[Web] Sync jobs can be created/viewed/edited by admins/domain admins; Various fixes or improvements

2017-07-29 10:32:17 +02:00
parent 9be3aa3334
commit 66e06a0c0c
19 changed files with 1148 additions and 763 deletions
--- a/data/web/inc/footer.inc.php
+++ b/data/web/inc/footer.inc.php
@@ -7,6 +7,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/modals/footer.php';
 <script src="/js/bootstrap-slider.min.js"></script>
 <script src="/js/bootstrap-select.min.js"></script>
 <script src="/js/notifications.min.js"></script>
+<script src="/js/bootstrap-filestyle.min.js"></script>
 <script src="/js/u2f-api.js"></script>
 <script src="/js/api.js"></script>
 <script>
--- a/data/web/inc/functions.fail2ban.inc.php
+++ b/data/web/inc/functions.fail2ban.inc.php
@@ -17,7 +17,12 @@ function fail2ban($_action, $_data = null) {
          foreach ($wl as $key => $value) {
            $tmp_data[] = $key;
          }
-          $data['whitelist'] = implode(PHP_EOL, $tmp_data);
+          if (isset($tmp_data)) {
+            $data['whitelist'] = implode(PHP_EOL, $tmp_data);
+          }
+          else {
+            $data['whitelist'] = "";
+          }
        }
        else {
          $data['whitelist'] = "";
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -78,14 +78,21 @@ function mailbox($_action, $_type, $_data = null) {
              $username = $_data['username'];
            }
          }
-          else {
+          elseif ($_SESSION['mailcow_cc_role'] == "user") {
            $username = $_SESSION['mailcow_cc_username'];
          }
+          else {
+            $_SESSION['return'] = array(
+              'type' => 'danger',
+              'msg' => 'No user defined'
+            );
+            return false;
+          }
          $active  = intval($_data['active']);
          $delete2duplicates = intval($_data['delete2duplicates']);
          $delete1  = intval($_data['delete1']);
          $port1            = $_data['port1'];
-          $host1            = $_data['host1'];
+          $host1            = strtolower($_data['host1']);
          $password1        = $_data['password1'];
          $exclude          = $_data['exclude'];
          $maxage           = $_data['maxage'];
@@ -2060,7 +2067,11 @@ function mailbox($_action, $_type, $_data = null) {
            return false;
          }
          try {
-            $stmt = $pdo->prepare("SELECT * FROM `imapsync` WHERE id = :id");
+            $stmt = $pdo->prepare("SELECT *,
+              CONCAT(LEFT(`password1`, 3), '...') AS `password1_short`,
+              `active` AS `active_int`,
+              CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
+                FROM `imapsync` WHERE id = :id");
            $stmt->execute(array(':id' => $_data));
            $syncjobdetails = $stmt->fetch(PDO::FETCH_ASSOC);
          }
@@ -2086,14 +2097,12 @@ function mailbox($_action, $_type, $_data = null) {
            $_data = $_SESSION['mailcow_cc_username'];
          }
          try {
-            $stmt = $pdo->prepare("SELECT *,
-              CONCAT(LEFT(`password1`, 3), '...') AS `password1_short`,
-              `active` AS `active_int`,
-              CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
-                FROM `imapsync`
-                  WHERE `user2` = :username");
+            $stmt = $pdo->prepare("SELECT `id` FROM `imapsync` WHERE `user2` = :username");
            $stmt->execute(array(':username' => $_data));
-            $syncjobdata = $stmt->fetchAll(PDO::FETCH_ASSOC);
+            $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+            while($row = array_shift($rows)) {
+              $syncjobdata[] = $row['id'];
+            }
          }
          catch(PDOException $e) {
            $_SESSION['return'] = array(
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -15,7 +15,7 @@ elseif (isset($_SERVER['HTTPS'])) {
 else {
  $IS_HTTPS = false;
 }
-session_set_cookie_params($SESSION_LIFETIME, '/', '', $IS_HTTPS, true);
+// session_set_cookie_params($SESSION_LIFETIME, '/', '', $IS_HTTPS, true);
 session_start();
 if (!isset($_SESSION['CSRF']['TOKEN'])) {
  $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
@@ -27,7 +27,7 @@ if (!isset($_SESSION['SESS_REMOTE_UA'])) {
 }

 // Update session cookie
-setcookie(session_name() ,session_id(), time() + $SESSION_LIFETIME);
+// setcookie(session_name() ,session_id(), time() + $SESSION_LIFETIME);

 // Check session
 function session_check() {
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -54,6 +54,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admi
    }
  }
 }
+
 if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin" || $_SESSION['mailcow_cc_role'] == "domainadmin")) {
 	if (isset($_POST["set_tfa"])) {
 		set_tfa($_POST);