commit - a628e105b023de47f351df6d0097cdd032cc2a31
commit + 759223e7d7e28b6acf7d19f891b0fbdabb2e220e
blob - 49c73dac4f362120e7d47f803c36defcb3299192
blob + d9404d56f6610698c3008d332c71b879557c6b73
--- add-alias.php
+++ add-alias.php
if ($domain_exist && empty($message)) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("INSERT INTO alias (address,goto,domain,created,modified) VALUES (?,?,?,NOW(),NOW())");
$sth->bindParam(1, $from, PDO::PARAM_STR);
$sth->bindParam(2, $goto, PDO::PARAM_STR);
blob - 7c33a7c5a634641cd662b9a8648202996dbb3590
blob + 11722940405517541a67012324839750a91e4965
--- add-mailbox.php
+++ add-mailbox.php
$maildir = $from . "/";
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("INSERT INTO alias (address,goto,domain,created,modified) VALUES (?,'vmail',?,NOW(),NOW())");
$sth->bindParam(1, $from, PDO::PARAM_STR);
$sth->bindParam(2, $domain, PDO::PARAM_STR);
}
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("INSERT INTO mailbox (username,password,name,maildir,domain,created,modified) VALUES (?,?,?,?,?,NOW(),NOW())");
$sth->bindParam(1, $from, PDO::PARAM_STR);
$sth->bindParam(2, $hashed, PDO::PARAM_STR);
blob - 42233f00a0478882793d302b903a491569e6d4a3
blob + 5ee43521c2ddf420b15d4b39c08dc9469aa7a628
--- admin/add-alias.php
+++ admin/add-alias.php
if ($domain_exist && empty($message)) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("INSERT INTO alias (address,goto,domain,created,modified) VALUES (?,?,?,NOW(),NOW())");
$sth->bindParam(1, $from, PDO::PARAM_STR);
$sth->bindParam(2, $goto, PDO::PARAM_STR);
blob - 88ab3d219ee7ccb440431d099e887b57637c25c5
blob + bb6122699af48092296cf315e1b6e490abe1eca7
--- admin/add-mailbox.php
+++ admin/add-mailbox.php
$maildir = $from . "/";
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("INSERT INTO alias (address,goto,domain,created,modified) VALUES (?,'vmail',?,NOW(),NOW())");
$sth->bindParam(1, $from, PDO::PARAM_STR);
$sth->bindParam(2, $domain, PDO::PARAM_STR);
}
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("INSERT INTO mailbox (username,password,name,maildir,domain,created,modified) VALUES (?,?,?,?,?,NOW(),NOW())");
$sth->bindParam(1, $from, PDO::PARAM_STR);
$sth->bindParam(2, $hashed, PDO::PARAM_STR);
blob - 7d8b93eb80e1e444b43137a229ef92d2cfb7b95a
blob + f776b9019d751a378ed2c04f9770e2a5861bd9ca
--- admin/admin.php
+++ admin/admin.php
if (empty($message)) {
$hashed = bcrypt($password1);
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("INSERT INTO admin (username,password,created,modified) VALUES (?,?,NOW(),NOW())");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->bindParam(2, $hashed, PDO::PARAM_STR);
if (empty($message) && !empty($password1)) {
$hashed = bcrypt($password1);
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");
$sth->bindParam(1, $hashed, PDO::PARAM_STR);
$sth->bindParam(2, $username, PDO::PARAM_STR);
}
if (empty($message)) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT COUNT(*) FROM domain_admins WHERE username=?");
$sth->execute(array($username));
$count_domain_admins = $sth->fetchColumn();
blob - aafc11ffa8a4055184f17c2bf621595f67e859e3
blob + c55757ff773149a540e5c4d84b71307b25b675f5
--- admin/backup.php
+++ admin/backup.php
include '../templates/footer.tpl';
} else {
fwrite($fh, $header);
- $dbh = connect_db();
+ $dbh = pdo_connect();
foreach ($tables as $table) {
$sth = $dbh->query("SHOW CREATE TABLE $table");
$row = $sth->fetch(PDO::FETCH_ASSOC);
blob - 72e6b6744fa4441dab3f3a90b49bb333983b0ce8
blob + 7a1cec7a3a6c6f6b6814f7ca1e4138daa84618dd
--- admin/delete.php
+++ admin/delete.php
if ($domain_exist && $table == "domain") {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$dbh->beginTransaction();
$sth = $dbh->prepare("SELECT COUNT(*) FROM log WHERE domain=?");
if ($table == "admin") {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$dbh->beginTransaction();
$sth = $dbh->prepare("SELECT COUNT(*) FROM admin WHERE username=?");
if ($domain_exist && ($table == 'alias' || $table == 'mailbox')) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("DELETE FROM alias WHERE address=? AND domain=?");
$sth->bindParam(1, $delete, PDO::PARAM_STR);
$sth->bindParam(2, $domain, PDO::PARAM_STR);
}
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("DELETE FROM mailbox WHERE username=? AND domain=?");
$sth->bindParam(1, $delete, PDO::PARAM_STR);
$sth->bindParam(2, $domain, PDO::PARAM_STR);
blob - 74f9fcaaff79cabdfadec665f583f319ebefb210
blob + 6ad2f5722a75085ea6cabf594e43f1d3833ab725
--- admin/domain.php
+++ admin/domain.php
if (!in_array($domain, array_column($list_domains, 'domain'))) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("INSERT INTO domain (domain,description,aliases,mailboxes,created,modified) VALUES (?,?,?,?,NOW(),NOW())");
$sth->bindParam(1, $domain, PDO::PARAM_STR);
$sth->bindParam(2, $description, PDO::PARAM_STR);
if (in_array($domain, array_column($list_domains, 'domain')) && $action == 'edit') {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("UPDATE domain SET description=?,aliases=?,mailboxes=?,modified=NOW() WHERE domain=?");
$sth->bindParam(1, $description, PDO::PARAM_STR);
$sth->bindParam(2, $aliases, PDO::PARAM_INT);
blob - 12fa2a7c89af3caf0c0a1e06d80f2ea96db0beb6
blob + 102e7700579f1ecd9dcca3f5cd2c911aba8b914d
--- admin/edit-alias.php
+++ admin/edit-alias.php
if ($domain_exist) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT goto FROM alias WHERE address=? AND domain=?");
$sth->bindParam(1, $address, PDO::PARAM_STR);
$sth->bindParam(2, $domain, PDO::PARAM_STR);
if ($domain_exist && empty($message)) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("UPDATE alias SET goto=?,modified=NOW() WHERE address=? AND domain=?");
$sth->bindParam(1, $goto, PDO::PARAM_STR);
$sth->bindParam(2, $address, PDO::PARAM_STR);
blob - 2ff56843846975ecd66029aa078e5d15f113516c
blob + f5f32a73dc6dc23ccfc3b7a1002c10374fa6c2f4
--- admin/edit-mailbox.php
+++ admin/edit-mailbox.php
if ($domain_exist) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT * FROM mailbox WHERE username=? AND domain=?");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->bindParam(2, $domain, PDO::PARAM_STR);
if (empty($message) && isset($domain_key) && !empty($password1)) {
$hashed = bcrypt($password1);
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("UPDATE mailbox SET password=?,name=?,modified=NOW() WHERE username=? AND domain=?");
$sth->bindParam(1, $hashed, PDO::PARAM_STR);
$sth->bindParam(2, $name, PDO::PARAM_STR);
if ($domain_exist && empty($message)) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("UPDATE mailbox SET name=?,modified=NOW() WHERE username=? AND domain=?");
$sth->bindParam(1, $name, PDO::PARAM_STR);
$sth->bindParam(2, $username, PDO::PARAM_STR);
blob - f9b1fcab2f3303151af0e372850c4da7c4c3590f
blob + 3bdc5f928c785472f24225faa37d54a6ebf080e2
--- admin/search.php
+++ admin/search.php
$search = filter_input(INPUT_POST, 'search', FILTER_DEFAULT);
if (isset($search)) {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified,alias.domain FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.address LIKE ? AND mailbox.maildir IS NULL ORDER BY alias.address");
$sth->bindValue(1, '%'.$search.'%', PDO::PARAM_STR);
$sth->execute();
blob - 574bd084c23499fefe0d58a7cdd8f351e4b1667d
blob + 8ff88fe637ded256b5f6abbb25526686b6fa6e93
--- admin/viewlog.php
+++ admin/viewlog.php
$domain_exist = in_array($domain, array_column($list_domains, 'domain'));
if ($domain_exist) {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT * FROM log WHERE domain=? ORDER BY timestamp DESC LIMIT 10");
$sth->bindParam(1, $domain, PDO::PARAM_STR);
$sth->execute();
blob - 8d76d06eec3bd3e15f46c8204f052ce3e363a2f4
blob + c64a5e227d2bbc4bc6dc251c6121386a471cadf2
--- delete.php
+++ delete.php
if ($domain_exist && ($table == 'alias' || $table == 'mailbox')) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("DELETE FROM alias WHERE address=? AND domain=?");
$sth->bindParam(1, $delete, PDO::PARAM_STR);
$sth->bindParam(2, $domain, PDO::PARAM_STR);
}
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("DELETE FROM mailbox WHERE username=? AND domain=?");
$sth->bindParam(1, $delete, PDO::PARAM_STR);
$sth->bindParam(2, $domain, PDO::PARAM_STR);
blob - bb51f29bb4e9ecfeeeb32cc85aee197bd33830c5
blob + 41a5571cd8605d9c0a4cd57c8957a60a0b0423fa
--- edit-alias.php
+++ edit-alias.php
if ($domain_exist) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT goto FROM alias WHERE address=? AND domain=?");
$sth->bindParam(1, $address, PDO::PARAM_STR);
$sth->bindParam(2, $domain, PDO::PARAM_STR);
if ($domain_exist && empty($message)) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("UPDATE alias SET goto=?,modified=NOW() WHERE address=? AND domain=?");
$sth->bindParam(1, $goto, PDO::PARAM_STR);
$sth->bindParam(2, $address, PDO::PARAM_STR);
blob - 289b08c768d591f4cf9eb7cdaf7b56f7c4f31fed
blob + 0235062080780d8327a6f45c89b99aceb9dfe992
--- edit-mailbox.php
+++ edit-mailbox.php
if ($domain_exist) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT * FROM mailbox WHERE username=? AND domain=?");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->bindParam(2, $domain, PDO::PARAM_STR);
if (empty($message) && isset($domain_key) && !empty($password1)) {
$hashed = bcrypt($password1);
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("UPDATE mailbox SET password=?,name=?,modified=NOW() WHERE username=? AND domain=?");
$sth->bindParam(1, $hashed, PDO::PARAM_STR);
$sth->bindParam(2, $name, PDO::PARAM_STR);
if ($domain_exist && empty($message)) {
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("UPDATE mailbox SET name=?,modified=NOW() WHERE username=? AND domain=?");
$sth->bindParam(1, $name, PDO::PARAM_STR);
$sth->bindParam(2, $username, PDO::PARAM_STR);
blob - df06e5addcc2db09508f91180507664951b4db42
blob + bdbefe497215224e0afa51213c8bc39f289ba6c3
--- functions.inc.php
+++ functions.inc.php
}
//
-// connect_db
+// bcrypt
+// Action: Hashs the password with bcrypt
+// Call: bcrypt(string cleartextpassword)
+//
+function bcrypt($password) {
+ $options = ['cost' => 8];
+ $hashed = password_hash($password, PASSWORD_BCRYPT, $options);
+ $hashed = preg_replace('/\$2y\$/', '\$2b\$', $hashed);
+ return $hashed;
+}
+
+//
+// pdo_connect
// Action: make db connection
-// Call: connect_db()
+// Call: pdo_connect()
//
-function connect_db() {
+function pdo_connect() {
try {
$dbh = new PDO(DB_TYPE . ':host='. DB_HOST . ';dbname='. DB_NAME , DB_USER, DB_PASS, array(PDO::ATTR_PERSISTENT => true));
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Call: list_domains(string admin (optional))
//
function list_domains($username = null) {
- $dbh = connect_db();
+ $dbh = pdo_connect();
if (isset($username)) {
$sth = $dbh->prepare("SELECT * FROM domain INNER JOIN domain_admins ON domain.domain=domain_admins.domain WHERE domain_admins.username=? ORDER BY domain_admins.domain");
$sth->bindParam(1, $username, PDO::PARAM_STR);
// Call: list_aliases(string domain, int offset)
//
function list_aliases($domain, $offset, $limit) {
- $dbh = connect_db();
+ $dbh = pdo_connect();
if (ALIAS_CONTROL == 'NO') {
$sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.domain=? AND mailbox.maildir IS NULL ORDER BY alias.address LIMIT ?, ?");
} else {
// Call: list_mailboxes(string domaini, int offset)
//
function list_mailboxes($domain, $offset, $limit) {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT * FROM mailbox WHERE domain=? ORDER BY username LIMIT ?, ?");
$sth->bindParam(1, $domain, PDO::PARAM_STR);
$sth->bindParam(2, $offset, PDO::PARAM_INT);
return $list;
}
-//
-// bcrypt
-// Action: Hashs the password with bcrypt
-// Call: bcrypt(string cleartextpassword)
-//
-function bcrypt($password) {
- $options = ['cost' => 8];
- $hashed = password_hash($password, PASSWORD_BCRYPT, $options);
- $hashed = preg_replace('/\$2y\$/', '\$2b\$', $hashed);
- return $hashed;
-}
-
// logging
// Action: Logs actions from admin
// Call: logging(string username, string domain, string action, string data)
$remote_addr = $_SERVER['HTTP_X_CLIENTIP'] ?? $_SERVER['REMOTE_ADDR'];
$username = $username . ' (' . $remote_addr . ')';
if (LOGGING == 'YES') {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("INSERT INTO log (timestamp,username,domain,action,data) VALUES (NOW(),?,?,?,?)");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->bindParam(2, $domain, PDO::PARAM_STR);
blob - 8a716cbfe48f58176ebb91852b32a3b5081e1296
blob + 2521d020a06892c7802874afc30214d593830968
--- login.php
+++ login.php
$password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);
if (!empty($username) && !empty($password)) {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->execute();
blob - fff4275a3a1d9230a72030ea72ac9905e162127d
blob + 3cc408f5ebff4d1323d44b7ab8349b031947a77d
--- password.php
+++ password.php
}
if (empty($message) && !empty($password_current)) {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->execute();
if (empty($message) && !empty($password1)) {
$hashed = bcrypt($password1);
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");
$sth->bindParam(1, $hashed, PDO::PARAM_STR);
$sth->bindParam(2, $username, PDO::PARAM_STR);
blob - 1e2032d65ccc000023d2db66a2f8459ba4e38b9c
blob + 3aab1b6fa28421e3aa449636de4f6280d04ec50b
--- search.php
+++ search.php
$search = filter_input(INPUT_POST, 'search', FILTER_DEFAULT);
if (isset($search)) {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified,alias.domain FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.address LIKE ? AND mailbox.maildir IS NULL ORDER BY alias.address");
$sth->bindValue(1, '%'.$search.'%', PDO::PARAM_STR);
$sth->execute();
blob - ede90483023bac75bee6a2770bb7ed56bb6060f4
blob + 5ceca7e55c1f51c6901eaa6c07f8b6a3c8bf31ba
--- templates/search.tpl
+++ templates/search.tpl
echo " <tr class=\"hilightoff\" onMouseOver=\"className='hilighton';\" onMouseOut=\"className='hilightoff';\">\n";
echo " <td>" . $row['username'] . "</td>\n";
echo " <td>" . $row['name'] . "</td>\n";
+ echo " <td>" . $row['modified'] . "</td>\n";
echo " <td><a href=\"edit-mailbox.php?action=edit&username=" . $row['username'] . "&domain=" . $row['domain'] . "\">" . $LANG['edit'] . "</a></td>\n";
echo " <td><a href=\"delete.php?table=mailbox&delete=" . $row['username'] . "&domain=" . $row['domain'] . "\"onclick=\"return confirm ('" . $LANG['confirm'] . $LANG['Overview_get_mailboxes'] . ": ". $row['username'] . "')\">" . $LANG['del'] . "</a></td>\n";
echo " </tr>\n";
blob - b63e0496eb962b6425f0ba813981bf255dfafc96
blob + f1fe900d55d8b995fe159a86d4ca555c88e941f6
--- users/login.php
+++ users/login.php
$password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);
if (!empty($username) && !empty($password)) {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->execute();
blob - 044ff3d26c3b6ea691dbc9ce3a59b695d4730c3c
blob + 9ddb89b1266bada35563c128942aeb00f533dc60
--- users/password.php
+++ users/password.php
}
if (empty($message) && !empty($password_current)) {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->execute();
if (empty($message) && !empty($password1)) {
$hashed = bcrypt($password1);
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("UPDATE mailbox SET password=?,modified=NOW() WHERE username=?");
$sth->bindParam(1, $hashed, PDO::PARAM_STR);
$sth->bindParam(2, $username, PDO::PARAM_STR);
blob - bece1138e1f7a11b551473e293f0564363a09c27
blob + b7bca0b787af639fce6e2090515e7fbd2cfd3ae5
--- users/vacation.php
+++ users/vacation.php
$USERID_DOMAIN = substr(strrchr($SESSID_USERNAME, "@"), 1);
if ($_SERVER['REQUEST_METHOD'] == "GET") {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT COUNT(*) FROM vacation WHERE email=?");
$sth->execute(array($SESSID_USERNAME));
if (!empty($_POST['back'])) {
$action = 'back';
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("DELETE FROM vacation WHERE email=?");
$sth->bindParam(1, $SESSID_USERNAME, PDO::PARAM_STR);
$sth->execute();
if (!empty($_POST['away'])) {
$action = 'away';
try {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("INSERT INTO vacation (email,subject,body,cache,domain,created) VALUES (?,?,?,'',?,NOW())");
$sth->bindParam(1, $SESSID_USERNAME, PDO::PARAM_STR);
$sth->bindParam(2, $subject, PDO::PARAM_STR);
blob - fdae458edd429d8f39778affdbbca728b41c23ca
blob + 48c1249bd0c4780c7e11fa0facc4824bd6d07125
--- viewlog.php
+++ viewlog.php
$domain_exist = in_array($domain, array_column($list_domains, 'domain'));
if ($domain_exist) {
- $dbh = connect_db();
+ $dbh = pdo_connect();
$sth = $dbh->prepare("SELECT * FROM log WHERE domain=? ORDER BY timestamp DESC LIMIT 10");
$sth->bindParam(1, $domain, PDO::PARAM_STR);
$sth->execute();
