7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Fix require_once to always include document root

Browse Source 
[Web] Add system mails (send mails to all mailboxes via LMTP)
[Web] Allow to add more administrators
[Web] Fix domain administrator editing
[Web] Remove some foreign keys
[Web] Remove username from API
[Web] Remove more .php extension from code
[Web] More minor fixes
This commit is contained in:
André
2018-10-11 11:59:23 +02:00
parent 32f7ae1d2e
commit 9f0be1d8a8
37 changed files with 1013 additions and 437 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
data/web/inc/sessions.inc.php
View File

@@ -28,16 +28,16 @@ if (!isset($_SESSION['SESS_REMOTE_UA'])) {
// API
if (!empty($_SERVER['HTTP_X_API_KEY'])) {
$stmt = $pdo->prepare("SELECT `username`, `allow_from` FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
$stmt = $pdo->prepare("SELECT `allow_from` FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
$stmt->execute(array(
':api_key' => preg_replace('/[^A-Z0-9-]/i', '', $_SERVER['HTTP_X_API_KEY'])
':api_key' => preg_replace('/[^a-zA-Z0-9-]/', '', $_SERVER['HTTP_X_API_KEY'])
));
$api_return = $stmt->fetch(PDO::FETCH_ASSOC);
if (!empty($api_return['username'])) {
$remote = get_remote_ip(false);
$allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $api_return['allow_from']));
if (in_array($remote, $allow_from)) {
$_SESSION['mailcow_cc_username'] = $api_return['username'];
$_SESSION['mailcow_cc_username'] = 'API';
$_SESSION['mailcow_cc_role'] = 'admin';
$_SESSION['mailcow_cc_api'] = true;
}
@@ -84,7 +84,7 @@ if (isset($_POST["logout"])) {
$_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"];
$_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"];
unset($_SESSION["dual-login"]);
header("Location: /mailbox.php");
header("Location: /mailbox");
exit();
}
else {