7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Web UI improvements

Browse Source
This commit is contained in:
andryyy
2017-05-26 23:02:04 +02:00
parent a4bf8b4970
commit ce6bf18c2f
25 changed files with 1330 additions and 906 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
data/web/inc/footer.inc.php
View File

@@ -1,5 +1,5 @@
<?php
include 'inc/tfa_modals.php';
include 'modals/footer.php';
if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'admin'):
?>

151
data/web/inc/functions.dkim.inc.php Normal file
View File

@@ -0,0 +1,151 @@
<?php
function dkim($_action, $_data = null) {
global $redis;
global $lang;
switch ($_action) {
case 'add':
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
$key_length = intval($_data['key_size']);
$dkim_selector = (isset($_data['dkim_selector'])) ? $_data['dkim_selector'] : 'dkim';
$domain = $_data['domain'];
if (!is_valid_domain_name($domain) || !is_numeric($key_length)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
);
return false;
}
if ($redis->hGet('DKIM_PUB_KEYS', $domain)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
);
return false;
}
if (!ctype_alnum($dkim_selector)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
);
return false;
}
$config = array(
"digest_alg" => "sha256",
"private_key_bits" => $key_length,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
if ($keypair_ressource = openssl_pkey_new($config)) {
$key_details = openssl_pkey_get_details($keypair_ressource);
$pubKey = implode(array_slice(
array_filter(
explode(PHP_EOL, $key_details['key'])
), 1, -1)
);
// Save public key and selector to redis
try {
$redis->hSet('DKIM_PUB_KEYS', $domain, $pubKey);
$redis->hSet('DKIM_SELECTORS', $domain, $dkim_selector);
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
// Export private key and save private key to redis
openssl_pkey_export($keypair_ressource, $privKey);
if (isset($privKey) && !empty($privKey)) {
try {
$redis->hSet('DKIM_PRIV_KEYS', $dkim_selector . '.' . $domain, trim($privKey));
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['dkim_added'])
);
return true;
}
else {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
);
return false;
}
break;
case 'details':
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
return false;
}
$dkimdata = array();
if ($redis_dkim_key_data = $redis->hGet('DKIM_PUB_KEYS', $_data)) {
$dkimdata['pubkey'] = $redis_dkim_key_data;
$dkimdata['length'] = (strlen($dkimdata['pubkey']) < 391) ? 1024 : 2048;
$dkimdata['dkim_txt'] = 'v=DKIM1;k=rsa;t=s;s=email;p=' . $redis_dkim_key_data;
$dkimdata['dkim_selector'] = $redis->hGet('DKIM_SELECTORS', $_data);
}
return $dkimdata;
break;
case 'blind':
if ($_SESSION['mailcow_cc_role'] != "admin") {
return false;
}
$blinddkim = array();
foreach ($redis->hKeys('DKIM_PUB_KEYS') as $redis_dkim_domain) {
$blinddkim[] = $redis_dkim_domain;
}
return array_diff($blinddkim, array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains')));
break;
case 'delete':
$domains = (array)$_data['domains'];
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
foreach ($domains as $domain) {
if (!is_valid_domain_name($domain)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
);
return false;
}
try {
$selector = $redis->hGet('DKIM_SELECTORS', $domain);
$redis->hDel('DKIM_PUB_KEYS', $domain);
$redis->hDel('DKIM_PRIV_KEYS', $selector . '.' . $domain);
$redis->hDel('DKIM_SELECTORS', $domain);
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['dkim_removed'], htmlspecialchars(implode(', ', $domains)))
);
break;
}
}

171
data/web/inc/functions.fwdhost.inc.php Normal file
View File

@@ -0,0 +1,171 @@
<?php
function fwdhost($_action, $_data = null) {
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/spf.inc.php';
global $redis;
global $lang;
switch ($_action) {
case 'add':
global $lang;
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
$source = $_data['hostname'];
$host = trim($_data['hostname']);
$filter_spam = (isset($_data['filter_spam']) && $_data['filter_spam'] == 1) ? 1 : 0;
if (preg_match('/^[0-9a-fA-F:\/]+$/', $host)) { // IPv6 address
$hosts = array($host);
}
elseif (preg_match('/^[0-9\.\/]+$/', $host)) { // IPv4 address
$hosts = array($host);
}
else {
$hosts = get_outgoing_hosts_best_guess($host);
}
if (empty($hosts)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Invalid host specified: '. htmlspecialchars($host)
);
return false;
}
foreach ($hosts as $host) {
try {
$redis->hSet('WHITELISTED_FWD_HOST', $host, $source);
if ($filter_spam == 0) {
$redis->hSet('KEEP_SPAM', $host, 1);
}
elseif ($redis->hGet('KEEP_SPAM', $host)) {
$redis->hDel('KEEP_SPAM', $host);
}
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['forwarding_host_added'], htmlspecialchars(implode(', ', $hosts)))
);
break;
case 'edit':
global $lang;
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
$fwdhosts = (array)$_data['fwdhost'];
foreach ($fwdhosts as $fwdhost) {
$is_now = fwdhost('details', $fwdhost);
if (!empty($is_now)) {
$keep_spam = (isset($_data['keep_spam'])) ? $_data['keep_spam'] : $is_now['keep_spam'];
}
else {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
try {
if ($keep_spam == 1) {
$redis->hSet('KEEP_SPAM', $fwdhost, 1);
}
else {
$redis->hDel('KEEP_SPAM', $fwdhost);
}
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['object_modified'], htmlspecialchars(implode(', ', $fwdhosts)))
);
break;
case 'delete':
$hosts = (array)$_data['forwardinghost'];
foreach ($hosts as $host) {
try {
$redis->hDel('WHITELISTED_FWD_HOST', $host);
$redis->hDel('KEEP_SPAM', $host);
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['forwarding_host_removed'], htmlspecialchars(implode(', ', $hosts)))
);
break;
case 'get':
if ($_SESSION['mailcow_cc_role'] != "admin") {
return false;
}
$fwdhostsdata = array();
try {
$fwd_hosts = $redis->hGetAll('WHITELISTED_FWD_HOST');
if (!empty($fwd_hosts)) {
foreach ($fwd_hosts as $fwd_host => $source) {
$keep_spam = ($redis->hGet('KEEP_SPAM', $fwd_host)) ? "yes" : "no";
$fwdhostsdata[] = array(
'host' => $fwd_host,
'source' => $source,
'keep_spam' => $keep_spam
);
}
}
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
return $fwdhostsdata;
break;
case 'details':
$fwdhostdetails = array();
if (!isset($_data) || empty($_data)) {
return false;
}
try {
if ($source = $redis->hGet('WHITELISTED_FWD_HOST', $_data)) {
$fwdhostdetails['host'] = $_data;
$fwdhostdetails['source'] = $source;
$fwdhostdetails['keep_spam'] = ($redis->hGet('KEEP_SPAM', $_data)) ? "yes" : "no";
}
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
return $fwdhostdetails;
break;
}
}

305
data/web/inc/functions.inc.php
View File

@@ -1310,317 +1310,12 @@ function get_admin_details() {
}
return $data;
}
function dkim_add_key($postarray) {
global $lang;
global $pdo;
global $redis;
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
// if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
// $_SESSION['return'] = array(
// 'type' => 'danger',
// 'msg' => sprintf($lang['danger']['access_denied'])
// );
// return false;
// }
$key_length = intval($postarray['key_size']);
$dkim_selector = (isset($postarray['dkim_selector'])) ? $postarray['dkim_selector'] : 'dkim';
$domain = $postarray['domain'];
if (!is_valid_domain_name($domain) || !is_numeric($key_length)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
);
return false;
}
if (!empty(glob($GLOBALS['MC_DKIM_TXTS'] . '/' . $domain . '.dkim')) ||
$redis->hGet('DKIM_PUB_KEYS', $domain)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
);
return false;
}
if (!ctype_alnum($dkim_selector)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
);
return false;
}
$config = array(
"digest_alg" => "sha256",
"private_key_bits" => $key_length,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
if ($keypair_ressource = openssl_pkey_new($config)) {
$key_details = openssl_pkey_get_details($keypair_ressource);
$pubKey = implode(array_slice(
array_filter(
explode(PHP_EOL, $key_details['key'])
), 1, -1)
);
// Save public key and selector to redis
try {
$redis->hSet('DKIM_PUB_KEYS', $domain, $pubKey);
$redis->hSet('DKIM_SELECTORS', $domain, $dkim_selector);
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
// Export private key and save private key to redis
openssl_pkey_export($keypair_ressource, $privKey);
if (isset($privKey) && !empty($privKey)) {
try {
$redis->hSet('DKIM_PRIV_KEYS', $dkim_selector . '.' . $domain, trim($privKey));
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['dkim_added'])
);
return true;
}
else {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
);
return false;
}
}
function dkim_get_key_details($domain) {
global $redis;
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
return false;
}
$data = array();
if ($redis_dkim_key_data = $redis->hGet('DKIM_PUB_KEYS', $domain)) {
$data['pubkey'] = $redis_dkim_key_data;
$data['length'] = (strlen($data['pubkey']) < 391) ? 1024 : 2048;
$data['dkim_txt'] = 'v=DKIM1;k=rsa;t=s;s=email;p=' . $redis_dkim_key_data;
$data['dkim_selector'] = $redis->hGet('DKIM_SELECTORS', $domain);
}
return $data;
}
function dkim_get_blind_keys() {
global $redis;
global $lang;
if ($_SESSION['mailcow_cc_role'] != "admin") {
return false;
}
$domains = array();
foreach ($redis->hKeys('DKIM_PUB_KEYS') as $redis_dkim_domain) {
$domains[] = $redis_dkim_domain;
}
return array_diff($domains, array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains')));
}
function dkim_delete_key($postarray) {
global $redis;
global $lang;
if (!is_array($postarray['domains'])) {
$domains = array();
$domains[] = $postarray['domains'];
}
else {
$domains = $postarray['domains'];
}
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
foreach ($domains as $domain) {
if (!is_valid_domain_name($domain)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
);
return false;
}
try {
$selector = $redis->hGet('DKIM_SELECTORS', $domain);
$redis->hDel('DKIM_PUB_KEYS', $domain);
$redis->hDel('DKIM_PRIV_KEYS', $selector . '.' . $domain);
$redis->hDel('DKIM_SELECTORS', $domain);
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['dkim_removed'], htmlspecialchars(implode(', ', $domains)))
);
return true;
}
function get_u2f_registrations($username) {
global $pdo;
$sel = $pdo->prepare("SELECT * FROM `tfa` WHERE `authmech` = 'u2f' AND `username` = ? AND `active` = '1'");
$sel->execute(array($username));
return $sel->fetchAll(PDO::FETCH_OBJ);
}
function get_forwarding_hosts() {
global $redis;
$data = array();
try {
$fwd_hosts = $redis->hGetAll('WHITELISTED_FWD_HOST');
if (!empty($fwd_hosts)) {
foreach ($fwd_hosts as $fwd_host => $source) {
$data[] = $fwd_host;
}
}
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
return $data;
}
function get_forwarding_host_details($host) {
global $redis;
$data = array();
if (!isset($host) || empty($host)) {
return false;
}
try {
if ($source = $redis->hGet('WHITELISTED_FWD_HOST', $host)) {
$data['host'] = $host;
$data['source'] = $source;
$data['keep_spam'] = ($redis->hGet('KEEP_SPAM', $host)) ? "yes" : "no";
}
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
return $data;
}
function add_forwarding_host($postarray) {
require_once 'spf.inc.php';
global $redis;
global $lang;
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
$source = $postarray['hostname'];
$host = trim($postarray['hostname']);
$filter_spam = $postarray['filter_spam'];
if (isset($postarray['filter_spam']) && $postarray['filter_spam'] == 1) {
$filter_spam = 1;
}
else {
$filter_spam = 0;
}
if (preg_match('/^[0-9a-fA-F:\/]+$/', $host)) { // IPv6 address
$hosts = array($host);
}
elseif (preg_match('/^[0-9\.\/]+$/', $host)) { // IPv4 address
$hosts = array($host);
}
else {
$hosts = get_outgoing_hosts_best_guess($host);
}
if (empty($hosts)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Invalid host specified: '. htmlspecialchars($host)
);
return false;
}
foreach ($hosts as $host) {
try {
$redis->hSet('WHITELISTED_FWD_HOST', $host, $source);
if ($filter_spam == 0) {
$redis->hSet('KEEP_SPAM', $host, 1);
}
elseif ($redis->hGet('KEEP_SPAM', $host)) {
$redis->hDel('KEEP_SPAM', $host);
}
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['forwarding_host_added'], htmlspecialchars(implode(', ', $hosts)))
);
}
function delete_forwarding_host($postarray) {
global $redis;
global $lang;
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
if (!is_array($postarray['forwardinghost'])) {
$hosts = array();
$hosts[] = $postarray['forwardinghost'];
}
else {
$hosts = $postarray['forwardinghost'];
}
foreach ($hosts as $host) {
try {
$redis->hDel('WHITELISTED_FWD_HOST', $host);
$redis->hDel('KEEP_SPAM', $host);
}
catch (RedisException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'Redis: '.$e
);
return false;
}
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['forwarding_host_removed'], htmlspecialchars(implode(', ', $hosts)))
);
}
function get_logs($container, $lines = 100) {
global $lang;
global $redis;

12
data/web/inc/functions.mailbox.inc.php
View File

@@ -648,7 +648,7 @@ function mailbox($_action, $_type, $_data = null) {
if ($num_results == 0) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['domain_not_found'], $domain)
'msg' => sprintf($lang['danger']['domain_not_found'], htmlspecialchars($domain))
);
return false;
}
@@ -832,7 +832,7 @@ function mailbox($_action, $_type, $_data = null) {
if ($num_results == 0) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['domain_not_found'], $domain)
'msg' => sprintf($lang['danger']['domain_not_found'], htmlspecialchars($domain))
);
return false;
}
@@ -875,13 +875,7 @@ function mailbox($_action, $_type, $_data = null) {
case 'edit':
switch ($_type) {
case 'alias_domain':
if (!is_array($_data['alias_domain'])) {
$alias_domains = array();
$alias_domains[] = $_data['alias_domain'];
}
else {
$alias_domains = $_data['alias_domain'];
}
$alias_domains = (array)$_data['alias_domain'];
foreach ($alias_domains as $alias_domain) {
$alias_domain = idn_to_ascii(strtolower(trim($alias_domain)));
$is_now = mailbox('get', 'alias_domain_details', $alias_domain);

8
data/web/inc/functions.policy.inc.php
View File

@@ -168,13 +168,7 @@ function policy($_action, $_scope, $_data = null) {
case 'delete':
switch ($_scope) {
case 'domain':
if (!is_array($_data['prefid'])) {
$prefids = array();
$prefids[] = $_data['prefid'];
}
else {
$prefids = $_data['prefid'];
}
(array)$prefids = $_data['prefid'];
foreach ($prefids as $prefid) {
if (!is_numeric($prefid)) {
$_SESSION['return'] = array(

4
data/web/inc/prerequisites.inc.php
View File

@@ -14,7 +14,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/vendor/autoload.php';
// U2F API + T/HOTP API
$u2f = new u2flib_server\U2F('https://' . $_SERVER['HTTP_HOST']);
$tfa = new RobThree\Auth\TwoFactorAuth('mailcow UI');
$tfa = new RobThree\Auth\TwoFactorAuth($OTP_LABEL);
// Redis
$redis = new Redis();
@@ -60,6 +60,8 @@ include $_SERVER['DOCUMENT_ROOT'] . '/lang/lang.'.$_SESSION['mailcow_locale'].'.
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.mailbox.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.policy.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.dkim.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.fwdhost.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/init_db.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.inc.php';
init_db_schema();

184
data/web/inc/tfa_modals.php
View File

@@ -1,184 +0,0 @@
<?php
if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin" || $_SESSION['mailcow_cc_role'] == "domainadmin")):
?>
<div class="modal fade" id="YubiOTPModal" tabindex="-1" role="dialog" aria-labelledby="YubiOTPModalLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header"><b><?=$lang['tfa']['yubi_otp'];?></b></div>
<div class="modal-body">
<form role="form" method="post">
<div class="form-group">
<input type="text" class="form-control" name="key_id" id="key_id" placeholder="<?=$lang['tfa']['key_id'];?>" autocomplete="off" required>
</div>
<hr>
<p class="help-block"><?=$lang['tfa']['api_register'];?></p>
<div class="form-group">
<input type="text" class="form-control" name="yubico_id" id="yubico_id" placeholder="Yubico API ID" autocomplete="off" required>
</div>
<div class="form-group">
<input type="text" class="form-control" name="yubico_key" id="yubico_key" placeholder="Yubico API Key" autocomplete="off" required>
</div>
<hr>
<div class="form-group">
<input type="password" class="form-control" name="confirm_password" id="confirm_password" placeholder="<?=$lang['user']['password_now'];?>" autocomplete="off" required>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon" id="yubi-addon"><img alt="Yubicon Icon" src="/img/yubi.ico"></span>
<input type="text" name="otp_token" class="form-control" placeholder="Touch Yubikey" aria-describedby="yubi-addon">
<input type="hidden" name="tfa_method" value="yubi_otp">
</div>
</div>
<button class="btn btn-sm btn-default" type="submit" name="set_tfa"><?=$lang['user']['save_changes'];?></button>
</form>
</div>
</div>
</div>
</div>
<div class="modal fade" id="U2FModal" tabindex="-1" role="dialog" aria-labelledby="U2FModalLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header"><b><?=$lang['tfa']['u2f'];?></b></div>
<div class="modal-body">
<form role="form" method="post" id="u2f_reg_form">
<div class="form-group">
<input type="text" class="form-control" name="key_id" id="key_id" placeholder="<?=$lang['tfa']['key_id'];?>" autocomplete="off" required>
</div>
<div class="form-group">
<input type="password" class="form-control" name="confirm_password" id="confirm_password" placeholder="<?=$lang['user']['password_now'];?>" autocomplete="off" required>
</div>
<hr>
<p><?=$lang['tfa']['waiting_usb_register'];?></p>
<div class="alert alert-danger" style="display:none" id="u2f_return_code"></div>
<input type="hidden" name="token" id="u2f_register_data"/>
<input type="hidden" name="tfa_method" value="u2f">
<input type="hidden" name="set_tfa"/><br/>
</form>
</div>
</div>
</div>
</div>
<div class="modal fade" id="TOTPModal" tabindex="-1" role="dialog" aria-labelledby="TOTPModalLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header"><b><?=$lang['tfa']['totp'];?></b></div>
<div class="modal-body">
<form role="form" method="post">
<div class="form-group">
<input type="text" class="form-control" name="key_id" id="key_id" placeholder="<?=$lang['tfa']['key_id_totp'];?>" autocomplete="off" required>
</div>
<div class="form-group">
<input type="password" class="form-control" name="confirm_password" id="confirm_password" placeholder="<?=$lang['user']['password_now'];?>" autocomplete="off" required>
</div>
<hr>
<?php
$totp_secret = $tfa->createSecret();
?>
<input type="hidden" value="<?=$totp_secret;?>" name="totp_secret" id="totp_secret"/>
<input type="hidden" name="tfa_method" value="totp">
<ol>
<li>
<p><?=$lang['tfa']['scan_qr_code'];?></p>
<img src="<?=$tfa->getQRCodeImageAsDataUri($_SESSION['mailcow_cc_username'], $totp_secret);?>">
<p class="help-block"><?=$lang['tfa']['enter_qr_code'];?>:<br />
<code><?=$totp_secret;?></code>
</p>
</li>
<li>
<p><?=$lang['tfa']['confirm_totp_token'];?>:</p>
<p><input type="number" style="width:33%" class="form-control" name="totp_confirm_token" id="totp_confirm_token" autocomplete="off" required></p>
<p><button class="btn btn-default" type="submit" name="set_tfa"><?=$lang['tfa']['confirm'];?></button></p>
</li>
</ol>
</form>
</div>
</div>
</div>
</div>
<div class="modal fade" id="DisableTFAModal" tabindex="-1" role="dialog" aria-labelledby="DisableTFAModalLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header"><b><?=$lang['tfa']['delete_tfa'];?></b></div>
<div class="modal-body">
<form role="form" method="post">
<div class="input-group">
<input type="password" class="form-control" name="confirm_password" id="confirm_password" placeholder="<?=$lang['user']['password_now'];?>" autocomplete="off" required>
<span class="input-group-btn">
<input type="hidden" name="tfa_method" value="none">
<button class="btn btn-danger" type="submit" name="set_tfa"><?=$lang['tfa']['delete_tfa'];?></button>
</span>
</div>
</form>
</div>
</div>
</div>
</div>
<?php
endif;
if (isset($_SESSION['pending_tfa_method'])):
$tfa_method = $_SESSION['pending_tfa_method'];
?>
<div class="modal fade" id="ConfirmTFAModal" tabindex="-1" role="dialog" aria-labelledby="ConfirmTFAModalLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header"><button type="button" class="close" data-dismiss="modal">&times;</button><b><?=$lang['tfa'][$tfa_method];?></b></div>
<div class="modal-body">
<?php
switch ($tfa_method) {
case "yubi_otp":
?>
<form role="form" method="post">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon" id="yubi-addon"><img alt="Yubicon Icon" src="/img/yubi.ico"></span>
<input type="text" name="token" id="token" class="form-control" autocomplete="off" placeholder="Touch Yubikey" aria-describedby="yubi-addon">
<input type="hidden" name="tfa_method" value="yubi_otp">
</div>
</div>
<button class="btn btn-sm btn-default" type="submit" name="verify_tfa_login"><?=$lang['login']['login'];?></button>
</form>
<?php
break;
case "u2f":
?>
<form role="form" method="post" id="u2f_auth_form">
<p><?=$lang['tfa']['waiting_usb_auth'];?></p>
<div class="alert alert-danger" style="display:none" id="u2f_return_code"></div>
<input type="hidden" name="token" id="u2f_auth_data"/>
<input type="hidden" name="tfa_method" value="u2f">
<input type="hidden" name="verify_tfa_login"/><br/>
</form>
<?php
break;
case "totp":
?>
<form role="form" method="post">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon" id="tfa-addon"><span class="glyphicon glyphicon-lock" aria-hidden="true"></span></span>
<input type="number" min="000000" max="999999" name="token" id="token" class="form-control" placeholder="123456" aria-describedby="tfa-addon">
<input type="hidden" name="tfa_method" value="totp">
</div>
</div>
<button class="btn btn-sm btn-default" type="submit" name="verify_tfa_login"><?=$lang['login']['login'];?></button>
</form>
<?php
break;
case "hotp":
?>
<div class="empty"></div>
<?php
break;
}
?>
</div>
</div>
</div>
</div>
<?php
endif;
?>

40
data/web/inc/triggers.inc.php
View File

@@ -53,33 +53,11 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admi
}
}
}
if (isset($_POST["edit_admin_account"])) {
edit_admin_account($_POST);
}
if (isset($_POST["dkim_delete_key"])) {
dkim_delete_key($_POST);
}
if (isset($_POST["dkim_add_key"])) {
dkim_add_key($_POST);
}
if (isset($_POST["add_forwarding_host"])) {
add_forwarding_host($_POST);
}
if (isset($_POST["delete_forwarding_host"])) {
delete_forwarding_host($_POST);
}
}
if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "user") {
if (isset($_POST["edit_user_account"])) {
edit_user_account($_POST);
}
if (isset($_POST["add_policy_list_item"])) {
policy('add', 'mailbox', $_POST);
}
if (isset($_POST["add_syncjob"])) {
mailbox('add', 'syncjob', $_POST);
}
if (isset($_POST["edit_syncjob"])) {
mailbox('edit', 'syncjob', $_POST);
}
@@ -94,24 +72,6 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
if (isset($_POST["unset_tfa_key"])) {
unset_tfa_key($_POST);
}
if (isset($_POST["add_policy_list_item"])) {
policy('add', 'domain', $_POST);
}
if (isset($_POST["mailbox_add_domain"])) {
mailbox('add', 'domain', $_POST);
}
if (isset($_POST["mailbox_add_alias"])) {
mailbox('add', 'alias', $_POST);
}
if (isset($_POST["mailbox_add_alias_domain"])) {
mailbox('add', 'alias_domain', $_POST);
}
if (isset($_POST["mailbox_add_mailbox"])) {
mailbox('add', 'mailbox', $_POST);
}
if (isset($_POST["mailbox_add_resource"])) {
mailbox('add', 'resource', $_POST);
}
if (isset($_POST["mailbox_edit_alias"])) {
mailbox('edit', 'alias', $_POST);
}

8
data/web/inc/vars.inc.php
View File

@@ -1,7 +1,6 @@
<?php
error_reporting(E_ERROR);
//error_reporting(E_ALL);
header('X-Powered-By: mailcow');
/*
PLEASE USE THE FILE "vars.local.inc.php" TO OVERWRITE SETTINGS AND MAKE THEM PERSISTENT!
@@ -23,10 +22,6 @@ $mailcow_hostname = getenv('MAILCOW_HOSTNAME');
// "form" will stay in the current form, "previous" will redirect to previous page
$FORM_ACTION = 'previous';
// File locations should not be changed
$MC_DKIM_TXTS = '/data/dkim/txt';
$MC_DKIM_KEYS = '/data/dkim/keys';
// Change default language, "de", "en", "es", "nl", "pt", "ru"
$DEFAULT_LANG = 'en';
@@ -59,3 +54,6 @@ $PAGINATION_SIZE = 10;
// Session lifetime in seconds
$SESSION_LIFETIME = 3600;
// Label for OTP devices
$OTP_LABEL = "mailcow UI";