7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

More structural changes

Browse Source
This commit is contained in:
andryyy
2017-05-23 09:36:59 +02:00
parent 5a62d29fa6
commit fd5a59086b
21 changed files with 4827 additions and 4316 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
data/web/inc/footer.inc.php
View File

@@ -31,7 +31,7 @@ endif;
<h4 class="modal-title"><?= $lang['footer']['confirm_delete']; ?></h4>
</div>
<div class="modal-body">
<p><?= $lang['footer']['delete_these_items']; ?></p>
<p id="DeleteText"><?= $lang['footer']['delete_these_items']; ?></p>
<ul id="ItemsToDelete"></ul>
<hr>
<button class="btn btn-sm btn-danger" id="IsConfirmed"><?= $lang['footer']['delete_now']; ?></button>
@@ -48,6 +48,7 @@ endif;
<script src="/js/bootstrap-select.min.js"></script>
<script src="/js/notifications.min.js"></script>
<script src="/js/u2f-api.js"></script>
<script src="/js/api.js"></script>
<script>
// Select language and reopen active URL without POST
function setLang(sel) {

3596
data/web/inc/functions.inc.php
View File

File diff suppressed because it is too large Load Diff

3116
data/web/inc/functions.mailbox.inc.php Normal file
View File

File diff suppressed because it is too large Load Diff

354
data/web/inc/functions.policy.inc.php Normal file
View File

@@ -0,0 +1,354 @@
<?php
function policy($_action, $_scope, $_data = null) {
global $pdo;
global $redis;
global $lang;
switch ($_action) {
case 'add':
switch ($_scope) {
case 'domain':
$object = $_data['domain'];
if (is_valid_domain_name($object)) {
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
$object = idn_to_ascii(strtolower(trim($object)));
}
else {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
if ($_data['object_list'] == "bl") {
$object_list = "blacklist_from";
}
elseif ($_data['object_list'] == "wl") {
$object_list = "whitelist_from";
}
$object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($_data['object_from']))), '.'));
if (!ctype_alnum(str_replace(array('@', '.', '-', '*'), '', $object_from))) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['policy_list_from_invalid'])
);
return false;
}
if ($object_list != "blacklist_from" && $object_list != "whitelist_from") {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
try {
$stmt = $pdo->prepare("SELECT `object` FROM `filterconf`
WHERE (`option` = 'whitelist_from' OR `option` = 'blacklist_from')
AND `object` = :object
AND `value` = :object_from");
$stmt->execute(array(':object' => $object, ':object_from' => $object_from));
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if ($num_results != 0) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['policy_list_from_exists'])
);
return false;
}
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
try {
$stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)
VALUES (:object, :object_list, :object_from)");
$stmt->execute(array(
':object' => $object,
':object_list' => $object_list,
':object_from' => $object_from
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['domain_modified'], $object)
);
break;
case 'mailbox':
$object = $_data['username'];
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
if ($_data['object_list'] == "bl") {
$object_list = "blacklist_from";
}
elseif ($_data['object_list'] == "wl") {
$object_list = "whitelist_from";
}
$object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($_data['object_from']))), '.'));
if (!ctype_alnum(str_replace(array('@', '.', '-', '*'), '', $object_from))) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['policy_list_from_invalid'])
);
return false;
}
if ($object_list != "blacklist_from" && $object_list != "whitelist_from") {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
try {
$stmt = $pdo->prepare("SELECT `object` FROM `filterconf`
WHERE (`option` = 'whitelist_from' OR `option` = 'blacklist_from')
AND `object` = :object
AND `value` = :object_from");
$stmt->execute(array(':object' => $object, ':object_from' => $object_from));
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if ($num_results != 0) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['policy_list_from_exists'])
);
return false;
}
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
try {
$stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)
VALUES (:object, :object_list, :object_from)");
$stmt->execute(array(
':object' => $object,
':object_list' => $object_list,
':object_from' => $object_from
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['mailbox_modified'], $object)
);
break;
}
break;
case 'delete':
switch ($_scope) {
case 'domain':
if (!is_array($_data['prefid'])) {
$prefids = array();
$prefids[] = $_data['prefid'];
}
else {
$prefids = $_data['prefid'];
}
foreach ($prefids as $prefid) {
if (!is_numeric($prefid)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
try {
$stmt = $pdo->prepare("SELECT `object` FROM `filterconf` WHERE `prefid` = :prefid");
$stmt->execute(array(':prefid' => $prefid));
$object = $stmt->fetch(PDO::FETCH_ASSOC)['object'];
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
}
if (is_valid_domain_name($object)) {
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
$object = idn_to_ascii(strtolower(trim($object)));
}
else {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
try {
$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid");
$stmt->execute(array(
':object' => $object,
':prefid' => $prefid
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['items_deleted'], implode(', ', $prefids))
);
break;
case 'mailbox':
if (!is_array($_data['prefid'])) {
$prefids = array();
$prefids[] = $_data['prefid'];
}
else {
$prefids = $_data['prefid'];
}
foreach ($prefids as $prefid) {
if (!is_numeric($prefid)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
try {
$stmt = $pdo->prepare("SELECT `object` FROM `filterconf` WHERE `prefid` = :prefid");
$stmt->execute(array(':prefid' => $prefid));
$object = $stmt->fetch(PDO::FETCH_ASSOC)['object'];
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
}
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => sprintf($lang['danger']['access_denied'])
);
return false;
}
try {
$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid");
$stmt->execute(array(
':object' => $object,
':prefid' => $prefid
));
}
catch (PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
return false;
}
}
$_SESSION['return'] = array(
'type' => 'success',
'msg' => sprintf($lang['success']['items_deleted'], implode(', ', $prefids))
);
break;
}
break;
case 'get':
switch ($_scope) {
case 'domain':
if (!is_valid_domain_name($_data)) {
return false;
}
else {
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
return false;
}
$_data = idn_to_ascii(strtolower(trim($_data)));
}
try {
// WHITELIST
$stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND (`object` LIKE :object_mail OR `object` = :object_domain)");
$stmt->execute(array(':object_mail' => '%@' . $_data, ':object_domain' => $_data));
$rows['whitelist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);
// BLACKLIST
$stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND (`object` LIKE :object_mail OR `object` = :object_domain)");
$stmt->execute(array(':object_mail' => '%@' . $_data, ':object_domain' => $_data));
$rows['blacklist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
}
return $rows;
break;
case 'mailbox':
if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
return false;
}
}
else {
$_data = $_SESSION['mailcow_cc_username'];
}
$domain = mailbox('get', 'mailbox_details', $_data)['domain'];
if (empty($domain)) {
return false;
}
try {
// WHITELIST
$stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND (`object` = :username OR `object` = :domain)");
$stmt->execute(array(':username' => $_data, ':domain' => $domain));
$rows['whitelist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);
// BLACKLIST
$stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND (`object` = :username OR `object` = :domain)");
$stmt->execute(array(':username' => $_data, ':domain' => $domain));
$rows['blacklist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
catch(PDOException $e) {
$_SESSION['return'] = array(
'type' => 'danger',
'msg' => 'MySQL: '.$e
);
}
return $rows;
break;
}
break;
}
}

1
data/web/inc/header.inc.php
View File

@@ -22,6 +22,7 @@
<?= (preg_match("/mailbox.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/mailbox.css">' : null; ?>
<?= (preg_match("/admin.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/admin.css">' : null; ?>
<?= (preg_match("/user.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/user.css">' : null; ?>
<?= (preg_match("/edit.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/edit.css">' : null; ?>
<link rel="shortcut icon" href="/favicon.png" type="image/png">
<link rel="icon" href="/favicon.png" type="image/png">
</head>

16
data/web/inc/prerequisites.inc.php
View File

@@ -42,28 +42,24 @@ try {
}
catch (PDOException $e) {
?>
<center style='font-family: "Lucida Sans Unicode", "Lucida Grande", Verdana, Arial, Helvetica, sans-serif;'>?? Connection failed, database may be in warm-up state, please try again later.<br /><br />The following error was reported:<br/> <?=$e->getMessage();?></center>
<center style='font-family: "Lucida Sans Unicode", "Lucida Grande", Verdana, Arial, Helvetica, sans-serif;'>Connection failed, database may be in warm-up state, please try again later.<br /><br />The following error was reported:<br/> <?=$e->getMessage();?></center>
<?php
exit;
}
// Set language
$_SESSION['mailcow_locale'] = strtolower(trim($DEFAULT_LANG));
if (!isset($_SESSION['mailcow_locale'])) {
$_SESSION['mailcow_locale'] = strtolower(trim($DEFAULT_LANG));
}
if (isset($_GET['lang']) && in_array($_GET['lang'], $AVAILABLE_LANGUAGES)) {
$_SESSION['mailcow_locale'] = $_GET['lang'];
}
elseif (isset($_COOKIE['language']) && in_array($_COOKIE['language'], $AVAILABLE_LANGUAGES)) {
$_SESSION['mailcow_locale'] = $_COOKIE['language'];
}
if (isset($_SESSION['mailcow_locale']) && !file_exists($_SERVER['DOCUMENT_ROOT'] . '/lang/lang.'.$_SESSION['mailcow_locale'].'.php')) {
$_SESSION['mailcow_locale'] = strtolower(trim($DEFAULT_LANG));
}
setcookie('language', $_SESSION['mailcow_locale']);
require_once $_SERVER['DOCUMENT_ROOT'] . '/lang/lang.en.php';
include $_SERVER['DOCUMENT_ROOT'] . '/lang/lang.'.$_SESSION['mailcow_locale'].'.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.mailbox.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.policy.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/init_db.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.inc.php';
init_db_schema();

67
data/web/inc/triggers.inc.php
View File

@@ -44,10 +44,7 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") {
if (isset($_GET["duallogin"])) {
if (filter_var($_GET["duallogin"], FILTER_VALIDATE_EMAIL)) {
$stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `username` = :duallogin");
$stmt->execute(array(':duallogin' => $_GET["duallogin"]));
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if ($num_results != 0) {
if (!empty(mailbox('get', 'mailbox_details', $_GET["duallogin"]))) {
$_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
$_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role'];
$_SESSION['mailcow_cc_username'] = $_GET["duallogin"];
@@ -83,35 +80,14 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "user
if (isset($_POST["edit_user_account"])) {
edit_user_account($_POST);
}
if (isset($_POST["mailbox_reset_eas"])) {
mailbox_reset_eas($_POST);
}
if (isset($_POST["edit_spam_score"])) {
edit_spam_score($_POST);
}
if (isset($_POST["edit_delimiter_action"])) {
edit_delimiter_action($_POST);
}
if (isset($_POST["add_policy_list_item"])) {
add_policy_list_item($_POST);
}
if (isset($_POST["delete_policy_list_item"])) {
delete_policy_list_item($_POST);
}
if (isset($_POST["edit_tls_policy"])) {
edit_tls_policy($_POST);
policy('add', 'mailbox', $_POST);
}
if (isset($_POST["add_syncjob"])) {
add_syncjob($_POST);
mailbox('add', 'syncjob', $_POST);
}
if (isset($_POST["edit_syncjob"])) {
edit_syncjob($_POST);
}
if (isset($_POST["delete_syncjob"])) {
delete_syncjob($_POST);
}
if (isset($_POST["set_time_limited_aliases"])) {
set_time_limited_aliases($_POST);
mailbox('edit', 'syncjob', $_POST);
}
}
if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin" || $_SESSION['mailcow_cc_role'] == "domainadmin")) {
@@ -125,55 +101,52 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
unset_tfa_key($_POST);
}
if (isset($_POST["add_policy_list_item"])) {
add_policy_list_item($_POST);
}
if (isset($_POST["delete_policy_list_item"])) {
delete_policy_list_item($_POST);
policy('add', 'domain', $_POST);
}
if (isset($_POST["mailbox_add_domain"])) {
mailbox_add_domain($_POST);
mailbox('add', 'domain', $_POST);
}
if (isset($_POST["mailbox_add_alias"])) {
mailbox_add_alias($_POST);
mailbox('add', 'alias', $_POST);
}
if (isset($_POST["mailbox_add_alias_domain"])) {
mailbox_add_alias_domain($_POST);
mailbox('add', 'alias_domain', $_POST);
}
if (isset($_POST["mailbox_add_mailbox"])) {
mailbox_add_mailbox($_POST);
mailbox('add', 'mailbox', $_POST);
}
if (isset($_POST["mailbox_add_resource"])) {
mailbox_add_resource($_POST);
mailbox('add', 'resource', $_POST);
}
if (isset($_POST["mailbox_edit_alias"])) {
mailbox_edit_alias($_POST);
mailbox('edit', 'alias', $_POST);
}
if (isset($_POST["mailbox_edit_domain"])) {
mailbox_edit_domain($_POST);
mailbox('edit', 'domain', $_POST);
}
if (isset($_POST["mailbox_edit_mailbox"])) {
mailbox_edit_mailbox($_POST);
mailbox('edit', 'mailbox', $_POST);
}
if (isset($_POST["mailbox_edit_alias_domain"])) {
mailbox_edit_alias_domain($_POST);
mailbox('edit', 'alias_domain', $_POST);
}
if (isset($_POST["mailbox_edit_resource"])) {
mailbox_edit_resource($_POST);
mailbox('edit', 'resource', $_POST);
}
if (isset($_POST["mailbox_delete_domain"])) {
mailbox_delete_domain($_POST);
mailbox('delete', 'domain', $_POST);
}
if (isset($_POST["mailbox_delete_alias"])) {
mailbox_delete_alias($_POST);
mailbox('delete', 'delete_alias', $_POST);
}
if (isset($_POST["mailbox_delete_alias_domain"])) {
mailbox_delete_alias_domain($_POST);
mailbox('delete', 'alias_domain', $_POST);
}
if (isset($_POST["mailbox_delete_mailbox"])) {
mailbox_delete_mailbox($_POST);
mailbox('delete', 'mailbox', $_POST);
}
if (isset($_POST["mailbox_delete_resource"])) {
mailbox_delete_resource($_POST);
mailbox('delete', 'resource', $_POST);
}
}
?>