hmrhkr
/
Mailadminscript
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'vps-rewrite' into 'master' 

Vps rewrite

See merge request Humorhenker/mailadminscript!1
This commit is contained in:
Paul 2019-11-25 23:11:11 +00:00
parent cb81230798 df0493007b
commit 14ca7e64ae
20 changed files with 697 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
private/config.ini
View File

@ -8,4 +8,13 @@ dbname =
mailfolderpath = mailfolderpath =
maildirencryption = maildirencryption =
captcha = captcha =
allowregistration = allowregistration =
adminadress =
deletedelrequestdaydiff =
sendactivationinfo =
prohibadminmailcreation =
[mailserver]
mailsmtpserver=""
mailadress=""
mailpw=''

45
public/admin.php
View File

@ -25,7 +25,7 @@ session_start();
if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) { if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
echo '<html> echo '<html>
<head> <head>
<title>Roteserver - Mail Admin Settings</title> <title>Mail Admin Settings</title>
</head> </head>
<body> <body>
<h1>Mail Admin Settings:</h1>'; <h1>Mail Admin Settings:</h1>';
@ -33,16 +33,16 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
echo 'Erfolgreich geändert.'; echo 'Erfolgreich geändert.';
} }
if (isset($_GET['fehler'])) { if (isset($_GET['fehler'])) {
echo '<h3>Fehler: ' . $_GET['fehler'] . '</h3>'; echo '<h3>Fehler: ' . htmlentities($_GET['fehler']) . '</h3>';
} }
echo '<a href="settings.php"><p>Normale Einstellungen</p></a><a href="logout.php"><button>Logout</button></a>'; echo '<a href="settings.php"><p>Normale Einstellungen</p></a><a href="logout.php"><button>Logout</button></a>';
echo '<h3>Mailadresse aktivieren:</h3> echo '<h3>Mailadresse aktivieren:</h3>
<form name="activatemail" method=POST action="bin/activatemail.php"> <form name="activatemail" method=POST action="bin/activatemail.php">
<label>Activate Mail:<select name="mailuserID">'; <label>Activate Mail:<select name="mailuserID">';
$abfrage = "SELECT `id`, `email` FROM `virtual_users` WHERE `active` LIKE 0"; $abfrage = "SELECT `id`, `username`, `domain` FROM `accounts` WHERE `enabled` LIKE 0 ORDER by `domain`, `username` ASC";
$result = $dbh->query($abfrage); $result = $dbh->query($abfrage);
while ($emails = $result->fetch()) { while ($emails = $result->fetch()) {
echo '<option value="' . $emails['id'] . '">' . $emails['email'] . '</option>'; echo '<option value="' . htmlentities($emails['id']) . '">' . htmlentities($emails['username']) . '@' . htmlentities($emails['domain']) . '</option>';
} }
echo '</select></label> echo '</select></label>
<input type="submit" name="submit" value="aktivieren"/>'; <input type="submit" name="submit" value="aktivieren"/>';
@ -51,34 +51,59 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
<h3>Mailadresse deaktivieren:</h3> <h3>Mailadresse deaktivieren:</h3>
<form name="deactivatemail" method=POST action="bin/deactivatemail.php"> <form name="deactivatemail" method=POST action="bin/deactivatemail.php">
<label>Deactivate Mail:<select name="mailuserID">'; <label>Deactivate Mail:<select name="mailuserID">';
$abfrage = "SELECT `id`, `email` FROM `virtual_users` WHERE `active` LIKE 1"; $abfrage = "SELECT `id`, `username`, `domain` FROM `accounts` WHERE `enabled` LIKE 1 ORDER by `domain`, `username` ASC";
$result = $dbh->query($abfrage); $result = $dbh->query($abfrage);
while ($emails = $result->fetch()) { while ($emails = $result->fetch()) {
echo '<option value="' . $emails['id'] . '">' . $emails['email'] . '</option>'; echo '<option value="' . htmlentities($emails['id']) . '">' . htmlentities($emails['username']) . '@' . htmlentities($emails['domain']) . '</option>';
} }
echo '</select></label> echo '</select></label>
<input type="submit" name="submit" value="deaktivieren"/> <input type="submit" name="submit" value="deaktivieren"/>
</form> </form>
<h3>Emailadresse hinzufügen:</h3> <h3>Emailadresse hinzufügen:</h3>
<form name="createmailuser" method=POST action="bin/createmailuser.php"> <form name="createmailuser" method=POST action="bin/createmailuser.php">
<label>Neue email<input type="text" name="newmailusername"/>@roteserver.de (benutze nicht ' . "'" . ')</label> <label>Neue email<input type="text" name="newmailusername"/>@<select name="newmaildomainid">';
$abfrage = "SELECT `id`, `domain` FROM `domains` ORDER by `preselectorder` DESC, `domain` ASC";
$result = $dbh->query($abfrage);
while ($domains = $result->fetch()) {
echo '<option value="' . htmlentities($domains['id']) . '">' . htmlentities($domains['domain']) . '</option>';
}
echo '</select> (benutze nicht ' . "'" . ')</label>
<label>Neues Passwort<input type="password" name="newmailpw"/>(min. 8 Zeichen, benutze nicht ' . "'" . ')</label> <label>Neues Passwort<input type="password" name="newmailpw"/>(min. 8 Zeichen, benutze nicht ' . "'" . ')</label>
<label>Neues Passwort wiederholen<input type="password" name="newmailpwrep"/></label> <label>Neues Passwort wiederholen<input type="password" name="newmailpwrep"/></label>
<label>Passwortänderung erzwingen:<input type="checkbox" name="forcepwreset" value="1"/></label>
<input type="submit" name="submit" value="Hinzufügen"/> <input type="submit" name="submit" value="Hinzufügen"/>
</form> </form>
<h3>Passwort einer Email-Adresse ändern:</h3>
<form name="changemailpwadm" method=POST action="bin/changemailpwadm.php">
<label>Zu ändernde Mail:<select name="changemailid">';
$abfrage = "SELECT `id`, `username`, `domain` FROM `accounts` ORDER by `domain`, `username` ASC";
$result = $dbh->query($abfrage);
while ($emails = $result->fetch()) {
echo '<option value="' . htmlentities($emails['id']) . '">' . htmlentities($emails['username']) . '@' . $emails['domain'] . '</option>';
}
echo '</select></label>';
echo '<label>Neues Passwort: <input type="password" name="newmailpw" /></label><label>Neues Passwort wiederholen: <input type="password" name="newmailpwrep" /></label>
<input type="submit" name="submit" value="ÄNDERN"/>
</form>
<h3>Emailadresse entfernen:</h3> <h3>Emailadresse entfernen:</h3>
<form name="deletemail" method=POST action="bin/deletemail.php"> <form name="deletemail" method=POST action="bin/deletemail.php">
<label>Delete Mail:<select name="mailuserID">'; <label>Delete Mail:<select name="mailuserID">';
$abfrage = "SELECT `id`, `email` FROM `virtual_users`"; $abfrage = "SELECT `id`, `username`, `domain` FROM `accounts` ORDER by `domain`, `username` ASC";
$result = $dbh->query($abfrage); $result = $dbh->query($abfrage);
while ($emails = $result->fetch()) { while ($emails = $result->fetch()) {
echo '<option value="' . $emails['id'] . '">' . $emails['email'] . '</option>'; echo '<option value="' . htmlentities($emails['id']) . '">' . htmlentities($emails['username']) . '@' . $emails['domain'] . '</option>';
} }
echo '</select></label> echo '</select></label>
<input type="submit" name="submit" value="ENTFERNEN"/> <input type="submit" name="submit" value="ENTFERNEN"/>
</form> </form>
<a href="bin/maillistsettings.php"><h3>Maillisten Einstellungen</h3></a> <a href="bin/maillistsettings.php"><h3>Maillisten Einstellungen</h3></a>
</body> <table><caption>Emailadressen:</caption><tr><th>Email-Adresse</th><th>quota</th><th>enabled</th><th>sendonly</th><th>forcepwreset</th><th>admin</th></tr>';
$abfrage = "SELECT `id`, `username`, `domain`, `quota`, `enabled`, `sendonly`, `forcepwreset`, `admin` FROM `accounts` ORDER by `domain`, `username` ASC";
$result = $dbh->query($abfrage);
while ($emails = $result->fetch()) {
echo '<tr><td>' . htmlentities($emails['username']) . '@' . htmlentities($emails['domain']) . '</td><td>' . htmlentities($emails['quota']) . '</td><td>' . htmlentities($emails['enabled']) . '</td><td>' . htmlentities($emails['sendonly']) . '</td><td>' . htmlentities($emails['forcepwreset']) . '</td><td>' . htmlentities($emails['admin']) . '</td></tr>';
}
echo '</table></body>
</html>'; </html>';
exit; exit;
} }

2
public/bin/activatemail.php
View File

@ -24,7 +24,7 @@ try {
session_start(); session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) { if ($_SESSION['log'] == 1 && $_SESSION['admin']) {
$mailuserID = $_POST['mailuserID']; $mailuserID = $_POST['mailuserID'];
$eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='1' WHERE `id` LIKE :mailuserID"; $eintrag = "UPDATE `accounts` SET `enabled`='1' WHERE `id` LIKE :mailuserID";
$sth = $dbh->prepare($eintrag); $sth = $dbh->prepare($eintrag);
$sth->execute(array(':mailuserID' => $mailuserID)); $sth->execute(array(':mailuserID' => $mailuserID));
header("Location: ../admin.php?success=1"); header("Location: ../admin.php?success=1");

17
public/bin/addmaillist.php
View File

@ -23,10 +23,23 @@ try {
} }
session_start(); session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) { if ($_SESSION['log'] == 1 && $_SESSION['admin']) {
$eintrag = "INSERT INTO `virtual_aliases` (`domain_id`, `source`, `destination`, `owner`, `private`, `name`) VALUES (1, :source, :destination, :owner, :private, :name)"; // Aliasdaten in MailServer DB eintragen $eintrag = "INSERT INTO `alias_details` (`name`, `owners`, `destinations`, `security`) VALUES (:newlistname, :owners, :destinations, :security)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag); $sth = $dbh->prepare($eintrag);
$sth->execute(array('source' => $_POST['maillistsource'], 'destination' => $_POST['maillistadresses'], 'owner' => $_POST['maillistownerid'], 'private' => $_POST['listprivate'], 'name' => $_POST['maillistname'])); $sth->execute(array(':newlistname' => $_POST['newlistname'], ':owners' => $_POST['newlistowners'], ':destinations' => $_POST['newlistdestinations'], ':security' => $_POST['newlistsecurity']));
$newlistid = $dbh->lastInsertID();
foreach (explode(' ', $_POST['newlistowners']) as $maillistowner) {
$maillistownerex = explode('@', $maillistowner);
$eintrag = "INSERT INTO `alias_owner` (`alias_id`, `owner_username`, `owner_domain`) VALUES (:aliasid, :owner_username, :owner_domain)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $newlistid, ':owner_username' => $maillistownerex[0], ':owner_domain' => $maillistownerex[1]));
} }
foreach (explode(' ', $_POST['newlistdestinations']) as $maillistdestination) {
$maillistdestinationex = explode('@', $maillistdestination);
$eintrag = "INSERT INTO `aliases` (`alias_id`, `source_username`, `source_domain`, `destination_username`, `destination_domain`) VALUES (:aliasid, :source_username, :source_domain, :destination_username, :destination_domain)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $newlistid, ':source_username' => $_POST['newlistsourceadress'], ':source_domain' => $_POST['newlistsourcedomain'], ':destination_username' => $maillistdestinationex[0], ':destination_domain' => $maillistdestinationex[1]));
}
}
header("Location: maillistsettings.php"); header("Location: maillistsettings.php");
exit; exit;
?> ?>

53
public/bin/changemailpw.php
View File

@ -22,51 +22,66 @@ try {
echo 'Connection failed'; echo 'Connection failed';
} }
session_start(); session_start();
if ($_SESSION['log'] == 1) { if ($_SESSION['log'] == 1 or $_SESSION['forcepwreset']) {
if ($_POST['newmailpw'] == $_POST['newmailpwrep']) { if ($_POST['newmailpw'] == $_POST['newmailpwrep']) {
$newmailpw = $_POST['newmailpw']; $newmailpw = $_POST['newmailpw'];
$oldmailpw = $_POST['oldmailpw']; $oldmailpw = $_POST['oldmailpw'];
if (strpos($newmailpw, "'") !== false) { if (strpos($newmailpw, "'") !== false) {
header("Location: settings.php?wrongsymbols=1"); if ($_SESSION['forcepwreset']) header("Location: ../index.php?wrongsymbols=1");
else header("Location: ../settings.php?wrongsymbols=1");
exit; exit;
} }
$mailusername = $_SESSION['email']; $mailusername = $_SESSION['username'];
$abfrage = "SELECT `password` FROM `virtual_users` WHERE `email` = :newmailusernamefull"; $maildomain = $_SESSION['domain'];
$abfrage = "SELECT `password` FROM `accounts` WHERE `username` = :newmailusername AND `domain` = :newmaildomain";
$sth = $dbh->prepare($abfrage); $sth = $dbh->prepare($abfrage);
$sth->execute(array('newmailusernamefull' => $mailusername)); $sth->execute(array(':newmailusername' => $mailusername, ':newmaildomain' => $maildomain));
$result= $sth->fetchAll(); $result= $sth->fetchAll();
$oldpwhashed = $result[0]['password']; $oldpwhashed = $result[0]['password'];
if ($_SESSION['forcepwreset'] and password_verify($newmailpw, $oldpwhashed)) {
header("Location: ../index.php?newpwequal=1");
exit;
}
if (password_verify($oldmailpw, $oldpwhashed)) { if (password_verify($oldmailpw, $oldpwhashed)) {
if (strlen($newmailpw) >= 8) { if (strlen($newmailpw) >= 8) {
$newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]); $newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]);
$eintrag = "UPDATE `virtual_users` SET `password` = :newmailpwhashed WHERE `email` LIKE :mailusername"; $eintrag = "UPDATE `accounts` SET `password` = :newmailpwhashed WHERE `username` LIKE :mailusername AND `domain` LIKE :maildomain";
$sth = $dbh->prepare($eintrag); $sth = $dbh->prepare($eintrag);
$sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'mailusername' => $mailusername)); $sth->execute(array(':newmailpwhashed' => $newmailpwhashed, ':mailusername' => $mailusername, ':maildomain' => $maildomain));
if ($config['maildirencryption']) { //if ($config['maildirencryption']) {
if ($_POST['forcekeyregen']) { // if ($_POST['forcekeyregen']) {
exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($mailusername)); // exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($mailusername));
} // }
else { // else {
exec('sudo -u vmail /usr/bin/doveadm mailbox cryptokey password -o stats_writer_socket_path= -u ' . escapeshellarg($mailusername) . ' -n ' . escapeshellarg($newmailpw) . ' -o' . escapeshellcmd($oldmailpw)); // exec('sudo -u vmail /usr/bin/doveadm mailbox cryptokey password -o stats_writer_socket_path= -u ' . escapeshellarg($mailusername) . ' -n ' . escapeshellarg($newmailpw) . ' -o' . escapeshellcmd($oldmailpw));
} // }
//}
if ($_SESSION['forcepwreset']) {
$_SESSION['forcepwreset'] = 0;
$_SESSION['log'] = 1;
$eintrag = "UPDATE `accounts` SET `forcepwreset` = '0', `enabled` = '1' WHERE `username` LIKE :mailusername AND `domain` LIKE :maildomain";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':mailusername' => $mailusername, ':maildomain' => $maildomain));
} }
header("Location: ../settings.php?success=1"); header("Location: ../settings.php?success=1");
exit; exit;
} }
else { else {
header("Location: ../settings.php?pwtoshort=1"); if ($_SESSION['forcepwreset']) header("Location: ../index.php?pwtoshort=1");
else header("Location: ../settings.php?pwtoshort=1");
exit; exit;
} }
} }
else { else {
header( "Location: ../settings.php?pwmissmatch=1"); if ($_SESSION['forcepwreset']) header("Location: ../index.php?pwmissmatch=1");
else header( "Location: ../settings.php?pwmissmatch=1");
exit; exit;
} }
} }
else { else {
header("Location: ../settings.php?pwnotequal=1"); if ($_SESSION['forcepwreset']) header("Location: ../index.php?pwnotequal=1");
else header("Location: ../settings.php?pwnotequal=1");
exit; exit;
} }
} }
header("Location: index.php"); header("Location: ../index.php");
?>

50
public/bin/changemailpwadm.php Normal file
View File

@ -0,0 +1,50 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
session_start();
if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
if (strpos($_POST['newmailpw'] , "'") !== false) {
header("Location: ../admin.php?wrongsymbols=1");
exit;
}
if ($_POST['newmailpw'] == $_POST['newmailpwrep']) {
if (strlen($_POST['newmailpw'] ) >= 8) {
$newmailpwhashed = password_hash($_POST['newmailpw'] , PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]);
$eintrag = "UPDATE `accounts` SET `password` = :newmailpwhashed WHERE `id` LIKE :id";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':newmailpwhashed' => $newmailpwhashed, ':id' => $_POST['changemailid']));
header("Location: ../settings.php?success=1");
exit;
}
else {
header("Location: ../admin.php?pwtoshort=1");
exit;
}
}
else {
header("Location: ../admin.php?pwnotequal=1");
exit;
}
}
header("Location: index.php");
?>

194
public/bin/createmailuser.php
View File

@ -21,121 +21,131 @@ try {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed'; echo 'Connection failed';
} }
if ($config['allowregistration']) { function createmailuser($newmailusername, $newmaildomainid, $newmailpw, $newmailpwrep, $newmailforcepwreset, $admin) {
global $dbh;
function createmailuser($newmailusername, $newmailpw, $newmailpwrep, $admin) { global $config;
global $dbh; $abfrage = "SELECT domain FROM `domains` WHERE `id` LIKE :newmaildomainid";
global $config; $sth = $dbh->prepare($abfrage);
$pattern = array(); $sth->execute(array(':newmaildomainid' => $newmaildomainid));
$pattern[0] = ' '; $result = $sth->fetchAll();
$pattern[1] = '@'; $newmaildomain = $result[0]['domain'];
$pattern[2] = 'roteserver'; $pattern = array();
$pattern[3] = 'roteserver.de'; $pattern[0] = ' ';
$pattern[4] = 'admin'; $pattern[1] = '@';
$pattern[5] = 'noreply'; if ($config['prohibadminmailcreation']) {
$pattern[6] = 'info'; $pattern[2] = 'admin';
$pattern[7] = 'webmaster'; $pattern[3] = 'noreply';
$newmailusername = str_replace($pattern, "", $newmailusername); $pattern[4] = 'info';
$newmailusernamefull = $newmailusername . '@roteserver.de'; $pattern[5] = 'webmaster';
if (!filter_var($newmailuserfull, FILTER_VALIDATE_EMAIL)) { }
// nicht ordentliche EmailAdresse $newmailusername = str_replace($pattern, "", $newmailusername);
$newmailusernamefull = $newmailusername . '@' . $newmaildomain;
if (!filter_var($newmailusernamefull, FILTER_VALIDATE_EMAIL)) {
// nicht ordentliche EmailAdresse
header("Location: createmailpre.php?wrongsymbols=1");
exit;
}
if(strpos($newmailusername, "'") !== false) {
if ($admin == 1) {
header("Location: ../admin.php?fehler=Falsche Zeichen in Adresse");
exit;
} else {
header("Location: createmailpre.php?wrongsymbols=1");
exit;
}
}
if (strpos($newmailpw, "'") !== false) {
if ($admin == 1) {
header("Location: ../admin.php?fehler=Falsche Zeichen in Passwort");
exit;
} else {
header("Location: createmailpre.php?wrongsymbols=1"); header("Location: createmailpre.php?wrongsymbols=1");
exit; exit;
} }
if(strpos($newmailusername, "'") !== false) { }
if ($admin == 1) { if (strlen($newmailpw) >= 8) {
header("Location: ../admin.php?fehler=Falsche Zeichen in Adresse"); if ($newmailpw == $newmailpwrep) {
exit; $abfrage = "SELECT 1 FROM `accounts` WHERE `username` = :newmailusername AND `domain` = :newmaildomain";
} else { $sth = $dbh->prepare($abfrage);
header("Location: createmailpre.php?wrongsymbols=1"); $sth->execute(array(':newmailusername' => $newmailusername, ':newmaildomain' => $newmaildomain));
exit; $result = $sth->fetchAll();
} //print_r($result);
} if ($result[0][1] !== 1) {
if (strpos($newmailpw, "'") !== false) { $newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]);
if ($admin == 1) { //$createdtimestamp = date("Y-m-d H:i:s");
header("Location: ../admin.php?fehler=Falsche Zeichen in Passwort"); // if ($config['maildirencryption']) {
exit; // $eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`, `pre-pw-key`, `pw-key`, `admin`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '1', '$createdtimestamp', '0', '0', '0')"; // Maildaten in MailServer DB eintragen
} else { // $sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert.
header("Location: createmailpre.php?wrongsymbols=1"); // $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' =>$newmailusername));
exit; // $maildirpath = $config['mailfolderpath'] . $newmailusername;
} // umask(0);
} // mkdir($maildirpath, 0770);
if (strlen($newmailpw) >= 8) { // exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($newmailusernamefull));
if ($newmailpw == $newmailpwrep) { // $eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `email` LIKE :newmailusernamefull";
$abfrage = "SELECT 1 FROM `virtual_users` WHERE `email` = :newmailusernamefull"; // }
$sth = $dbh->prepare($abfrage); //else {
$sth->execute(array('newmailusernamefull' => $newmailusernamefull)); $eintrag = "INSERT INTO `accounts` (`username`, `domain`, `password`, `quota`, `enabled`, `forcepwreset`, `sendonly`, `admin`) VALUES (:newmailusername, :newmaildomain, :newmailpwhashed, '2048', '1', :forcepwreset, '0', '0')"; // Maildaten in MailServer DB eintragen
$result = $sth->fetchAll();
if ($result[0][1] !== 1) {
$newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]);
$createdtimestamp = date("Y-m-d H:i:s");
if ($config['maildirencryption']) {
$eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`, `pre-pw-key`, `pw-key`, `admin`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '1', '$createdtimestamp', '0', '0', '0')"; // Maildaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert.
$sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' =>$newmailusername));
$maildirpath = $config['mailfolderpath'] . $newmailusername;
umask(0);
mkdir($maildirpath, 0770);
exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($newmailusernamefull));
$eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `email` LIKE :newmailusernamefull";
}
else {
$eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '0', '$createdtimestamp')"; // Maildaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert.
$sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' => $newmailusername));
$maildirpath = $config['mailfolderpath'] . $newmailusername;
umask(0);
mkdir($maildirpath, 0770);
}
$sth = $dbh->prepare($eintrag); $sth = $dbh->prepare($eintrag);
$sth->execute(array(':newmailusernamefull' => $newmailusernamefull)); $sth->execute(array(':newmailusername' => $newmailusername, ':newmaildomain' => $newmaildomain, ':newmailpwhashed' => $newmailpwhashed, ':forcepwreset' => $newmailforcepwreset));
//$maildirpath = $config['mailfolderpath'] . $newmailusername;
// umask(0);
// mkdir($maildirpath, 0770);
//}
//$sth = $dbh->prepare($eintrag);
//$sth->execute(array(':newmailusernamefull' => $newmailusernamefull));
if ($config['sendactivationinfo']) {
$adminmailadress = $config['adminadress']; $adminmailadress = $config['adminadress'];
$adresse = $config['domain'] . '/admin.php'; $adresse = $config['domain'] . '/admin.php';
// eine Mail an den Admin verschicken, damit er die Mail freischalten kann // eine Mail an den Admin verschicken, damit er die Mail freischalten kann
mail($adminmailadress, "Neue Mailadresse erstellt", "Eine neue Mailadresse wurde erstellt und muss freigeschaltet werden. \n \n" . htmlspecialchars($newmailusernamefull) . "\n " . $adresse, "From: mailservice"); mail($adminmailadress, "Neue Mailadresse erstellt", "Eine neue Mailadresse wurde erstellt und muss freigeschaltet werden. \n \n" . htmlspecialchars($newmailusernamefull) . "\n " . $adresse, "From: mailservice");
if ($admin == 1) {
header("Location: ../admin.php?success=1");
exit;
} else {
header("Location: ../index.php");
exit;
}
exit;
} else { // Emailadresse ist bereits registriert
if ($admin == 1) {
header("Location: ../admin.php?fehler=Mail besteht schon");
exit;
} else {
header("Location: createmailpre.php?mailalreadytaken=1");
exit;
}
} }
}
else {
if ($admin == 1) { if ($admin == 1) {
header("Location: ../admin.php?fehler=PW nicht gleich"); header("Location: ../admin.php?success=1");
exit; exit;
} else { } else {
header("Location: createmailpre.php?pwnotequal=1"); header("Location: ../index.php");
exit;
}
exit;
} else { // Emailadresse ist bereits registriert
if ($admin == 1) {
header("Location: ../admin.php?fehler=Mail besteht schon");
exit;
} else {
header("Location: createmailpre.php?mailalreadytaken=1");
exit; exit;
} }
} }
} else { // Passwort zu kurz }
else {
if ($admin == 1) { if ($admin == 1) {
header("Location: ../admin.php?fehler=PW zu kurz"); header("Location: ../admin.php?fehler=PW nicht gleich");
exit; exit;
} else { } else {
header("Location: createmailpre.php?pwtooshort=1"); header("Location: createmailpre.php?pwnotequal=1");
exit; exit;
} }
} }
} else { // Passwort zu kurz
if ($admin == 1) {
header("Location: ../admin.php?fehler=PW zu kurz");
exit;
} else {
header("Location: createmailpre.php?pwtooshort=1");
exit;
}
} }
session_start(); }
if ($_SESSION['log'] == 1 AND $_SESSION['admin'] == 1) { session_start();
createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 1); if ($_SESSION['log'] == 1 AND $_SESSION['admin'] == 1) {
} //print_r($_POST);
createmailuser($_POST['newmailusername'], $_POST['newmaildomainid'], $_POST['newmailpw'], $_POST['newmailpwrep'], $_POST['forcepwreset'], 1);
header("Location: ../admin.php");
exit;
}
if ($config['allowregistration']) {
if ($_POST['captchacode'] == $_SESSION['captchacode']) { if ($_POST['captchacode'] == $_SESSION['captchacode']) {
createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 0); createmailuser($_POST['newmailusername'], $_POST['newmaildomainid'], $_POST['newmailpw'], $_POST['newmailpwrep'], $_POST['forcepwreset'], 0);
} }
elseif ($_POST['captchacode'] != $_SESSION['captchacode']) { elseif ($_POST['captchacode'] != $_SESSION['captchacode']) {
header("Location: createmailpre.php?wrongcaptchacode=1"); header("Location: createmailpre.php?wrongcaptchacode=1");

3
public/bin/deactivatemail.php
View File

@ -24,10 +24,11 @@ try {
session_start(); session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) { if ($_SESSION['log'] == 1 && $_SESSION['admin']) {
$mailuserID = $_POST['mailuserID']; $mailuserID = $_POST['mailuserID'];
$eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `id` LIKE :mailuserID"; $eintrag = "UPDATE `accounts` SET `enabled`='0' WHERE `id` LIKE :mailuserID";
$sth = $dbh->prepare($eintrag); $sth = $dbh->prepare($eintrag);
$sth->execute(array(':mailuserID' => $mailuserID)); $sth->execute(array(':mailuserID' => $mailuserID));
header("Location: ../admin.php?success=1"); header("Location: ../admin.php?success=1");
exit; exit;
} }
header("Location: ../index.php"); header("Location: ../index.php");
?>

17
public/bin/deletemail.php
View File

@ -47,16 +47,17 @@ if ($_SESSION['log'] == 1) {
else { else {
$mailuserID = $_SESSION['mailID']; $mailuserID = $_SESSION['mailID'];
} }
$abfrage = "SELECT `username` FROM `virtual_users` WHERE `id` = :mailuserID"; $eintrag = "DELETE FROM `accounts` WHERE `id` LIKE :mailuserID";
$sth = $dbh->prepare($abfrage);
$sth->execute(array('mailuserID' => $mailuserID));
$result = $sth->fetchAll();
$eintrag = "DELETE FROM `mailserver`.`virtual_users` WHERE `id` LIKE :mailuserID";
$sth = $dbh->prepare($eintrag); $sth = $dbh->prepare($eintrag);
$sth->execute(array(':mailuserID' => $mailuserID)); $sth->execute(array(':mailuserID' => $mailuserID));
$maildirpath = $config['mailfolderpath'] . $result[0]['username']; //$maildirpath = $config['mailfolderpath'] . $result[0]['username'];
delete_directory($maildirpath); //delete_directory($maildirpath);
header("Location: ../admin.php?success=1"); if ($_SESSION['admin'] == 1) {
header("Location: ../admin.php?success=1");
}
else {
header("Location: ../logout.php");
}
exit; exit;
} }
header("Location: ../index.php"); header("Location: ../index.php");

18
public/bin/dellist.php
View File

@ -22,11 +22,23 @@ try {
echo 'Connection failed'; echo 'Connection failed';
} }
session_start(); session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) { if ($_SESSION['log'] == 1) {
$eintrag = "DELETE FROM `mailserver`.`virtual_aliases` WHERE `id` LIKE :maillistid"; if (!$_SESSION['admin']) {
$abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain AND alias_id LIKE :editlistid";
$result = $dbh->prepare($abfrage);
$result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain'], ':editlistid' => $_GET['editlistid']));
if ($result->rowCount() <= 0) {
header("Location: maillistsettings.php");
exit;
}
}
$eintrag = "DELETE FROM `aliases` WHERE `alias_id` LIKE :aliasid; DELETE FROM `alias_owner` WHERE `alias_id` LIKE :aliasid; DELETE FROM `alias_details` WHERE `id` LIKE :aliasid";
$sth = $dbh->prepare($eintrag); $sth = $dbh->prepare($eintrag);
$sth->execute(array(':maillistid' => $_GET['dellistid'])); $sth->execute(array(':aliasid' => $_GET['dellistid']));
header("Location: maillistsettings.php"); header("Location: maillistsettings.php");
exit; exit;
} else {
header("Location: ../index.php");
exit;
} }
?> ?>

38
public/bin/editlist.php
View File

@ -22,11 +22,43 @@ try {
echo 'Connection failed'; echo 'Connection failed';
} }
session_start(); session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) { if ($_SESSION['log'] == 1) {
$eintrag = "UPDATE `virtual_aliases` SET `source` = :newsource, `destination` = :newdestination, `owner` = :newowner, `private` = :newprivate, `name` = :newname WHERE `id` LIKE :editlistid"; if (!$_SESSION['admin']) {
$abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain AND alias_id LIKE :editlistid";
$result = $dbh->prepare($abfrage);
$result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain'], ':editlistid' => $_POST['editlistid']));
if ($result->rowCount() <= 0) {
header("Location: maillistsettings.php");
exit;
}
}
$newlistowner = explode('@', $_POST['newlistowner']);
$eintrag = "UPDATE `alias_details` SET `name` = :newlistname, `owners` = :owners, `destinations` = :destinations, `security` = :security WHERE `id` LIKE :editlistid"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag); $sth = $dbh->prepare($eintrag);
$sth->execute(array('newsource' => $_POST['newlistsource'], 'newdestination' => $_POST['newlistdestination'], 'newowner' => $_POST['newlistownerid'], 'newprivate' => $_POST['newlistprivate'], 'newname' => $_POST['newlistname'], 'editlistid' => $_POST['editlistid'])); $sth->execute(array(':newlistname' => $_POST['newlistname'], ':owners' => $_POST['newlistowners'], ':destinations' => $_POST['newlistdestinations'], ':security' => $_POST['newlistsecurity'], ':editlistid' => $_POST['editlistid']));
$newlistsource = explode('@', $_POST['newlistsource']);
$eintrag = "DELETE FROM `alias_owner` WHERE `alias_id` LIKE :aliasid";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $_POST['editlistid']));
foreach (explode(' ', $_POST['newlistowners']) as $maillistowner) {
$maillistownerex = explode('@', $maillistowner);
$eintrag = "INSERT INTO `alias_owner` (`alias_id`, `owner_username`, `owner_domain`) VALUES (:aliasid, :owner_username, :owner_domain)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $_POST['editlistid'], ':owner_username' => $maillistownerex[0], ':owner_domain' => $maillistownerex[1]));
}
$eintrag = "DELETE FROM `aliases` WHERE `alias_id` LIKE :aliasid";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $_POST['editlistid']));
foreach (explode(' ', $_POST['newlistdestinations']) as $maillistdestination) {
$maillistdestinationex = explode('@', $maillistdestination);
$eintrag = "INSERT INTO `aliases` (`alias_id`, `source_username`, `source_domain`, `destination_username`, `destination_domain`) VALUES (:aliasid, :source_username, :source_domain, :destination_username, :destination_domain)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $_POST['editlistid'], ':source_username' => $newlistsource[0], ':source_domain' => $newlistsource[1], ':destination_username' => $maillistdestinationex[0], ':destination_domain' => $maillistdestinationex[1]));
}
header("Location: maillistsettings.php"); header("Location: maillistsettings.php");
exit; exit;
} else {
header("Location: ../index.php");
exit;
} }
?> ?>

50
public/bin/editlistpre.php
View File

@ -22,40 +22,53 @@ try {
echo 'Connection failed'; echo 'Connection failed';
} }
session_start(); session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) { if ($_SESSION['log']) {
if (!$_SESSION['admin']) {
$abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain AND alias_id LIKE :editlistid";
$result = $dbh->prepare($abfrage);
$result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain'], ':editlistid' => $_GET['editlistid']));
if ($result->rowCount() <= 0) {
header("Location: maillistsettings.php");
exit;
}
}
echo '<html> echo '<html>
<head> <head>
<title>Mailliste editieren</title> <title>Mailliste editieren</title>
</head> </head>
<body> <body>
<a href="maillistsettings.php"><h3>Zurück zur Maillistoberfläche (Editieren abbrechen)</h3></a><br>'; <a href="maillistsettings.php"><h3>Zurück zur Maillistoberfläche (Editieren abbrechen)</h3></a><br>';
$abfrage = "SELECT `source`, `destination`, `owner`, `private`, `name` FROM `virtual_aliases` WHERE `id` LIKE :editlistid"; $abfrage = "SELECT `name`, `owners`, `security` FROM `alias_details` WHERE `id` LIKE :editlistid";
$result = $dbh->prepare($abfrage); $result = $dbh->prepare($abfrage);
$result->execute(array('editlistid' => $_GET['editlistid'])); $result->execute(array(':editlistid' => $_GET['editlistid']));
while ($lists = $result->fetch()) { while ($lists = $result->fetch()) {
$abfrage2 = "SELECT `source_username`, `source_domain` FROM `aliases` WHERE `alias_id` LIKE :aliasid";
$result2 = $dbh->prepare($abfrage2);
$result2->execute(array(':aliasid' => $_GET['editlistid']));
$listdetails = $result2->fetch();
echo' echo'
<form name="editlist" method=POST action="editlist.php"> <form name="editlist" method=POST action="editlist.php">
<label>Listenname:<input name="newlistname" type="text" placeholder="Listenname" value="' . $lists['name'] . '"/></label> <label>Listenname:<input name="newlistname" type="text" placeholder="Listenname" value="' . $lists['name'] . '"/></label>
<label>Listenadresse:<input name="newlistsource" type="text" placeholder="Listenadresse" value="' . $lists['source'] . '"/></label> <label>Listenadresse:<input name="newlistsource" type="text" placeholder="Listenadresse" value="' . $listdetails['source_username'] . '@' . $listdetails['source_domain'] . '"/></label>
<label>Listenbesitzer:<select name="newlistownerid">'; <label>Listenbesitzer:<textarea rows="1" cols="50" name="newlistowners">' . $lists['owners'] . '</textarea></label><br>
$abfrage = "SELECT `id`, `email` FROM `virtual_users`"; <label>Listenempfänger (durch Leerzeichen getrennt):<br><textarea rows="4" cols="50" name="newlistdestinations">';
$result = $dbh->query($abfrage); $abfrage3 = "SELECT `destination_username`, `destination_domain` FROM `aliases` WHERE `alias_id` LIKE :aliasid";
while ($emails = $result->fetch()) { $result3 = $dbh->prepare($abfrage3);
echo '<option value="' . $emails['id'] . '" '; $result3->execute(array(':aliasid' => $_GET['editlistid']));
if ($emails['id'] == $lists['owner']) echo ' selected'; $listdestinations = "";
echo '>' . $emails['email'] . '</option>'; while ($listdestination = $result3->fetch()) {
$listdestinations = $listdestinations . $listdestination['destination_username'] . '@' . $listdestination['destination_domain'] . ' ';
} }
echo '</select></label><br> echo substr($listdestinations, 0, -1) . '</textarea></label>
<label>Listenempfänger (durch Leerzeichen getrennt):<br><textarea rows="4" cols="50" name="newlistdestination">' . $lists['destination'] . '</textarea></label> <label>Listensicherheitseinstellungen:<select name="newlistsecurity">
<label>Listensicherheitseinstellungen:<select name="newlistprivate">
<option value="0"'; <option value="0"';
if ($lists['private'] == 0) echo ' selected'; if ($lists['security'] == 0) echo ' selected';
echo '>0 (Jeder kann Mails an die Liste schicken)</option> echo '>0 (Jeder kann Mails an die Liste schicken)</option>
<option value="1"'; <option value="1"';
if ($lists['private'] == 1) echo ' selected'; if ($lists['security'] == 1) echo ' selected';
echo '>1 (Mitglieder der Liste können Mails an die Liste schicken)</option> echo '>1 (Mitglieder der Liste können Mails an die Liste schicken)</option>
<option value="2"'; <option value="2"';
if ($lists['private'] == 2) echo ' selected'; if ($lists['security'] == 2) echo ' selected';
echo '>2 (Der Besitzer der Liste kann Mails an die Liste schicken)</option> echo '>2 (Der Besitzer der Liste kann Mails an die Liste schicken)</option>
</select></label><br> </select></label><br>
<input type="hidden" name="editlistid" value="' . $_GET['editlistid'] . '"/> <input type="hidden" name="editlistid" value="' . $_GET['editlistid'] . '"/>
@ -63,5 +76,8 @@ if ($_SESSION['log'] == 1 && $_SESSION['admin']) {
</body> </body>
</html>'; </html>';
} }
} else {
header("Location: ../index.php");
exit;
} }
?> ?>

39
public/bin/forcedpwreset.php Normal file
View File

@ -0,0 +1,39 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
session_start();
if ($_SESSION['log']) {
header("Location: ../settings.php");
exit;
}
if ($_SESSION['forcepwreset']) {
echo '<h3>Du musst erstmal dein Passwort ändern:</h3>
<form name="changemailpw" method=POST action="changemailpw.php">
<label>Altes Passwort: <input type="password" name="oldmailpw"/></label>
<label>Neues Passwort: <input type="password" name="newmailpw"/>(min. 8 Zeichen, benutze nicht ' . "'" . ')</label>
<label>Neue Passwort wiederholen: <input type="password" name="newmailpwrep"/></label>
<input type="submit" value="Abschicken"/></form>';
echo '<br><a href="../logout.php"><button>Logout</button></a>';
}
else header("Location: ../index.php");
?>

96
public/bin/maillistsettings.php
View File

@ -22,46 +22,82 @@ try {
echo 'Connection failed'; echo 'Connection failed';
} }
session_start(); session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) { if ($_SESSION['log'] == 1) {
if (!$_SESSION['admin']) {
$aliasids = "";
$abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain";
$result = $dbh->prepare($abfrage);
$result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain']));
if ($result->rowCount() <= 0) {
header("Location: ../settings.php");
exit;
}
while ($aliases = $result->fetch()) {
$aliasids = $aliasids . $aliases['alias_id'] . '|';
}
}
echo '<html> echo '<html>
<head> <head>
<title>Maillist Einstellung</title> <title>Maillist Einstellung</title>
</head> </head>
<body> <body>
<h2>Maillinglisten Einstellungen</h2> <h2>Maillinglisten Einstellungen</h2>';
<a href="../admin.php"><h3>Zurück zur Adminoberfläche</h3></a><br> if ($_SESSION['admin']) {
<form name="addmaillist" method=POST action="addmaillist.php"> echo '<a href="../admin.php"><h3>Zurück zur Adminoberfläche</h3></a><br>
<label>Listenname:<input name="maillistname" type="text" placeholder="Listenname"/></label> <h3>Mailliste hinzufügen</h3>
<label>Listenadresse:<input name="maillistsource" type="text" placeholder="Listenadresse"/></label> <form name="addmaillist" method=POST action="addmaillist.php">
<label>Listenbesitzer:<select name="maillistownerid">'; <label>Listenname:<input name="newlistname" type="text" placeholder="Listenname"/></label>
$abfrage = "SELECT `id`, `email` FROM `virtual_users`"; <label>Listenadresse:<input name="newlistsourceadress" type="text" placeholder="Listenadresse"/>@<select name="newlistsourcedomain">';
$result = $dbh->query($abfrage); $abfrage = "SELECT `id`, `domain` FROM `domains`";
while ($emails = $result->fetch()) { $result = $dbh->query($abfrage);
echo '<option value="' . $emails['id'] . '">' . $emails['email'] . '</option>'; while ($domains = $result->fetch()) {
echo '<option value="' . $domains['domain'] . '">' . $domains['domain'] . '</option>';
}
echo '</select></label>
<label>Listenbesitzer:<textarea rows="1" cols="50" name="newlistowners"></textarea></label><br>
<label>Listenempfänger (durch Leerzeichen getrennt):<br><textarea rows="4" cols="50" name="newlistdestinations"></textarea></label>
<label>Listensicherheitseinstellungen:<select name="newlistsecurity">
<option value="0">0 (Jeder kann Mails an die Liste schicken)</option>
<option value="1">1 (Mitglieder und Besitzer der Liste können Mails an die Liste schicken)</option>
<option value="2">2 (Nur Besitzer der Liste können Mails an die Liste schicken)</option>
</select></label><br>
<input type="submit" name="submit" value="Hinzufügen"/></form>
<br><h3>Bestehende Listen:</h3>';
} }
echo '</select></label><br> else {
<label>Listenempfänger (durch Leerzeichen getrennt):<br><textarea rows="4" cols="50" name="maillistadresses"></textarea></label> echo '<a href="../settings.php"><h3>Zurück</h3></a><br><h3>Meine bestehenden Listen:</h3>';
<label>Listensicherheitseinstellungen:<select name="listprivate"> }
<option value="0">0 (Jeder kann Mails an die Liste schicken)</option> if ($_SESSION['admin']) {
<option value="1">1 (Mitglieder der Liste können Mails an die Liste schicken)</option> $abfrage = "SELECT `id`, `name`, `owners`, `destinations`, `security` FROM `alias_details`";
<option value="2">2 (Der Besitzer der Liste kann Mails an die Liste schicken)</option> $result = $dbh->query($abfrage);
</select></label><br> }
<input type="submit" name="submit" value="Hinzufügen"/> else {
<br> $abfrage = "SELECT `id`, `name`, `owners`, `destinations`, `security` FROM `alias_details` WHERE `id` REGEXP :aliasid";
<h3>Bestehende Listen:</h3> $result = $dbh->prepare($abfrage);
'; $result->execute(array(':aliasid' => substr($aliasids, 0, -1)));
$abfrage = "SELECT `id`, `source`, `destination`, `owner`, `private`, `name` FROM `virtual_aliases`"; }
$result = $dbh->query($abfrage); echo '<table border="1" style="text-align: center; vertical-align: middle;"><tr><th>Listenname</th><th>Listenadresse</th><th>Listenempfänger</th><th>Listenbesitzer</th><th>Listensicherheit</th><th>Optionen</th></tr>';
echo '<table style="text-align: center; vertical-align: middle;"><tr><th>Listenname</th><th>Listenadresse</th><th>Listenempfänger</th><th>Listenbesitzer</th><th>Listensicherheit</th><th>Optionen</th></tr>';
while ($lists = $result->fetch()) { while ($lists = $result->fetch()) {
$abfrage2 = "SELECT `email` FROM `virtual_users` WHERE `id` LIKE :ownerid"; $abfrage2 = "SELECT `source_username`, `source_domain` FROM `aliases` WHERE `alias_id` LIKE :aliasid";
$sth = $dbh->prepare($abfrage2); $result2 = $dbh->prepare($abfrage2);
$sth->execute(array('ownerid' => $lists['owner'])); $result2->execute(array(':aliasid' => $lists['id']));
$result2 = $sth->fetchAll(); $listdetails = $result2->fetch();
echo '<tr><td>' . $lists['name'] . '</td><td>' . $lists['source'] . '</td><td>' . $lists['destination'] . '</td><td>' . $result2[0]['email'] . '</td><td>' . $lists['private'] . '</td><td><a href="dellist.php?dellistid=' . $lists['id'] . '">Löschen</a><br><a href="editlistpre.php?editlistid=' . $lists['id'] . '">Editieren</a></td></tr>'; echo '<tr><td>' . $lists['name'] . '</td><td>' . $listdetails['source_username'] . '@' . $listdetails['source_domain'] . '</td><td>';
foreach (explode(' ', $lists['destinations']) as $destination) {
echo $destination . '<br>';
}
echo '</td><td>';
foreach (explode(' ', $lists['owners']) as $owner) {
echo $owner . '<br>';
}
echo '</td><td>' . $lists['security'] . '</td><td><a href="dellist.php?dellistid=' . $lists['id'] . '">Löschen</a><br><a href="editlistpre.php?editlistid=' . $lists['id'] . '">Editieren</a></td></tr>';
} }
echo '</table>'; echo '</table>';
echo '</body> echo '</body>
</html>'; </html>';
} }
else {
header("Location: ../index.php");
exit;
}
?> ?>

65
public/bin/unsubmaillist.php Normal file
View File

@ -0,0 +1,65 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
$eintrag = "DELETE FROM `alias_del_requests` WHERE DATEDIFF(NOW(), `created`) > :datediff";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':datediff' => $config['deletedelrequestdaydiff']));
if (isset($_GET['token'])) {
$abfrage = "SELECT `alias_id`, `destination_username`, `destination_domain` FROM `alias_del_requests` WHERE `token` LIKE :token";
$result = $dbh->prepare($abfrage);
$result->execute(array(':token' => $_GET['token']));
if ($result->rowCount() > 0) {
$daten = $result->fetch();
$aliasid = $daten['alias_id'];
$destination_username = $daten['destination_username'];
$destination_domain = $daten['destination_domain'];
$eintrag = "DELETE FROM `aliases` WHERE `alias_id` LIKE :aliasid AND `destination_username` LIKE :destination_username AND `destination_domain` LIKE :destination_domain";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $aliasid, ':destination_username' => $destination_username, ':destination_domain' => $destination_domain));
// Destinationszeile neu generieren (würde bestimmt einfacher gehen)
$abfrage2 = "SELECT `destination_username`, `destination_domain` FROM `aliases` WHERE `alias_id` LIKE :aliasid";
$result2 = $dbh->prepare($abfrage2);
$result2->execute(array(':aliasid' => $aliasid));
$listdestinations = "";
while ($listdestination = $result2->fetch()) {
$listdestinations = $listdestinations . $listdestination['destination_username'] . '@' . $listdestination['destination_domain'] . ' ';
}
$eintrag = "UPDATE `alias_details` SET `destinations` = :destinations WHERE `id` LIKE :aliasid";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':destinations' => substr($listdestinations, 0, -1), ':aliasid' => $aliasid));
$eintrag = "DELETE FROM `alias_del_requests` WHERE `token` LIKE :token";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':token' => $_GET['token']));
print_r($_GET['token']);
header("Location: ../unsub.php?success=1");
exit;
} else {
header("Location: ../unsub.php?unknowntoken=1");
exit;
}
} else {
header("Location: ../index.php");
exit;
}
?>

77
public/bin/unsubmaillistpre.php Normal file
View File

@ -0,0 +1,77 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
require '../vendor/autoload.php';
$config = parse_ini_file('../../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
$destination = explode('@', $_POST['destination_adress']);
$source = explode('@', $_POST['source_adress']);
$abfrage = "SELECT `alias_id` FROM `aliases` WHERE `source_username` LIKE :source_username AND `source_domain` LIKE :source_domain AND `destination_username` LIKE :destination_username AND `destination_domain` LIKE :destination_domain";
$result = $dbh->prepare($abfrage);
$result->execute(array(':source_username' => $source[0], ':source_domain' => $source[1], ':destination_username' => $destination[0], ':destination_domain' => $destination[1]));
if ($result->rowCount() > 0) {
$aliasid = $result->fetch()['alias_id'];
$eintrag = "DELETE FROM `alias_del_requests` WHERE `alias_id` LIKE :aliasid AND `destination_username` LIKE :destination_username AND `destination_domain` LIKE :destination_domain";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $aliasid, ':destination_username' => $destination[0], ':destination_domain' => $destination[1])); // eventuell bestehenden Token löschen
$token = bin2hex(openssl_random_pseudo_bytes(16)); // Token zur abmeldung erstellen
$date = date("Y-m-d H:i:s"); // Datum der Tokenerstellung für automatische löschung speichern
$eintrag = "INSERT INTO `alias_del_requests` (`alias_id`, `destination_username`, `destination_domain`, `token`, `created`) VALUES (:aliasid, :destination_username, :destination_domain, :token, :created)";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $aliasid, ':destination_username' => $destination[0], ':destination_domain' => $destination[1], ':token' => $token, ':created' => $date));
$mail = new PHPMailer(true);
try {
$mail->CharSet = 'UTF-8';
$mail->Encoding = 'base64';
//Server settings
$mail->SMTPDebug = 0;
$mail->isSMTP(); // Set mailer to use SMTP
$mail->Host = $config['mailsmtpserver']; // Specify main and backup SMTP servers
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = $config['mailadress']; // SMTP username
$mail->Password = $config['mailpw']; // SMTP password
$mail->SMTPSecure = 'tls';
$mail->Port = 587; // TCP port to connect to
//Recipients
$mail->setFrom($config['mailadress']);
$mail->addAddress($_POST['destination_adress']);
// Content
$mail->isHTML(true);
$mail->Subject = 'Aus Liste ' . htmlspecialchars($_POST['source_adress']) . ' abmelden';
$mail->Body = 'Eine Anfrage zur Abmeldung dieser Adresse aus ' . htmlspecialchars($_POST['source_adress']) . ' wurde erstellt.<br><a href="https://mail.cloud.sdaj.org/bin/unsubmaillist.php?token=' . $token . '">Abmeldung abschließen</a>' . '<br>Der Link ist 2 Tage gültig<br>Schade, dass du gehst. Bis dahin.';
$mail->AltBody = 'Eine Anfrage zur Abmeldung dieser Adresse aus ' . htmlspecialchars($_POST['source_adress']) . ' wurde erstellt. Hier kannst du die Abmeldung abschließen: https://mail.cloud.sdaj.org/bin/unsubmaillist.php?token=' . $token . 'Der Link ist 2 Tage gültig Schade, dass du gehst. Bis dahin.';
$mail->send();
} catch (Exception $e) {
echo "Message could not be sent.";
}
header("Location: ../unsub.php?mailsent=1");
exit;
}
else {
header("Location: ../unsub.php?mailsent=1");
exit;
}
?>

22
public/index.php
View File

@ -19,23 +19,39 @@ $config = parse_ini_file('../private/config.ini');
if (!isset($_SESSION['log']) OR $_SESSION['log'] != 1) { if (!isset($_SESSION['log']) OR $_SESSION['log'] != 1) {
echo '<html> echo '<html>
<head> <head>
<title>Login</title>
</head> </head>
<body>'; <body>';
if (isset($_GET['badlogin'])) { if (isset($_GET['badlogin'])) {
echo '<p>falsche Logindaten</p>'; echo '<p>falsche Logindaten</p>';
} }
if (isset($_GET['pwnotequal'])) {
echo '<h3>Passwörter nicht gleich!</h3><a href="bin/forcedpwreset.php">Nochmal</a>';
}
if (isset($_GET['pwtoshort'])) {
echo '<h3>eingegebe Passwörter sind zu kurz!</h3><a href="bin/forcedpwreset.php">Nochmal</a>';
}
if (isset($_GET['pwmissmatch'])) {
echo '<h3>Das eingegebene aktulle Passwort stimmt nicht!</h3><a href="bin/forcedpwreset.php">Nochmal</a>';
}
if (isset($_GET['wrongsymbols'])) {
echo '<h3>eingegebe Passwörter enthalten unerlaubte Symbole!</h3><a href="bin/forcedpwreset.php">Nochmal</a>';
}
if (isset($_GET['newpwequal'])) {
echo '<h3>Das neue Passwort entspricht dem alten!</h3><a href="bin/forcedpwreset.php">Nochmal</a>';
}
echo '<a href="webmail"><h2>Webmail</h2></a> echo '<a href="webmail"><h2>Webmail</h2></a>
<h2>Config-Login:</h2> <h2>Config-Login:</h2>
<form method="POST" action="login.php"> <form method="POST" action="login.php">
<label>Nutzername<input name="username" type="text"/></label> <label>Nutzername:<input name="username" type="text"/></label>
<label>Passwort<input name="password" type="password"/></label> <label>Passwort:<input name="password" type="password"/></label>
<input name="Submit" type="submit" value="Einloggen"/> <input name="Submit" type="submit" value="Einloggen"/>
</form>'; </form>';
if ($config['allowregistration']) { if ($config['allowregistration']) {
echo '<h3>Neues Konto erstellen:</h3> echo '<h3>Neues Konto erstellen:</h3>
<a href="bin/createmailpre.php"><button>Kontoerstellung</button></a>'; <a href="bin/createmailpre.php"><button>Kontoerstellung</button></a>';
} }
echo ' echo '<a href="unsub.php">Von einer Maillingliste abmelden</a>
</body> </body>
</html> </html>
'; ';

19
public/login.php
View File

@ -22,20 +22,27 @@ try {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed'; echo 'Connection failed';
} }
$user = $_POST['username']; $user = explode('@', $_POST['username']);
$pw = $_POST['password']; $pw = $_POST['password'];
$abfrage = "SELECT `id`, `password`, `email`, `username`, `admin` FROM `virtual_users` WHERE `email` = :username AND `active`='1'"; $abfrage = "SELECT `id`, `password`, `forcepwreset`, `admin` FROM `accounts` WHERE `username` = :username AND `domain` = :domain AND `enabled`='1' OR (`enabled`='0' AND `forcepwreset`='1')";
$sth = $dbh->prepare($abfrage); $sth = $dbh->prepare($abfrage);
$sth->execute(array(':username' => $user)); $sth->execute(array(':username' => $user[0], ':domain' => $user[1]));
$userdata = $sth->fetchAll(); $userdata = $sth->fetchAll();
if ($sth->rowCount() > 0) { if ($sth->rowCount() > 0) {
if (password_verify($pw, $userdata[0]['password'])) { if (password_verify($pw, $userdata[0]['password'])) {
$_SESSION['log'] = 1; $_SESSION['username'] = $user[0];
$_SESSION['username'] = $userdata[0]['username']; $_SESSION['domain'] = $user[1];
$_SESSION['email'] = $userdata[0]['email'];
$_SESSION['admin'] = $userdata[0]['admin']; $_SESSION['admin'] = $userdata[0]['admin'];
$_SESSION['mailID'] = $userdata[0]['id']; $_SESSION['mailID'] = $userdata[0]['id'];
if ($userdata[0]['forcepwreset']) {
$_SESSION['forcepwreset'] = 1;
$_SESSION['log'] = 0;
header("Location: bin/forcedpwreset.php");
exit;
}
$_SESSION['forcepwreset'] = 0;
$_SESSION['log'] = 1;
header("Location: settings.php"); header("Location: settings.php");
exit; exit;
} }

34
public/settings.php
View File

@ -25,10 +25,15 @@ session_start();
if ($_SESSION['log'] == 1) { if ($_SESSION['log'] == 1) {
echo '<html> echo '<html>
<head> <head>
<title>Roteserver - Mail Settings</title> <title>Mail Settings</title>
</head> </head>
<body> <body>
<h1>Mail Settings:</h1>'; <h1>Mail Settings:</h1><p>Guten Tag, ' . htmlentities($_SESSION['username']) . '@' . htmlentities($_SESSION['domain']) . '</p>';
$randval = rand(0, 99);
echo '<!-- '. $randval . ' -->';
if (rand(0,99) == 42) {
echo '<img src="img/mailcat.gif"/><br>';
}
if (isset($_GET['success'])) { if (isset($_GET['success'])) {
echo '<p>Erfolgreich geändert.</p>'; echo '<p>Erfolgreich geändert.</p>';
} }
@ -36,21 +41,30 @@ if ($_SESSION['log'] == 1) {
echo '<h3>Passwörter nicht gleich!</h3>'; echo '<h3>Passwörter nicht gleich!</h3>';
} }
if ($_SESSION['admin'] == 1) { if ($_SESSION['admin'] == 1) {
echo '<a href="admin.php"><p>Admin-Settings</p></a>'; echo '<a href="admin.php"><p>Admin-Settings (inklusive Maillisten)</p></a>';
}
else {
$abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain";
$result = $dbh->prepare($abfrage);
$result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain']));
if ($result->rowCount() > 0) {
echo '<a href="bin/maillistsettings.php"><p>Meine Maillisten verwalten</p></a>';
}
} }
echo '<a href="logout.php"><button>Logout</button></a>'; echo '<a href="logout.php"><button>Logout</button></a>';
echo '<h3>Passwort ändern:</h3> echo '<h3>Passwort ändern:</h3>
<form name="changemailpw" method=POST action="bin/changemailpw.php"> <form name="changemailpw" method=POST action="bin/changemailpw.php">
<label>Altes Passwort<input type="password" name="oldmailpw"/></label> <label>Altes Passwort: <input type="password" name="oldmailpw"/></label>
<label>Neues Passwort<input type="password" name="newmailpw"/>(min. 8 Zeichen, benutze nicht ' . "'" . ')</label> <label>Neues Passwort: <input type="password" name="newmailpw"/>(min. 8 Zeichen, benutze nicht ' . "'" . ')</label>
<label>Neue Passwort wiederholen<input type="password" name="newmailpwrep"/></label> <label>Neue Passwort wiederholen: <input type="password" name="newmailpwrep"/></label>';
<label><p style="font-size: x-small">Schlüssel-Neuerstellung erzwingen</p><p style="font-size: small">ACHTUNG! Alle alten Mails werden dann wahrscheinlich nicht mehr lesbar sein!<input type="checkbox" name="forcekeyregen"/></p></label> if ($config['maildirencryption']) {
<input type="submit" value="Abschicken"/> echo '<label><p style="font-size: x-small">Schlüssel-Neuerstellung erzwingen</p><p style="font-size: small">ACHTUNG! Alle alten Mails werden dann wahrscheinlich nicht mehr lesbar sein!<input type="checkbox" name="forcekeyregen"/></p></label>';
<h3>Mailadresse löschen:</h3> }
echo '<input type="submit" value="Abschicken"/></form>
<h3>Diese Mailadresse löschen:</h3>
<form name="deletemail" method=POST action="bin/deletemail.php"> <form name="deletemail" method=POST action="bin/deletemail.php">
<input type="submit" value="LÖSCHEN"/> <input type="submit" value="LÖSCHEN"/>
</form>'; </form>';
echo '</body> echo '</body>
</html>'; </html>';
exit; exit;

53
public/unsub.php Normal file
View File

@ -0,0 +1,53 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
$eintrag = "DELETE FROM `alias_del_requests` WHERE DATEDIFF(NOW(), `created`) > :datediff";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':datediff' => $config['deletedelrequestdaydiff']));
echo '<html>
<head>
<title>Abmelden</title>
</head>
<body>';
if (isset($_GET['unknowntoken'])) {
echo '<p>Unbekannter Abmeldetoken. Erneut veruschen?</p>';
}
if (isset($_GET['mailsent'])) {
echo '<h3>Falls die angegebene E-Mail-Adresse auf der Mailingliste steht, haben wir dir eine Email mit einem Link zur Bestätigung deiner Abmeldung geschickt. Der Link in der Mail ist 2 Tage gültig</h3>';
}
if (isset($_GET['success'])) {
echo '<p>Erfolgreich abgemeldet</p>';
}
echo '<h2>Mailliste Abmeldung:</h2>
<form method="POST" action="bin/unsubmaillistpre.php">
<label>Maillistadresse: <input name="source_adress" type="text"';
if (isset($_GET['maillist'])) {
echo 'value="' . htmlentities($_GET['maillist']) . '" readonly="true"';
}
echo '/></label>
<label>Nutzeradresse: <input name="destination_adress" type="text"/></label>
<input name="Submit" type="submit" value="Abmelden"/>
</form>';
echo '</body>
</html>';
?>