diff --git a/private/config.ini b/private/config.ini index 24f8589..4db2db5 100644 --- a/private/config.ini +++ b/private/config.ini @@ -8,4 +8,13 @@ dbname = mailfolderpath = maildirencryption = captcha = -allowregistration = \ No newline at end of file +allowregistration = +adminadress = +deletedelrequestdaydiff = +sendactivationinfo = +prohibadminmailcreation = + +[mailserver] +mailsmtpserver="" +mailadress="" +mailpw='' diff --git a/public/admin.php b/public/admin.php index 34fa856..3063347 100644 --- a/public/admin.php +++ b/public/admin.php @@ -25,7 +25,7 @@ session_start(); if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) { echo ' -Roteserver - Mail Admin Settings +Mail Admin Settings

Mail Admin Settings:

'; @@ -33,16 +33,16 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) { echo 'Erfolgreich geändert.'; } if (isset($_GET['fehler'])) { - echo '

Fehler: ' . $_GET['fehler'] . '

'; + echo '

Fehler: ' . htmlentities($_GET['fehler']) . '

'; } echo '

Normale Einstellungen

'; echo '

Mailadresse aktivieren:

'; @@ -51,34 +51,59 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {

Mailadresse deaktivieren:

Emailadresse hinzufügen:

- + +
+

Passwort einer Email-Adresse ändern:

+
+'; + echo ' + +

Emailadresse entfernen:

Maillisten Einstellungen

 - +'; +$abfrage = "SELECT `id`, `username`, `domain`, `quota`, `enabled`, `sendonly`, `forcepwreset`, `admin` FROM `accounts` ORDER by `domain`, `username` ASC"; +$result = $dbh->query($abfrage); +while ($emails = $result->fetch()) { + echo ''; +} +echo '
Emailadressen:
Email-Adressequotaenabledsendonlyforcepwresetadmin
' . htmlentities($emails['username']) . '@' . htmlentities($emails['domain']) . '' . htmlentities($emails['quota']) . '' . htmlentities($emails['enabled']) . '' . htmlentities($emails['sendonly']) . '' . htmlentities($emails['forcepwreset']) . '' . htmlentities($emails['admin']) . '
'; exit; } diff --git a/public/bin/activatemail.php b/public/bin/activatemail.php index 018ce31..a43cf40 100644 --- a/public/bin/activatemail.php +++ b/public/bin/activatemail.php @@ -24,7 +24,7 @@ try { session_start(); if ($_SESSION['log'] == 1 && $_SESSION['admin']) { $mailuserID = $_POST['mailuserID']; - $eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='1' WHERE `id` LIKE :mailuserID"; + $eintrag = "UPDATE `accounts` SET `enabled`='1' WHERE `id` LIKE :mailuserID"; $sth = $dbh->prepare($eintrag); $sth->execute(array(':mailuserID' => $mailuserID)); header("Location: ../admin.php?success=1"); diff --git a/public/bin/addmaillist.php b/public/bin/addmaillist.php index d873648..05c332e 100644 --- a/public/bin/addmaillist.php +++ b/public/bin/addmaillist.php @@ -23,10 +23,23 @@ try { } session_start(); if ($_SESSION['log'] == 1 && $_SESSION['admin']) { - $eintrag = "INSERT INTO `virtual_aliases` (`domain_id`, `source`, `destination`, `owner`, `private`, `name`) VALUES (1, :source, :destination, :owner, :private, :name)"; // Aliasdaten in MailServer DB eintragen + $eintrag = "INSERT INTO `alias_details` (`name`, `owners`, `destinations`, `security`) VALUES (:newlistname, :owners, :destinations, :security)"; // Aliasdaten in MailServer DB eintragen $sth = $dbh->prepare($eintrag); - $sth->execute(array('source' => $_POST['maillistsource'], 'destination' => $_POST['maillistadresses'], 'owner' => $_POST['maillistownerid'], 'private' => $_POST['listprivate'], 'name' => $_POST['maillistname'])); + $sth->execute(array(':newlistname' => $_POST['newlistname'], ':owners' => $_POST['newlistowners'], ':destinations' => $_POST['newlistdestinations'], ':security' => $_POST['newlistsecurity'])); + $newlistid = $dbh->lastInsertID(); + foreach (explode(' ', $_POST['newlistowners']) as $maillistowner) { + $maillistownerex = explode('@', $maillistowner); + $eintrag = "INSERT INTO `alias_owner` (`alias_id`, `owner_username`, `owner_domain`) VALUES (:aliasid, :owner_username, :owner_domain)"; // Aliasdaten in MailServer DB eintragen + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':aliasid' => $newlistid, ':owner_username' => $maillistownerex[0], ':owner_domain' => $maillistownerex[1])); } + foreach (explode(' ', $_POST['newlistdestinations']) as $maillistdestination) { + $maillistdestinationex = explode('@', $maillistdestination); + $eintrag = "INSERT INTO `aliases` (`alias_id`, `source_username`, `source_domain`, `destination_username`, `destination_domain`) VALUES (:aliasid, :source_username, :source_domain, :destination_username, :destination_domain)"; // Aliasdaten in MailServer DB eintragen + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':aliasid' => $newlistid, ':source_username' => $_POST['newlistsourceadress'], ':source_domain' => $_POST['newlistsourcedomain'], ':destination_username' => $maillistdestinationex[0], ':destination_domain' => $maillistdestinationex[1])); + } +} header("Location: maillistsettings.php"); exit; ?> \ No newline at end of file diff --git a/public/bin/changemailpw.php b/public/bin/changemailpw.php index b37cc5c..f0d5fa8 100644 --- a/public/bin/changemailpw.php +++ b/public/bin/changemailpw.php @@ -22,51 +22,66 @@ try { echo 'Connection failed'; } session_start(); -if ($_SESSION['log'] == 1) { +if ($_SESSION['log'] == 1 or $_SESSION['forcepwreset']) { if ($_POST['newmailpw'] == $_POST['newmailpwrep']) { $newmailpw = $_POST['newmailpw']; $oldmailpw = $_POST['oldmailpw']; if (strpos($newmailpw, "'") !== false) { - header("Location: settings.php?wrongsymbols=1"); + if ($_SESSION['forcepwreset']) header("Location: ../index.php?wrongsymbols=1"); + else header("Location: ../settings.php?wrongsymbols=1"); exit; } - $mailusername = $_SESSION['email']; - $abfrage = "SELECT `password` FROM `virtual_users` WHERE `email` = :newmailusernamefull"; + $mailusername = $_SESSION['username']; + $maildomain = $_SESSION['domain']; + $abfrage = "SELECT `password` FROM `accounts` WHERE `username` = :newmailusername AND `domain` = :newmaildomain"; $sth = $dbh->prepare($abfrage); - $sth->execute(array('newmailusernamefull' => $mailusername)); + $sth->execute(array(':newmailusername' => $mailusername, ':newmaildomain' => $maildomain)); $result= $sth->fetchAll(); $oldpwhashed = $result[0]['password']; + if ($_SESSION['forcepwreset'] and password_verify($newmailpw, $oldpwhashed)) { + header("Location: ../index.php?newpwequal=1"); + exit; + } if (password_verify($oldmailpw, $oldpwhashed)) { if (strlen($newmailpw) >= 8) { $newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]); - $eintrag = "UPDATE `virtual_users` SET `password` = :newmailpwhashed WHERE `email` LIKE :mailusername"; + $eintrag = "UPDATE `accounts` SET `password` = :newmailpwhashed WHERE `username` LIKE :mailusername AND `domain` LIKE :maildomain"; $sth = $dbh->prepare($eintrag); - $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'mailusername' => $mailusername)); - if ($config['maildirencryption']) { - if ($_POST['forcekeyregen']) { - exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($mailusername)); - } - else { - exec('sudo -u vmail /usr/bin/doveadm mailbox cryptokey password -o stats_writer_socket_path= -u ' . escapeshellarg($mailusername) . ' -n ' . escapeshellarg($newmailpw) . ' -o' . escapeshellcmd($oldmailpw)); - } + $sth->execute(array(':newmailpwhashed' => $newmailpwhashed, ':mailusername' => $mailusername, ':maildomain' => $maildomain)); + //if ($config['maildirencryption']) { + // if ($_POST['forcekeyregen']) { + // exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($mailusername)); + // } + // else { + // exec('sudo -u vmail /usr/bin/doveadm mailbox cryptokey password -o stats_writer_socket_path= -u ' . escapeshellarg($mailusername) . ' -n ' . escapeshellarg($newmailpw) . ' -o' . escapeshellcmd($oldmailpw)); + // } + //} + if ($_SESSION['forcepwreset']) { + $_SESSION['forcepwreset'] = 0; + $_SESSION['log'] = 1; + $eintrag = "UPDATE `accounts` SET `forcepwreset` = '0', `enabled` = '1' WHERE `username` LIKE :mailusername AND `domain` LIKE :maildomain"; + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':mailusername' => $mailusername, ':maildomain' => $maildomain)); } header("Location: ../settings.php?success=1"); exit; } else { - header("Location: ../settings.php?pwtoshort=1"); + if ($_SESSION['forcepwreset']) header("Location: ../index.php?pwtoshort=1"); + else header("Location: ../settings.php?pwtoshort=1"); exit; } } else { - header( "Location: ../settings.php?pwmissmatch=1"); + if ($_SESSION['forcepwreset']) header("Location: ../index.php?pwmissmatch=1"); + else header( "Location: ../settings.php?pwmissmatch=1"); exit; } } else { - header("Location: ../settings.php?pwnotequal=1"); + if ($_SESSION['forcepwreset']) header("Location: ../index.php?pwnotequal=1"); + else header("Location: ../settings.php?pwnotequal=1"); exit; } } -header("Location: index.php"); -?> \ No newline at end of file +header("Location: ../index.php"); diff --git a/public/bin/changemailpwadm.php b/public/bin/changemailpwadm.php new file mode 100644 index 0000000..9a83905 --- /dev/null +++ b/public/bin/changemailpwadm.php @@ -0,0 +1,50 @@ +. */ +$config = parse_ini_file('../../private/config.ini'); +try { + $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); +} catch (PDOException $e) { + //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen + echo 'Connection failed'; +} +session_start(); +if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) { + if (strpos($_POST['newmailpw'] , "'") !== false) { + header("Location: ../admin.php?wrongsymbols=1"); + exit; + } + if ($_POST['newmailpw'] == $_POST['newmailpwrep']) { + if (strlen($_POST['newmailpw'] ) >= 8) { + $newmailpwhashed = password_hash($_POST['newmailpw'] , PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]); + $eintrag = "UPDATE `accounts` SET `password` = :newmailpwhashed WHERE `id` LIKE :id"; + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':newmailpwhashed' => $newmailpwhashed, ':id' => $_POST['changemailid'])); + header("Location: ../settings.php?success=1"); + exit; + } + else { + header("Location: ../admin.php?pwtoshort=1"); + exit; + } + } + else { + header("Location: ../admin.php?pwnotequal=1"); + exit; + } +} +header("Location: index.php"); +?> \ No newline at end of file diff --git a/public/bin/createmailuser.php b/public/bin/createmailuser.php index 4b1c1f7..8964826 100644 --- a/public/bin/createmailuser.php +++ b/public/bin/createmailuser.php @@ -21,121 +21,131 @@ try { //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen echo 'Connection failed'; } -if ($config['allowregistration']) { - - function createmailuser($newmailusername, $newmailpw, $newmailpwrep, $admin) { - global $dbh; - global $config; - $pattern = array(); - $pattern[0] = ' '; - $pattern[1] = '@'; - $pattern[2] = 'roteserver'; - $pattern[3] = 'roteserver.de'; - $pattern[4] = 'admin'; - $pattern[5] = 'noreply'; - $pattern[6] = 'info'; - $pattern[7] = 'webmaster'; - $newmailusername = str_replace($pattern, "", $newmailusername); - $newmailusernamefull = $newmailusername . '@roteserver.de'; - if (!filter_var($newmailuserfull, FILTER_VALIDATE_EMAIL)) { - // nicht ordentliche EmailAdresse +function createmailuser($newmailusername, $newmaildomainid, $newmailpw, $newmailpwrep, $newmailforcepwreset, $admin) { + global $dbh; + global $config; + $abfrage = "SELECT domain FROM `domains` WHERE `id` LIKE :newmaildomainid"; + $sth = $dbh->prepare($abfrage); + $sth->execute(array(':newmaildomainid' => $newmaildomainid)); + $result = $sth->fetchAll(); + $newmaildomain = $result[0]['domain']; + $pattern = array(); + $pattern[0] = ' '; + $pattern[1] = '@'; + if ($config['prohibadminmailcreation']) { + $pattern[2] = 'admin'; + $pattern[3] = 'noreply'; + $pattern[4] = 'info'; + $pattern[5] = 'webmaster'; + } + $newmailusername = str_replace($pattern, "", $newmailusername); + $newmailusernamefull = $newmailusername . '@' . $newmaildomain; + if (!filter_var($newmailusernamefull, FILTER_VALIDATE_EMAIL)) { + // nicht ordentliche EmailAdresse + header("Location: createmailpre.php?wrongsymbols=1"); + exit; + } + if(strpos($newmailusername, "'") !== false) { + if ($admin == 1) { + header("Location: ../admin.php?fehler=Falsche Zeichen in Adresse"); + exit; + } else { + header("Location: createmailpre.php?wrongsymbols=1"); + exit; + } + } + if (strpos($newmailpw, "'") !== false) { + if ($admin == 1) { + header("Location: ../admin.php?fehler=Falsche Zeichen in Passwort"); + exit; + } else { header("Location: createmailpre.php?wrongsymbols=1"); exit; } - if(strpos($newmailusername, "'") !== false) { - if ($admin == 1) { - header("Location: ../admin.php?fehler=Falsche Zeichen in Adresse"); - exit; - } else { - header("Location: createmailpre.php?wrongsymbols=1"); - exit; - } - } - if (strpos($newmailpw, "'") !== false) { - if ($admin == 1) { - header("Location: ../admin.php?fehler=Falsche Zeichen in Passwort"); - exit; - } else { - header("Location: createmailpre.php?wrongsymbols=1"); - exit; - } - } - if (strlen($newmailpw) >= 8) { - if ($newmailpw == $newmailpwrep) { - $abfrage = "SELECT 1 FROM `virtual_users` WHERE `email` = :newmailusernamefull"; - $sth = $dbh->prepare($abfrage); - $sth->execute(array('newmailusernamefull' => $newmailusernamefull)); - $result = $sth->fetchAll(); - if ($result[0][1] !== 1) { - $newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]); - $createdtimestamp = date("Y-m-d H:i:s"); - if ($config['maildirencryption']) { - $eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`, `pre-pw-key`, `pw-key`, `admin`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '1', '$createdtimestamp', '0', '0', '0')"; // Maildaten in MailServer DB eintragen - $sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert. - $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' =>$newmailusername)); - $maildirpath = $config['mailfolderpath'] . $newmailusername; - umask(0); - mkdir($maildirpath, 0770); - exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($newmailusernamefull)); - $eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `email` LIKE :newmailusernamefull"; - } - else { - $eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '0', '$createdtimestamp')"; // Maildaten in MailServer DB eintragen - $sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert. - $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' => $newmailusername)); - $maildirpath = $config['mailfolderpath'] . $newmailusername; - umask(0); - mkdir($maildirpath, 0770); - } + } + if (strlen($newmailpw) >= 8) { + if ($newmailpw == $newmailpwrep) { + $abfrage = "SELECT 1 FROM `accounts` WHERE `username` = :newmailusername AND `domain` = :newmaildomain"; + $sth = $dbh->prepare($abfrage); + $sth->execute(array(':newmailusername' => $newmailusername, ':newmaildomain' => $newmaildomain)); + $result = $sth->fetchAll(); + //print_r($result); + if ($result[0][1] !== 1) { + $newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]); + //$createdtimestamp = date("Y-m-d H:i:s"); + // if ($config['maildirencryption']) { + // $eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`, `pre-pw-key`, `pw-key`, `admin`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '1', '$createdtimestamp', '0', '0', '0')"; // Maildaten in MailServer DB eintragen + // $sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert. + // $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' =>$newmailusername)); + // $maildirpath = $config['mailfolderpath'] . $newmailusername; + // umask(0); + // mkdir($maildirpath, 0770); + // exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($newmailusernamefull)); + // $eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `email` LIKE :newmailusernamefull"; + // } + //else { + $eintrag = "INSERT INTO `accounts` (`username`, `domain`, `password`, `quota`, `enabled`, `forcepwreset`, `sendonly`, `admin`) VALUES (:newmailusername, :newmaildomain, :newmailpwhashed, '2048', '1', :forcepwreset, '0', '0')"; // Maildaten in MailServer DB eintragen $sth = $dbh->prepare($eintrag); - $sth->execute(array(':newmailusernamefull' => $newmailusernamefull)); + $sth->execute(array(':newmailusername' => $newmailusername, ':newmaildomain' => $newmaildomain, ':newmailpwhashed' => $newmailpwhashed, ':forcepwreset' => $newmailforcepwreset)); + //$maildirpath = $config['mailfolderpath'] . $newmailusername; + // umask(0); + // mkdir($maildirpath, 0770); + //} + //$sth = $dbh->prepare($eintrag); + //$sth->execute(array(':newmailusernamefull' => $newmailusernamefull)); + if ($config['sendactivationinfo']) { $adminmailadress = $config['adminadress']; $adresse = $config['domain'] . '/admin.php'; // eine Mail an den Admin verschicken, damit er die Mail freischalten kann mail($adminmailadress, "Neue Mailadresse erstellt", "Eine neue Mailadresse wurde erstellt und muss freigeschaltet werden. \n \n" . htmlspecialchars($newmailusernamefull) . "\n " . $adresse, "From: mailservice"); - if ($admin == 1) { - header("Location: ../admin.php?success=1"); - exit; - } else { - header("Location: ../index.php"); - exit; - } - exit; - } else { // Emailadresse ist bereits registriert - if ($admin == 1) { - header("Location: ../admin.php?fehler=Mail besteht schon"); - exit; - } else { - header("Location: createmailpre.php?mailalreadytaken=1"); - exit; - } } - } - else { if ($admin == 1) { - header("Location: ../admin.php?fehler=PW nicht gleich"); + header("Location: ../admin.php?success=1"); exit; } else { - header("Location: createmailpre.php?pwnotequal=1"); + header("Location: ../index.php"); + exit; + } + exit; + } else { // Emailadresse ist bereits registriert + if ($admin == 1) { + header("Location: ../admin.php?fehler=Mail besteht schon"); + exit; + } else { + header("Location: createmailpre.php?mailalreadytaken=1"); exit; } } - } else { // Passwort zu kurz + } + else { if ($admin == 1) { - header("Location: ../admin.php?fehler=PW zu kurz"); + header("Location: ../admin.php?fehler=PW nicht gleich"); exit; } else { - header("Location: createmailpre.php?pwtooshort=1"); + header("Location: createmailpre.php?pwnotequal=1"); exit; } } + } else { // Passwort zu kurz + if ($admin == 1) { + header("Location: ../admin.php?fehler=PW zu kurz"); + exit; + } else { + header("Location: createmailpre.php?pwtooshort=1"); + exit; + } } - session_start(); - if ($_SESSION['log'] == 1 AND $_SESSION['admin'] == 1) { - createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 1); - } +} +session_start(); +if ($_SESSION['log'] == 1 AND $_SESSION['admin'] == 1) { + //print_r($_POST); + createmailuser($_POST['newmailusername'], $_POST['newmaildomainid'], $_POST['newmailpw'], $_POST['newmailpwrep'], $_POST['forcepwreset'], 1); + header("Location: ../admin.php"); + exit; +} +if ($config['allowregistration']) { if ($_POST['captchacode'] == $_SESSION['captchacode']) { - createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 0); + createmailuser($_POST['newmailusername'], $_POST['newmaildomainid'], $_POST['newmailpw'], $_POST['newmailpwrep'], $_POST['forcepwreset'], 0); } elseif ($_POST['captchacode'] != $_SESSION['captchacode']) { header("Location: createmailpre.php?wrongcaptchacode=1"); diff --git a/public/bin/deactivatemail.php b/public/bin/deactivatemail.php index f096646..b6b4013 100644 --- a/public/bin/deactivatemail.php +++ b/public/bin/deactivatemail.php @@ -24,10 +24,11 @@ try { session_start(); if ($_SESSION['log'] == 1 && $_SESSION['admin']) { $mailuserID = $_POST['mailuserID']; - $eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `id` LIKE :mailuserID"; + $eintrag = "UPDATE `accounts` SET `enabled`='0' WHERE `id` LIKE :mailuserID"; $sth = $dbh->prepare($eintrag); $sth->execute(array(':mailuserID' => $mailuserID)); header("Location: ../admin.php?success=1"); exit; } header("Location: ../index.php"); +?> \ No newline at end of file diff --git a/public/bin/deletemail.php b/public/bin/deletemail.php index c2a3e64..a5d8ac4 100644 --- a/public/bin/deletemail.php +++ b/public/bin/deletemail.php @@ -47,16 +47,17 @@ if ($_SESSION['log'] == 1) { else { $mailuserID = $_SESSION['mailID']; } - $abfrage = "SELECT `username` FROM `virtual_users` WHERE `id` = :mailuserID"; - $sth = $dbh->prepare($abfrage); - $sth->execute(array('mailuserID' => $mailuserID)); - $result = $sth->fetchAll(); - $eintrag = "DELETE FROM `mailserver`.`virtual_users` WHERE `id` LIKE :mailuserID"; + $eintrag = "DELETE FROM `accounts` WHERE `id` LIKE :mailuserID"; $sth = $dbh->prepare($eintrag); $sth->execute(array(':mailuserID' => $mailuserID)); - $maildirpath = $config['mailfolderpath'] . $result[0]['username']; - delete_directory($maildirpath); - header("Location: ../admin.php?success=1"); + //$maildirpath = $config['mailfolderpath'] . $result[0]['username']; + //delete_directory($maildirpath); + if ($_SESSION['admin'] == 1) { + header("Location: ../admin.php?success=1"); + } + else { + header("Location: ../logout.php"); + } exit; } header("Location: ../index.php"); diff --git a/public/bin/dellist.php b/public/bin/dellist.php index ea81218..82f5e1b 100644 --- a/public/bin/dellist.php +++ b/public/bin/dellist.php @@ -22,11 +22,23 @@ try { echo 'Connection failed'; } session_start(); -if ($_SESSION['log'] == 1 && $_SESSION['admin']) { - $eintrag = "DELETE FROM `mailserver`.`virtual_aliases` WHERE `id` LIKE :maillistid"; +if ($_SESSION['log'] == 1) { + if (!$_SESSION['admin']) { + $abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain AND alias_id LIKE :editlistid"; + $result = $dbh->prepare($abfrage); + $result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain'], ':editlistid' => $_GET['editlistid'])); + if ($result->rowCount() <= 0) { + header("Location: maillistsettings.php"); + exit; + } + } + $eintrag = "DELETE FROM `aliases` WHERE `alias_id` LIKE :aliasid; DELETE FROM `alias_owner` WHERE `alias_id` LIKE :aliasid; DELETE FROM `alias_details` WHERE `id` LIKE :aliasid"; $sth = $dbh->prepare($eintrag); - $sth->execute(array(':maillistid' => $_GET['dellistid'])); + $sth->execute(array(':aliasid' => $_GET['dellistid'])); header("Location: maillistsettings.php"); exit; +} else { + header("Location: ../index.php"); + exit; } ?> \ No newline at end of file diff --git a/public/bin/editlist.php b/public/bin/editlist.php index 879f15e..53e6eb1 100644 --- a/public/bin/editlist.php +++ b/public/bin/editlist.php @@ -22,11 +22,43 @@ try { echo 'Connection failed'; } session_start(); -if ($_SESSION['log'] == 1 && $_SESSION['admin']) { - $eintrag = "UPDATE `virtual_aliases` SET `source` = :newsource, `destination` = :newdestination, `owner` = :newowner, `private` = :newprivate, `name` = :newname WHERE `id` LIKE :editlistid"; +if ($_SESSION['log'] == 1) { + if (!$_SESSION['admin']) { + $abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain AND alias_id LIKE :editlistid"; + $result = $dbh->prepare($abfrage); + $result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain'], ':editlistid' => $_POST['editlistid'])); + if ($result->rowCount() <= 0) { + header("Location: maillistsettings.php"); + exit; + } + } + $newlistowner = explode('@', $_POST['newlistowner']); + $eintrag = "UPDATE `alias_details` SET `name` = :newlistname, `owners` = :owners, `destinations` = :destinations, `security` = :security WHERE `id` LIKE :editlistid"; // Aliasdaten in MailServer DB eintragen $sth = $dbh->prepare($eintrag); - $sth->execute(array('newsource' => $_POST['newlistsource'], 'newdestination' => $_POST['newlistdestination'], 'newowner' => $_POST['newlistownerid'], 'newprivate' => $_POST['newlistprivate'], 'newname' => $_POST['newlistname'], 'editlistid' => $_POST['editlistid'])); + $sth->execute(array(':newlistname' => $_POST['newlistname'], ':owners' => $_POST['newlistowners'], ':destinations' => $_POST['newlistdestinations'], ':security' => $_POST['newlistsecurity'], ':editlistid' => $_POST['editlistid'])); + $newlistsource = explode('@', $_POST['newlistsource']); + $eintrag = "DELETE FROM `alias_owner` WHERE `alias_id` LIKE :aliasid"; + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':aliasid' => $_POST['editlistid'])); + foreach (explode(' ', $_POST['newlistowners']) as $maillistowner) { + $maillistownerex = explode('@', $maillistowner); + $eintrag = "INSERT INTO `alias_owner` (`alias_id`, `owner_username`, `owner_domain`) VALUES (:aliasid, :owner_username, :owner_domain)"; // Aliasdaten in MailServer DB eintragen + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':aliasid' => $_POST['editlistid'], ':owner_username' => $maillistownerex[0], ':owner_domain' => $maillistownerex[1])); + } + $eintrag = "DELETE FROM `aliases` WHERE `alias_id` LIKE :aliasid"; + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':aliasid' => $_POST['editlistid'])); + foreach (explode(' ', $_POST['newlistdestinations']) as $maillistdestination) { + $maillistdestinationex = explode('@', $maillistdestination); + $eintrag = "INSERT INTO `aliases` (`alias_id`, `source_username`, `source_domain`, `destination_username`, `destination_domain`) VALUES (:aliasid, :source_username, :source_domain, :destination_username, :destination_domain)"; // Aliasdaten in MailServer DB eintragen + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':aliasid' => $_POST['editlistid'], ':source_username' => $newlistsource[0], ':source_domain' => $newlistsource[1], ':destination_username' => $maillistdestinationex[0], ':destination_domain' => $maillistdestinationex[1])); + } header("Location: maillistsettings.php"); exit; +} else { + header("Location: ../index.php"); + exit; } ?> \ No newline at end of file diff --git a/public/bin/editlistpre.php b/public/bin/editlistpre.php index 76bd5ca..decb411 100644 --- a/public/bin/editlistpre.php +++ b/public/bin/editlistpre.php @@ -22,40 +22,53 @@ try { echo 'Connection failed'; } session_start(); -if ($_SESSION['log'] == 1 && $_SESSION['admin']) { +if ($_SESSION['log']) { + if (!$_SESSION['admin']) { + $abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain AND alias_id LIKE :editlistid"; + $result = $dbh->prepare($abfrage); + $result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain'], ':editlistid' => $_GET['editlistid'])); + if ($result->rowCount() <= 0) { + header("Location: maillistsettings.php"); + exit; + } + } echo ' Mailliste editieren

Zurück zur Maillistoberfläche (Editieren abbrechen)


'; - $abfrage = "SELECT `source`, `destination`, `owner`, `private`, `name` FROM `virtual_aliases` WHERE `id` LIKE :editlistid"; + $abfrage = "SELECT `name`, `owners`, `security` FROM `alias_details` WHERE `id` LIKE :editlistid"; $result = $dbh->prepare($abfrage); - $result->execute(array('editlistid' => $_GET['editlistid'])); + $result->execute(array(':editlistid' => $_GET['editlistid'])); while ($lists = $result->fetch()) { + $abfrage2 = "SELECT `source_username`, `source_domain` FROM `aliases` WHERE `alias_id` LIKE :aliasid"; + $result2 = $dbh->prepare($abfrage2); + $result2->execute(array(':aliasid' => $_GET['editlistid'])); + $listdetails = $result2->fetch(); echo'
- - +
+ -
@@ -63,5 +76,8 @@ if ($_SESSION['log'] == 1 && $_SESSION['admin']) { '; } +} else { + header("Location: ../index.php"); + exit; } ?> \ No newline at end of file diff --git a/public/bin/forcedpwreset.php b/public/bin/forcedpwreset.php new file mode 100644 index 0000000..892d7f1 --- /dev/null +++ b/public/bin/forcedpwreset.php @@ -0,0 +1,39 @@ +. */ +$config = parse_ini_file('../../private/config.ini'); +try { + $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); +} catch (PDOException $e) { + //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen + echo 'Connection failed'; +} +session_start(); +if ($_SESSION['log']) { + header("Location: ../settings.php"); + exit; +} +if ($_SESSION['forcepwreset']) { + echo '

Du musst erstmal dein Passwort ändern:

+ + + + +
'; + echo '
'; +} +else header("Location: ../index.php"); +?> \ No newline at end of file diff --git a/public/bin/maillistsettings.php b/public/bin/maillistsettings.php index 55cafb0..36f000b 100644 --- a/public/bin/maillistsettings.php +++ b/public/bin/maillistsettings.php @@ -22,46 +22,82 @@ try { echo 'Connection failed'; } session_start(); -if ($_SESSION['log'] == 1 && $_SESSION['admin']) { +if ($_SESSION['log'] == 1) { + if (!$_SESSION['admin']) { + $aliasids = ""; + $abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain"; + $result = $dbh->prepare($abfrage); + $result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain'])); + if ($result->rowCount() <= 0) { + header("Location: ../settings.php"); + exit; + } + while ($aliases = $result->fetch()) { + $aliasids = $aliasids . $aliases['alias_id'] . '|'; + } + } echo ' Maillist Einstellung -

Maillinglisten Einstellungen

-

Zurück zur Adminoberfläche


-
- - - + +
+ +
+
+

Bestehende Listen:

'; } - echo '
- -
- -
-

Bestehende Listen:

- '; - $abfrage = "SELECT `id`, `source`, `destination`, `owner`, `private`, `name` FROM `virtual_aliases`"; - $result = $dbh->query($abfrage); - echo ''; + else { + echo '

Zurück


Meine bestehenden Listen:

'; + } + if ($_SESSION['admin']) { + $abfrage = "SELECT `id`, `name`, `owners`, `destinations`, `security` FROM `alias_details`"; + $result = $dbh->query($abfrage); + } + else { + $abfrage = "SELECT `id`, `name`, `owners`, `destinations`, `security` FROM `alias_details` WHERE `id` REGEXP :aliasid"; + $result = $dbh->prepare($abfrage); + $result->execute(array(':aliasid' => substr($aliasids, 0, -1))); + } + echo '
ListennameListenadresseListenempfängerListenbesitzerListensicherheitOptionen
'; while ($lists = $result->fetch()) { - $abfrage2 = "SELECT `email` FROM `virtual_users` WHERE `id` LIKE :ownerid"; - $sth = $dbh->prepare($abfrage2); - $sth->execute(array('ownerid' => $lists['owner'])); - $result2 = $sth->fetchAll(); - echo ''; + $abfrage2 = "SELECT `source_username`, `source_domain` FROM `aliases` WHERE `alias_id` LIKE :aliasid"; + $result2 = $dbh->prepare($abfrage2); + $result2->execute(array(':aliasid' => $lists['id'])); + $listdetails = $result2->fetch(); + echo ''; } echo '
ListennameListenadresseListenempfängerListenbesitzerListensicherheitOptionen
' . $lists['name'] . '' . $lists['source'] . '' . $lists['destination'] . '' . $result2[0]['email'] . '' . $lists['private'] . 'Löschen
Editieren
' . $lists['name'] . '' . $listdetails['source_username'] . '@' . $listdetails['source_domain'] . ''; + foreach (explode(' ', $lists['destinations']) as $destination) { + echo $destination . '
'; + } + echo '		'; + foreach (explode(' ', $lists['owners']) as $owner) { + echo $owner . '
'; + } + echo '		' . $lists['security'] . 'Löschen
Editieren
'; echo ' '; } +else { + header("Location: ../index.php"); + exit; +} ?> \ No newline at end of file diff --git a/public/bin/unsubmaillist.php b/public/bin/unsubmaillist.php new file mode 100644 index 0000000..5efd6b8 --- /dev/null +++ b/public/bin/unsubmaillist.php @@ -0,0 +1,65 @@ +. */ +$config = parse_ini_file('../../private/config.ini'); +try { + $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); +} catch (PDOException $e) { + //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen + echo 'Connection failed'; +} +$eintrag = "DELETE FROM `alias_del_requests` WHERE DATEDIFF(NOW(), `created`) > :datediff"; +$sth = $dbh->prepare($eintrag); +$sth->execute(array(':datediff' => $config['deletedelrequestdaydiff'])); +if (isset($_GET['token'])) { + $abfrage = "SELECT `alias_id`, `destination_username`, `destination_domain` FROM `alias_del_requests` WHERE `token` LIKE :token"; + $result = $dbh->prepare($abfrage); + $result->execute(array(':token' => $_GET['token'])); + if ($result->rowCount() > 0) { + $daten = $result->fetch(); + $aliasid = $daten['alias_id']; + $destination_username = $daten['destination_username']; + $destination_domain = $daten['destination_domain']; + $eintrag = "DELETE FROM `aliases` WHERE `alias_id` LIKE :aliasid AND `destination_username` LIKE :destination_username AND `destination_domain` LIKE :destination_domain"; + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':aliasid' => $aliasid, ':destination_username' => $destination_username, ':destination_domain' => $destination_domain)); + + // Destinationszeile neu generieren (würde bestimmt einfacher gehen) + $abfrage2 = "SELECT `destination_username`, `destination_domain` FROM `aliases` WHERE `alias_id` LIKE :aliasid"; + $result2 = $dbh->prepare($abfrage2); + $result2->execute(array(':aliasid' => $aliasid)); + $listdestinations = ""; + while ($listdestination = $result2->fetch()) { + $listdestinations = $listdestinations . $listdestination['destination_username'] . '@' . $listdestination['destination_domain'] . ' '; + } + $eintrag = "UPDATE `alias_details` SET `destinations` = :destinations WHERE `id` LIKE :aliasid"; + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':destinations' => substr($listdestinations, 0, -1), ':aliasid' => $aliasid)); + $eintrag = "DELETE FROM `alias_del_requests` WHERE `token` LIKE :token"; + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':token' => $_GET['token'])); + print_r($_GET['token']); + header("Location: ../unsub.php?success=1"); + exit; + } else { + header("Location: ../unsub.php?unknowntoken=1"); + exit; + } +} else { + header("Location: ../index.php"); + exit; +} +?> \ No newline at end of file diff --git a/public/bin/unsubmaillistpre.php b/public/bin/unsubmaillistpre.php new file mode 100644 index 0000000..7cd9e14 --- /dev/null +++ b/public/bin/unsubmaillistpre.php @@ -0,0 +1,77 @@ +. */ +use PHPMailer\PHPMailer\PHPMailer; +use PHPMailer\PHPMailer\Exception; +require '../vendor/autoload.php'; +$config = parse_ini_file('../../private/config.ini'); +try { + $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); +} catch (PDOException $e) { + //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen + echo 'Connection failed'; +} +$destination = explode('@', $_POST['destination_adress']); +$source = explode('@', $_POST['source_adress']); +$abfrage = "SELECT `alias_id` FROM `aliases` WHERE `source_username` LIKE :source_username AND `source_domain` LIKE :source_domain AND `destination_username` LIKE :destination_username AND `destination_domain` LIKE :destination_domain"; +$result = $dbh->prepare($abfrage); +$result->execute(array(':source_username' => $source[0], ':source_domain' => $source[1], ':destination_username' => $destination[0], ':destination_domain' => $destination[1])); +if ($result->rowCount() > 0) { + $aliasid = $result->fetch()['alias_id']; + $eintrag = "DELETE FROM `alias_del_requests` WHERE `alias_id` LIKE :aliasid AND `destination_username` LIKE :destination_username AND `destination_domain` LIKE :destination_domain"; + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':aliasid' => $aliasid, ':destination_username' => $destination[0], ':destination_domain' => $destination[1])); // eventuell bestehenden Token löschen + $token = bin2hex(openssl_random_pseudo_bytes(16)); // Token zur abmeldung erstellen + $date = date("Y-m-d H:i:s"); // Datum der Tokenerstellung für automatische löschung speichern + $eintrag = "INSERT INTO `alias_del_requests` (`alias_id`, `destination_username`, `destination_domain`, `token`, `created`) VALUES (:aliasid, :destination_username, :destination_domain, :token, :created)"; + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':aliasid' => $aliasid, ':destination_username' => $destination[0], ':destination_domain' => $destination[1], ':token' => $token, ':created' => $date)); + $mail = new PHPMailer(true); + try { + $mail->CharSet = 'UTF-8'; + $mail->Encoding = 'base64'; + //Server settings + $mail->SMTPDebug = 0; + $mail->isSMTP(); // Set mailer to use SMTP + $mail->Host = $config['mailsmtpserver']; // Specify main and backup SMTP servers + $mail->SMTPAuth = true; // Enable SMTP authentication + $mail->Username = $config['mailadress']; // SMTP username + $mail->Password = $config['mailpw']; // SMTP password + $mail->SMTPSecure = 'tls'; + $mail->Port = 587; // TCP port to connect to + + //Recipients + $mail->setFrom($config['mailadress']); + $mail->addAddress($_POST['destination_adress']); + + // Content + $mail->isHTML(true); + $mail->Subject = 'Aus Liste ' . htmlspecialchars($_POST['source_adress']) . ' abmelden'; + $mail->Body = 'Eine Anfrage zur Abmeldung dieser Adresse aus ' . htmlspecialchars($_POST['source_adress']) . ' wurde erstellt.
Abmeldung abschließen' . '
Der Link ist 2 Tage gültig
Schade, dass du gehst. Bis dahin.'; + $mail->AltBody = 'Eine Anfrage zur Abmeldung dieser Adresse aus ' . htmlspecialchars($_POST['source_adress']) . ' wurde erstellt. Hier kannst du die Abmeldung abschließen: https://mail.cloud.sdaj.org/bin/unsubmaillist.php?token=' . $token . 'Der Link ist 2 Tage gültig Schade, dass du gehst. Bis dahin.'; + + $mail->send(); + } catch (Exception $e) { + echo "Message could not be sent."; + } + header("Location: ../unsub.php?mailsent=1"); + exit; +} +else { + header("Location: ../unsub.php?mailsent=1"); + exit; +} +?> \ No newline at end of file diff --git a/public/index.php b/public/index.php index 645215b..a8b6ba4 100644 --- a/public/index.php +++ b/public/index.php @@ -19,23 +19,39 @@ $config = parse_ini_file('../private/config.ini'); if (!isset($_SESSION['log']) OR $_SESSION['log'] != 1) { echo ' + Login '; if (isset($_GET['badlogin'])) { echo '

falsche Logindaten

'; } + if (isset($_GET['pwnotequal'])) { + echo '

Passwörter nicht gleich!

Nochmal'; + } + if (isset($_GET['pwtoshort'])) { + echo '

eingegebe Passwörter sind zu kurz!

Nochmal'; + } + if (isset($_GET['pwmissmatch'])) { + echo '

Das eingegebene aktulle Passwort stimmt nicht!

Nochmal'; + } + if (isset($_GET['wrongsymbols'])) { + echo '

eingegebe Passwörter enthalten unerlaubte Symbole!

Nochmal'; + } + if (isset($_GET['newpwequal'])) { + echo '

Das neue Passwort entspricht dem alten!

Nochmal'; + } echo '

Webmail

Config-Login:

- - + +
'; if ($config['allowregistration']) { echo '

Neues Konto erstellen:

'; } - echo ' + echo 'Von einer Maillingliste abmelden '; diff --git a/public/login.php b/public/login.php index bdd2d80..ff1ca55 100644 --- a/public/login.php +++ b/public/login.php @@ -22,20 +22,27 @@ try { //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen echo 'Connection failed'; } -$user = $_POST['username']; +$user = explode('@', $_POST['username']); $pw = $_POST['password']; -$abfrage = "SELECT `id`, `password`, `email`, `username`, `admin` FROM `virtual_users` WHERE `email` = :username AND `active`='1'"; +$abfrage = "SELECT `id`, `password`, `forcepwreset`, `admin` FROM `accounts` WHERE `username` = :username AND `domain` = :domain AND `enabled`='1' OR (`enabled`='0' AND `forcepwreset`='1')"; $sth = $dbh->prepare($abfrage); -$sth->execute(array(':username' => $user)); +$sth->execute(array(':username' => $user[0], ':domain' => $user[1])); $userdata = $sth->fetchAll(); if ($sth->rowCount() > 0) { if (password_verify($pw, $userdata[0]['password'])) { - $_SESSION['log'] = 1; - $_SESSION['username'] = $userdata[0]['username']; - $_SESSION['email'] = $userdata[0]['email']; + $_SESSION['username'] = $user[0]; + $_SESSION['domain'] = $user[1]; $_SESSION['admin'] = $userdata[0]['admin']; $_SESSION['mailID'] = $userdata[0]['id']; + if ($userdata[0]['forcepwreset']) { + $_SESSION['forcepwreset'] = 1; + $_SESSION['log'] = 0; + header("Location: bin/forcedpwreset.php"); + exit; + } + $_SESSION['forcepwreset'] = 0; + $_SESSION['log'] = 1; header("Location: settings.php"); exit; } diff --git a/public/settings.php b/public/settings.php index 09bc910..60a3b6e 100644 --- a/public/settings.php +++ b/public/settings.php @@ -25,10 +25,15 @@ session_start(); if ($_SESSION['log'] == 1) { echo ' - Roteserver - Mail Settings + Mail Settings -

Mail Settings:

'; +

Mail Settings:

Guten Tag, ' . htmlentities($_SESSION['username']) . '@' . htmlentities($_SESSION['domain']) . '

'; + $randval = rand(0, 99); + echo ''; + if (rand(0,99) == 42) { + echo '
'; + } if (isset($_GET['success'])) { echo '

Erfolgreich geändert.

'; } @@ -36,21 +41,30 @@ if ($_SESSION['log'] == 1) { echo '

Passwörter nicht gleich!

'; } if ($_SESSION['admin'] == 1) { - echo '

Admin-Settings

'; + echo '

Admin-Settings (inklusive Maillisten)

'; + } + else { + $abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain"; + $result = $dbh->prepare($abfrage); + $result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain'])); + if ($result->rowCount() > 0) { + echo '

Meine Maillisten verwalten

'; + } } echo ''; echo '

Passwort ändern:

- - - - - -

Mailadresse löschen:

+ + + '; + if ($config['maildirencryption']) { + echo ''; + } + echo '
+

Diese Mailadresse löschen:

'; - echo ' '; exit; diff --git a/public/unsub.php b/public/unsub.php new file mode 100644 index 0000000..53d9151 --- /dev/null +++ b/public/unsub.php @@ -0,0 +1,53 @@ +. */ +$config = parse_ini_file('../private/config.ini'); +try { + $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); +} catch (PDOException $e) { + //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen + echo 'Connection failed'; +} +$eintrag = "DELETE FROM `alias_del_requests` WHERE DATEDIFF(NOW(), `created`) > :datediff"; +$sth = $dbh->prepare($eintrag); +$sth->execute(array(':datediff' => $config['deletedelrequestdaydiff'])); +echo ' + + Abmelden + + '; +if (isset($_GET['unknowntoken'])) { + echo '

Unbekannter Abmeldetoken. Erneut veruschen?

'; +} +if (isset($_GET['mailsent'])) { + echo '

Falls die angegebene E-Mail-Adresse auf der Mailingliste steht, haben wir dir eine Email mit einem Link zur Bestätigung deiner Abmeldung geschickt. Der Link in der Mail ist 2 Tage gültig

'; +} +if (isset($_GET['success'])) { + echo '

Erfolgreich abgemeldet

'; +} +echo '

Mailliste Abmeldung:

+
+ + + +
'; +echo ' +'; +?> \ No newline at end of file