . $filename;
+ $header = "#\n# OpenSMTPD Admin " . VERSION . "\n# Date: " . date("D M j G:i:s T Y") . "\n#\n";
+ $tables = array('admin','alias','domain','domain_admins','log','mailbox','vacation');
+
+ if (!$fh = fopen($backup, 'w')) {
+ $message = "<div class=\"error_msg\">Cannot open file ($backup)</div>";
+ }
+
+ if (empty($message)) {
+ fwrite($fh, $header);
+ $dbh = pdo_connect();
+ foreach ($tables as $table) {
+ $sth = $dbh->query("SHOW CREATE TABLE $table");
+ $row = $sth->fetch(PDO::FETCH_ASSOC);
+ fwrite ($fh, $row['Create Table']. "\n\n");
+ }
+ foreach ($tables as $table) {
+ $sth = $dbh->query("SELECT * FROM $table");
+ while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
+ foreach ($row as $k => $v) {
+ $keys[] = $k;
+ $values[] = $v;
+ }
+ fwrite($fh, "INSERT INTO ". $table . " (". implode (',',$keys) . ") VALUES ('" . implode ('\',\'',$values) . "')\n");
+ $keys = array();
+ $values = array();
+ }
+ }
+ header("Content-Type: application/octet-stream");
+ header("Content-Disposition: attachment; filename=\"$filename\"");
+ header("Content-Transfer-Encoding: binary");
+ header("Content-Length: " . filesize("$backup"));
+ header("Content-Description: OpenSMTPD Admin");
+ $download_backup = fopen("$backup", "r");
+ unlink("$backup");
+ fpassthru($download_backup);
+ } else {
+ include './templates/header.tpl';
+ include './templates/menu.tpl';
+ include './templates/message.tpl';
+ include './templates/footer.tpl';
+ }
+}
+?>
blob - /dev/null
blob + 77985b2b3e6393be0b6931f43b1b97a9e63d8e1e (mode 644)
--- /dev/null
+++ domain.php
+<?php
+//
+// OpenSMTPD Admin
+// by Mischa Peters <mischa at high5 dot nl>
+// Copyright (c) 2022 High5!
+// License Info: LICENSE.TXT
+//
+// File: domain.php
+//
+// Template File: domain.tpl
+//
+// Template Variables:
+//
+// action
+// message
+// domain
+// description
+// aliases
+// mailboxes
+//
+// POST / GET Variables:
+//
+// domain
+// description
+// aliases
+// mailboxes
+//
+require_once './functions.inc.php';
+include './languages/' . check_language() . '.lang';
+
+$SESSID_USERNAME = check_session();
+$PERMISSIONS = check_permissions();
+
+if ($PERMISSIONS != ADMIN_RIGHTS) {
+ header("Location: list-domain.php");
+ die();
+}
+
+$list_domains = list_domains();
+
+if ($_SERVER['REQUEST_METHOD'] == "GET") {
+ $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add';
+ if ($action == 'edit') {
+ $domain = filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN);
+ $domain_key = array_search($domain, array_column($list_domains, 'domain'));
+ $description = $list_domains[$domain_key]['description'];
+ $aliases = $list_domains[$domain_key]['aliases'];
+ $mailboxes = $list_domains[$domain_key]['mailboxes'];
+ }
+}
+
+if ($_SERVER['REQUEST_METHOD'] == "POST") {
+ $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add';
+ $domain = strtolower(filter_input(INPUT_POST, 'domain', FILTER_VALIDATE_DOMAIN));
+ $description = filter_input(INPUT_POST, 'description', FILTER_CALLBACK, array('options' => 'htmlspecialchars'));
+ $aliases = filter_input(INPUT_POST, 'aliases', FILTER_VALIDATE_INT);
+ $mailboxes = filter_input(INPUT_POST, 'mailboxes', FILTER_VALIDATE_INT);
+
+ if (!in_array($domain, array_column($list_domains, 'domain'))) {
+ try {
+ $dbh = pdo_connect();
+ $sth = $dbh->prepare("INSERT INTO domain (domain,description,aliases,mailboxes,created,modified) VALUES (?,?,?,?,NOW(),NOW())");
+ $sth->bindParam(1, $domain, PDO::PARAM_STR);
+ $sth->bindParam(2, $description, PDO::PARAM_STR);
+ $sth->bindParam(3, $aliases, PDO::PARAM_INT);
+ $sth->bindParam(4, $mailboxes, PDO::PARAM_INT);
+ $sth->execute();
+ $message = $LANG['AdminAdd_domain_result_succes'] . "<br />($domain)</br />";
+ } catch(PDOException $e) {
+ $message = $LANG['AdminAdd_domain_result_error'] . "<br />($domain)<br />";
+ }
+ } else {
+ $message = $LANG['AdminAdd_domain_domain_text_error'];
+ }
+
+ if (in_array($domain, array_column($list_domains, 'domain')) && $action == 'edit') {
+ try {
+ $dbh = pdo_connect();
+ $sth = $dbh->prepare("UPDATE domain SET description=?,aliases=?,mailboxes=?,modified=NOW() WHERE domain=?");
+ $sth->bindParam(1, $description, PDO::PARAM_STR);
+ $sth->bindParam(2, $aliases, PDO::PARAM_INT);
+ $sth->bindParam(3, $mailboxes, PDO::PARAM_INT);
+ $sth->bindParam(4, $domain, PDO::PARAM_STR);
+ $sth->execute();
+ header("Location: list-domain.php");
+ } catch(PDOException $e) {
+ $message = $LANG['AdminEdit_domain_result_error'];
+ }
+ }
+}
+
+include './templates/header.tpl';
+include './templates/menu.tpl';
+include './templates/domain.tpl';
+include './templates/footer.tpl';
+?>
blob - /dev/null
blob + 161567f71683fd36971715a34e2016ebe5e0f9c2 (mode 644)
--- /dev/null
+++ list-admin.php
+<?php
+//
+// OpenSMTPD Admin
+// by Mischa Peters <mischa at high5 dot nl>
+// Copyright (c) 2022 High5!
+// License Info: LICENSE.TXT
+//
+// File: list-admin.php
+//
+// Template File: list-admin.tpl
+//
+// Template Variables:
+//
+// list_admins
+//
+// POST / GET Variables:
+//
+// -none-
+//
+require './functions.inc.php';
+include './languages/' . check_language() . '.lang';
+
+$SESSID_USERNAME = check_session();
+$PERMISSIONS = check_permissions();
+$admin = $SESSID_USERNAME ?? ADMIN_EMAIL;
+
+$list_admins = array();
+
+if ($_SERVER['REQUEST_METHOD'] == "GET") {
+ if ($PERMISSIONS == ADMIN_RIGHTS) {
+ $list_admins = list_admins();
+ }
+}
+include './templates/header.tpl';
+include './templates/menu.tpl';
+include './templates/admin_list-admin.tpl';
+include './templates/footer.tpl';
+?>
blob - /dev/null
blob + 53fd0ee6f6608b0ada1b3213bb8bc7fcab1a0318 (mode 644)
--- /dev/null
+++ templates/admin.tpl
+<div id="edit_form">
+<form name="create_admin" method="post">
+<table>
+ <tr>
+ <?php if ($action == 'edit') { ?>
+ <td colspan="2"><h3><?php echo $LANG['AdminEdit_admin_welcome']; ?></h3></td>
+ <?php } else { ?>
+ <td colspan="2"><h3><?php echo $LANG['AdminAdd_admin_welcome']; ?></h3></td>
+ <?php } ?>
+ </tr>
+ <tr>
+ <td><?php echo $LANG['AdminAdd_admin_username'] . ":"; ?></td>
+ <?php if ($action == 'edit') { ?>
+ <td><input class="flat" type="hidden" name="username" value="<?php echo $username; ?>" /><?php echo $username; ?></td>
+ <?php } else { ?>
+ <td><input class="flat" type="text" name="username" value="<?php echo $username ?? ''; ?>" /></td>
+ <?php } ?>
+ </tr>
+ <tr>
+ <td><?php echo $LANG['AdminAdd_admin_password1'] . ":"; ?></td>
+ <td><input class="flat" type="password" name="password1" /></td>
+ </tr>
+ <tr>
+ <td><?php echo $LANG['AdminAdd_admin_password2'] . ":"; ?></td>
+ <td><input class="flat" type="password" name="password2" /></td>
+ </tr>
+ <tr>
+ <td><?php echo $LANG['AdminAdd_admin_address'] . ":"; ?></td>
+ <td>
+ <select name="domains[]" size="10" multiple="multiple">
+ <?php
+ foreach ($list_domains as $row) {
+ echo '<option value="' . $row['domain'] . '"';
+ if (isset($domains['domains']) && in_array($row['domain'], $domains['domains'])) echo ' selected';
+ echo ">" . $row['domain'] . "</option>";
+ }
+ ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <?php if ($action == 'edit') { ?>
+ <td colspan="2" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['AdminEdit_admin_button']; ?>" /></td>
+ <?php } else { ?>
+ <td colspan="2" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['AdminAdd_admin_button']; ?>" /></td>
+ <?php } ?>
+ </tr>
+ <tr>
+ <td colspan="2" class="standout"><?php echo $message ?? ' '; ?></td>
+ </tr>
+</table>
+</form>
+</div>
blob - /dev/null
blob + 1507c4da47a966da93019ca3ad8ac0bf1e3f2486 (mode 644)
--- /dev/null
+++ templates/domain.tpl
+<div id="edit_form">
+<form name="create_domain" method="post">
+<table>
+ <tr>
+ <?php if ($action == 'edit') { ?>
+ <td colspan="3"><h3><?php echo $LANG['AdminEdit_domain_welcome']; ?></h3></td>
+ <?php } else { ?>
+ <td colspan="3"><h3><?php echo $LANG['AdminAdd_domain_welcome']; ?></h3></td>
+ <?php } ?>
+ </tr>
+ <tr>
+ <td><?php echo $LANG['AdminAdd_domain_domain'] . ":"; ?></td>
+ <?php if ($action == 'edit') { ?>
+ <td><input class="flat" type="hidden" name="domain" value="<?php echo $domain; ?>" /><?php echo $domain; ?></td>
+ <?php } else { ?>
+ <td><input class="flat" type="text" name="domain" value="<?php echo $domain ?? ''; ?>" /></td>
+ <td> </td>
+ <?php } ?>
+ </tr>
+ <tr>
+ <td><?php echo $LANG['AdminAdd_domain_description'] . ":"; ?></td>
+ <td><input class="flat" type="text" name="description" value="<?php echo $description ?? ''; ?>" /></td>
+ <td> </td>
+ </tr>
+ <tr>
+ <td><?php echo $LANG['AdminAdd_domain_aliases'] . ":"; ?></td>
+ <td><input class="flat" type="text" name="aliases" value="<?php echo $aliases ?? ALIASES; ?>" /></td>
+ <td><?php echo $LANG['AdminAdd_domain_aliases_text']; ?></td>
+ </tr>
+ <tr>
+ <td><?php echo $LANG['AdminAdd_domain_mailboxes'] . ":"; ?></td>
+ <td><input class="flat" type="text" name="mailboxes" value="<?php echo $mailboxes ?? MAILBOXES; ?>" /></td>
+ <td><?php echo $LANG['AdminAdd_domain_mailboxes_text']; ?></td>
+ </tr>
+ <tr>
+ <?php if ($action == 'edit') { ?>
+ <td colspan="3" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['AdminEdit_domain_button']; ?>" /></td>
+ <?php } else { ?>
+ <td colspan="3" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['AdminAdd_domain_button']; ?>" /></td>
+ <?php } ?>
+ </tr>
+ <tr>
+ <td colspan="3" class="standout"><?php echo $message ?? ' '; ?></td>
+ </tr>
+</table>
+</form>
+</div>
