542 lines
14 KiB
PHP
542 lines
14 KiB
PHP
<?php
|
|
//
|
|
// OpenSMTPD Admin
|
|
// by Mischa Peters <mischa at high5 dot nl>
|
|
// Copyright (c) 2022 High5!
|
|
// License Info: LICENSE.TXT
|
|
//
|
|
// File: functions.inc.php
|
|
//
|
|
|
|
if(preg_match("/functions.inc.php/", $_SERVER['SCRIPT_NAME'])) {
|
|
header("Location: login.php");
|
|
die();
|
|
}
|
|
|
|
if ($CONF['debug'] == 'true') {
|
|
ini_set('display_errors', 1);
|
|
ini_set('display_startup_errors', 1);
|
|
error_reporting(E_ALL);
|
|
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
|
|
} else {
|
|
ini_set('display_errors', 0);
|
|
ini_set('display_startup_errors', 0);
|
|
}
|
|
|
|
|
|
$version = "1.0.0";
|
|
|
|
//
|
|
// check_session
|
|
// Action: Check if a session already exists, if not redirect to login.php
|
|
// Call: check_session() -or- check_user_session()
|
|
//
|
|
function check_session() {
|
|
session_start();
|
|
if (!isset($_SESSION['sessid']['username'])) {
|
|
header("Location: login.php");
|
|
die();
|
|
}
|
|
$SESSID_USERNAME = $_SESSION['sessid']['username'];
|
|
return $SESSID_USERNAME;
|
|
}
|
|
|
|
function check_user_session() {
|
|
session_start();
|
|
if (!isset($_SESSION['userid']['username'])) {
|
|
header("Location: login.php");
|
|
die();
|
|
}
|
|
$USERID_USERNAME = $_SESSION['userid']['username'];
|
|
return $USERID_USERNAME;
|
|
}
|
|
|
|
//
|
|
// check_language
|
|
// Action: checks what language the browser uses
|
|
// Call: check_language
|
|
//
|
|
function check_language() {
|
|
global $CONF;
|
|
// Currently only English is supported, no need to run through the check now.
|
|
return $CONF['default_language'];
|
|
}
|
|
|
|
//
|
|
// check_string
|
|
// Action: checks if a string is valid and returns TRUE is this is the case.
|
|
// Call: check_string(string var)
|
|
//
|
|
function check_string($var) {
|
|
if (preg_match('/^([A-Za-z0-9 ]+)+$/', $var)) {
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
//
|
|
// check_email
|
|
// Action: Checks if email is valid and returns TRUE if this is the case.
|
|
// Call: check_email(string email)
|
|
//
|
|
function check_email($email) {
|
|
if (preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,10}$/i', trim($email))) {
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
//
|
|
// escape_string
|
|
// Action: Escape a string
|
|
// Call: escape_string(string string)
|
|
//
|
|
function escape_string($string) {
|
|
global $CONF;
|
|
$escaped_string = $string;
|
|
return $escaped_string;
|
|
}
|
|
|
|
//
|
|
// get_domain_properties
|
|
// Action: Get all the properties of a domain.
|
|
// Call: get_domain_properties(string domain)
|
|
//
|
|
function get_domain_properties($domain) {
|
|
global $CONF;
|
|
$list = array();
|
|
|
|
$result = db_query("SELECT COUNT(*) FROM alias WHERE domain='$domain'");
|
|
$row = db_row($result['result']);
|
|
$list['alias_count'] = $row[0];
|
|
|
|
$result = db_query("SELECT COUNT(*) FROM mailbox WHERE domain='$domain'");
|
|
$row = db_row($result['result']);
|
|
$list['mailbox_count'] = $row[0];
|
|
if ($CONF['alias_control'] == "NO") {
|
|
$list['alias_count'] = $list['alias_count'] - $list['mailbox_count'];
|
|
} else {
|
|
$list['alias_count'] = $list['alias_count'];
|
|
}
|
|
|
|
$result = db_query("SELECT * FROM domain WHERE domain='$domain'");
|
|
$row = db_array($result['result']);
|
|
$list['description'] = $row['description'];
|
|
$list['aliases'] = $row['aliases'];
|
|
$list['mailboxes'] = $row['mailboxes'];
|
|
$list['maxquota'] = $row['maxquota'];
|
|
$list['transport'] = $row['transport'];
|
|
$list['backupmx'] = $row['backupmx'];
|
|
$list['created'] = $row['created'];
|
|
$list['modified'] = $row['modified'];
|
|
$list['active'] = $row['active'];
|
|
|
|
if ($CONF['database_type'] == "pgsql") {
|
|
if ($row['active'] == "t")
|
|
{
|
|
$list['active'] = 1;
|
|
} else {
|
|
$list['active'] = 0;
|
|
}
|
|
|
|
if ($row['backupmx'] == "t") {
|
|
$list['backupmx'] = 1;
|
|
} else {
|
|
$list['backupmx'] = 0;
|
|
}
|
|
} else {
|
|
$list['active'] = $row['active'];
|
|
$list['backupmx'] = $row['backupmx'];
|
|
}
|
|
return $list;
|
|
}
|
|
|
|
//
|
|
// check_alias
|
|
// Action: Checks if the domain is still able to create aliases.
|
|
// Call: check_alias(string domain)
|
|
//
|
|
function check_alias($domain) {
|
|
$limit = get_domain_properties($domain);
|
|
if ($limit['aliases'] == 0) {
|
|
return true;
|
|
}
|
|
if ($limit['aliases'] < 0) {
|
|
return false;
|
|
}
|
|
if ($limit['alias_count'] >= $limit['aliases']) {
|
|
return false;
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
//
|
|
// check_mailbox
|
|
// Action: Checks if the domain is still able to create mailboxes.
|
|
// Call: ceck_mailbox(string domain)
|
|
//
|
|
function check_mailbox($domain) {
|
|
$limit = get_domain_properties($domain);
|
|
if ($limit['mailboxes'] == 0) {
|
|
return true;
|
|
}
|
|
if ($limit['mailboxes'] < 0) {
|
|
return false;
|
|
}
|
|
if ($limit['mailbox_count'] >= $limit['mailboxes']) {
|
|
return false;
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
//
|
|
// check_quota
|
|
// Action: Checks if the user is creating a mailbox with the correct quota
|
|
// Call: check_quota(string domain)
|
|
//
|
|
function check_quota($quota, $domain) {
|
|
$limit = get_domain_properties($domain);
|
|
if ($limit['maxquota'] == 0) {
|
|
return true;
|
|
}
|
|
if (($limit['maxquota'] < 0) and ($quota < 0)) {
|
|
return true;
|
|
}
|
|
if (($limit['maxquota'] > 0) and ($quota == 0)) {
|
|
return false;
|
|
}
|
|
if ($quota > $limit['maxquota']) {
|
|
return false;
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
//
|
|
// check_owner
|
|
// Action: Checks if the admin is the owner of the domain.
|
|
// Call: check_owner(string admin, string domain)
|
|
//
|
|
function check_owner($username, $domain) {
|
|
$result = db_query("SELECT * FROM domain_admins WHERE username='$username' AND domain='$domain' AND active='1'");
|
|
if ($result['rows'] != 1) {
|
|
return false;
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
//
|
|
// list_domains_for_admin
|
|
// Action: Lists all the domains for an admin.
|
|
// Call: list_domains_for_admin(string admin)
|
|
//
|
|
function list_domains_for_admin($username) {
|
|
$list = array();
|
|
|
|
$result = db_query("SELECT * FROM domain LEFT JOIN domain_admins ON domain.domain=domain_admins.domain WHERE domain_admins.username='$username' AND domain.active='1' AND domain.backupmx='0' ORDER BY domain_admins.domain");
|
|
if ($result['rows'] > 0) {
|
|
$i = 0;
|
|
while ($row = db_array($result['result'])) {
|
|
$list[$i] = $row['domain'];
|
|
$i++;
|
|
}
|
|
}
|
|
return $list;
|
|
}
|
|
|
|
//
|
|
// list_domains
|
|
// Action: List all available domains.
|
|
// Call: list_domains()
|
|
//
|
|
function list_domains() {
|
|
$list = array();
|
|
|
|
$result = db_query("SELECT * FROM domain ORDER BY domain");
|
|
if ($result['rows'] > 0) {
|
|
$i = 0;
|
|
while ($row = db_array($result['result'])) {
|
|
$list[$i] = $row['domain'];
|
|
$i++;
|
|
}
|
|
}
|
|
return $list;
|
|
}
|
|
|
|
//
|
|
// admin_exist
|
|
// Action: Checks if the admin already exists.
|
|
// Call: admin_exist(string admin)
|
|
//
|
|
// was check_admin
|
|
//
|
|
function admin_exist($username) {
|
|
$result = db_query("SELECT * FROM admin WHERE username='$username'");
|
|
if ($result['rows'] != 1) {
|
|
return false;
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
//
|
|
// domain_exist
|
|
// Action: Checks if the domain already exists.
|
|
// Call: domain_exist(string domain)
|
|
//
|
|
function domain_exist($domain) {
|
|
$result = db_query("SELECT * FROM domain WHERE domain='$domain'");
|
|
if ($result['rows'] != 1) {
|
|
return false;
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
//
|
|
// list_admins
|
|
// Action: Lists all the admins
|
|
// Call: list_admins()
|
|
//
|
|
// was admin_list_admins
|
|
//
|
|
function list_admins() {
|
|
$list = array();
|
|
|
|
$result = db_query("SELECT * FROM admin ORDER BY username");
|
|
if ($result['rows'] > 0) {
|
|
$i = 0;
|
|
while ($row = db_array($result['result'])) {
|
|
$list[$i] = $row['username'];
|
|
$i++;
|
|
}
|
|
}
|
|
return $list;
|
|
}
|
|
|
|
//
|
|
// get_admin_properties
|
|
// Action: Get all the admin properties.
|
|
// Call: get_admin_properties(string admin)
|
|
function get_admin_properties($username) {
|
|
$list = array();
|
|
|
|
$result = db_query("SELECT COUNT(*) FROM domain_admins WHERE username='$username'");
|
|
$row = db_row($result['result']);
|
|
$list['domain_count'] = $row[0];
|
|
|
|
$result = db_query("SELECT * FROM admin WHERE username='$username'");
|
|
$row = db_array($result['result']);
|
|
$list['created'] = $row['created'];
|
|
$list['modified'] = $row['modified'];
|
|
$list['active'] = $row['active'];
|
|
return $list;
|
|
}
|
|
|
|
//
|
|
// generate_password
|
|
// Action: Generates a random password
|
|
// Call: generate_password()
|
|
//
|
|
function generate_password() {
|
|
$password = substr(md5(mt_rand()), 0, 8);
|
|
return $password;
|
|
}
|
|
|
|
//
|
|
// pacrypt
|
|
// Action: Encrypts password based on config settings
|
|
// Call: pacrypt(string cleartextpassword)
|
|
//
|
|
function pacrypt($pw, $pw_db="") {
|
|
global $CONF;
|
|
$password = "";
|
|
|
|
if ($CONF['encrypt'] == 'bcrypt') {
|
|
$options = ['cost' => 8];
|
|
$password = password_hash($pw, PASSWORD_BCRYPT, $options);
|
|
$password = preg_replace('/\$2y\$/', '\$2b\$', $password);
|
|
}
|
|
return $password;
|
|
}
|
|
|
|
//
|
|
// db_connect
|
|
// Action: Makes a connection to the database if it doesn't exist
|
|
// Call: db_connect()
|
|
//
|
|
$DEBUG_TEXT = "\n
|
|
<p />\n
|
|
Please check the documentation and website for more information.\n
|
|
<p />\n
|
|
";
|
|
|
|
function db_connect() {
|
|
global $CONF;
|
|
global $DEBUG_TEXT;
|
|
$link = "";
|
|
|
|
if ($CONF['database_type'] == "mysqli") {
|
|
if(function_exists("mysqli_connect")) {
|
|
$link = @mysqli_connect($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or die("<p />DEBUG INFORMATION:<br />Connect: " . mysqli_connect_error() . "$DEBUG_TEXT");
|
|
$succes = @mysqli_select_db($link, $CONF['database_name']) or die("<p />DEBUG INFORMATION:<br />MySQLi Select Database: " . mysqli_error() . "$DEBUG_TEXT");
|
|
} else {
|
|
print "<p />DEBUG INFORMATION:<br />MySQL 4.1 functions not available!<br />database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT";
|
|
die;
|
|
}
|
|
}
|
|
|
|
if ($CONF['database_type'] == "pgsql") {
|
|
if(function_exists("pg_connect")) {
|
|
$connect_string = "host=" . $CONF['database_host'] . " dbname=" . $CONF['database_name'] . " user=" . $CONF['database_user'] . " password=" . $CONF['database_password'];
|
|
$link = @pg_connect($connect_string) or die("<p />DEBUG INFORMATION:<br />Connect: " . pg_last_error() . "$DEBUG_TEXT");
|
|
} else {
|
|
print "<p />DEBUG INFORMATION:<br />PostgreSQL functions not available!<br />database_type = 'pgsql' in config.inc.php, are you using a different database? $DEBUG_TEXT";
|
|
die;
|
|
}
|
|
}
|
|
|
|
if ($link) {
|
|
return $link;
|
|
} else {
|
|
print "DEBUG INFORMATION:<br />\n";
|
|
print "Connect: Unable to connect to database<br />\n";
|
|
print "<br />\n";
|
|
print "Make sure that you have set the correct database type in the config.inc.php file<br />\n";
|
|
print $DEBUG_TEXT;
|
|
die;
|
|
}
|
|
}
|
|
|
|
//
|
|
// db_query
|
|
// Action: Sends a query to the database and returns query result and number of rows
|
|
// Call: db_query(string query)
|
|
//
|
|
function db_query($query) {
|
|
global $CONF;
|
|
global $DEBUG_TEXT;
|
|
$result = "";
|
|
$number_rows = "";
|
|
|
|
$link = db_connect();
|
|
|
|
// database prefix workaround
|
|
if (!empty($CONF['database_prefix'])) {
|
|
if (preg_match("/^SELECT/i", $query)) {
|
|
$query = substr($query, 0, 14) . $CONF['database_prefix'] . substr($query, 14);
|
|
} else {
|
|
$query = substr($query, 0, 6) . $CONF['database_prefix'] . substr($query, 7);
|
|
}
|
|
}
|
|
|
|
if ($CONF['database_type'] == "mysqli") $result = @mysqli_query($link, $query) or die("<p />DEBUG INFORMATION:<br />Invalid query: " . mysqli_error($link) . "$DEBUG_TEXT");
|
|
if ($CONF['database_type'] == "pgsql") {
|
|
if (preg_match("/LIMIT/i", $query)) {
|
|
$search = "/LIMIT(\w+), (\w+)/";
|
|
$replace = "LIMIT \$2 OFFSET \$1";
|
|
$query = preg_replace($search, $replace, $query);
|
|
}
|
|
$result = @pg_query($link, $query) or die("<p />DEBUG INFORMATION:<br />Invalid query: " . pg_last_error() . "$DEBUG_TEXT");
|
|
}
|
|
|
|
if (preg_match("/^SELECT/i", $query)) {
|
|
// if $query was a SELECT statement check the number of rows with [database_type]_num_rows().
|
|
if ($CONF['database_type'] == "mysqli") $number_rows = mysqli_num_rows($result);
|
|
if ($CONF['database_type'] == "pgsql") $number_rows = pg_num_rows($result);
|
|
} else {
|
|
// if $query was something else, UPDATE, DELETE or INSERT check the number of rows with
|
|
// [database_type]_affected_rows().
|
|
if ($CONF['database_type'] == "mysqli") $number_rows = mysqli_affected_rows($link);
|
|
if ($CONF['database_type'] == "pgsql") $number_rows = pg_affected_rows($result);
|
|
}
|
|
|
|
if ($CONF['database_type'] == "mysqli") mysqli_close($link);
|
|
if ($CONF['database_type'] == "pgsql") pg_close($link);
|
|
|
|
$return = array(
|
|
"result" => $result,
|
|
"rows" => $number_rows
|
|
);
|
|
return $return;
|
|
}
|
|
|
|
// db_row
|
|
// Action: Returns a row from a table
|
|
// Call: db_row(int result)
|
|
//
|
|
function db_row($result) {
|
|
global $CONF;
|
|
$row = "";
|
|
if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_row($result);
|
|
if ($CONF['database_type'] == "pgsql") $row = pg_fetch_row($result);
|
|
return $row;
|
|
}
|
|
|
|
// db_array
|
|
// Action: Returns a row from a table
|
|
// Call: db_array(int result)
|
|
//
|
|
function db_array($result) {
|
|
global $CONF;
|
|
$row = "";
|
|
if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_array($result);
|
|
if ($CONF['database_type'] == "pgsql") $row = pg_fetch_array($result);
|
|
return $row;
|
|
}
|
|
|
|
// db_assoc
|
|
// Action: Returns a row from a table
|
|
// Call: db_assoc(int result)
|
|
//
|
|
function db_assoc($result) {
|
|
global $CONF;
|
|
$row = "";
|
|
if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_assoc($result);
|
|
if ($CONF['database_type'] == "pgsql") $row = pg_fetch_assoc($result);
|
|
return $row;
|
|
}
|
|
|
|
//
|
|
// db_delete
|
|
// Action: Deletes a row from a specified table
|
|
// Call: db_delete(string table, string where, string delete)
|
|
//
|
|
function db_delete($table,$where,$delete) {
|
|
$result = db_query("DELETE FROM $table WHERE $where='$delete'");
|
|
if ($result['rows'] >= 1) {
|
|
return $result['rows'];
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
//
|
|
// db_log
|
|
// Action: Logs actions from admin
|
|
// Call: db_log(string username, string domain, string action, string data)
|
|
//
|
|
function db_log($username, $domain, $action, $data) {
|
|
global $CONF;
|
|
if (!empty($_SERVER['HTTP_X_CLIENTIP'])) {
|
|
$REMOTE_ADDR = $_SERVER['HTTP_X_CLIENTIP'];
|
|
} else {
|
|
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
|
|
}
|
|
|
|
if ($CONF['logging'] == 'YES') {
|
|
$result = db_query("INSERT INTO log (timestamp, username, domain, action, data) VALUES (NOW(), '$username ($REMOTE_ADDR)', '$domain', '$action', '$data')");
|
|
if ($result['rows'] != 1) {
|
|
return false;
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
?>
|