hmrhkr
/
Mailadminscript
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

rewrite

This commit is contained in:
Humorhenker 2019-09-25 22:01:48 +02:00
parent cb81230798
commit a48be33024
18 changed files with 531 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
private/config.ini
View File

@ -8,4 +8,5 @@ dbname =
mailfolderpath =
maildirencryption =
captcha =
allowregistration =
allowregistration =
adminadress =

22
public/admin.php
View File

@ -25,7 +25,7 @@ session_start();
if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
echo '<html>
<head>
<title>Roteserver - Mail Admin Settings</title>
<title>Mail Admin Settings</title>
</head>
<body>
<h1>Mail Admin Settings:</h1>';
@ -39,10 +39,10 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
echo '<h3>Mailadresse aktivieren:</h3>
<form name="activatemail" method=POST action="bin/activatemail.php">
<label>Activate Mail:<select name="mailuserID">';
$abfrage = "SELECT `id`, `email` FROM `virtual_users` WHERE `active` LIKE 0";
$abfrage = "SELECT `id`, `username`, `domain` FROM `accounts` WHERE `enabled` LIKE 0";
$result = $dbh->query($abfrage);
while ($emails = $result->fetch()) {
echo '<option value="' . $emails['id'] . '">' . $emails['email'] . '</option>';
echo '<option value="' . $emails['id'] . '">' . $emails['username'] . '@' . $emails['domain'] . '</option>';
}
echo '</select></label>
<input type="submit" name="submit" value="aktivieren"/>';
@ -51,17 +51,23 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
<h3>Mailadresse deaktivieren:</h3>
<form name="deactivatemail" method=POST action="bin/deactivatemail.php">
<label>Deactivate Mail:<select name="mailuserID">';
$abfrage = "SELECT `id`, `email` FROM `virtual_users` WHERE `active` LIKE 1";
$abfrage = "SELECT `id`, `username`, `domain` FROM `accounts` WHERE `enabled` LIKE 1";
$result = $dbh->query($abfrage);
while ($emails = $result->fetch()) {
echo '<option value="' . $emails['id'] . '">' . $emails['email'] . '</option>';
echo '<option value="' . $emails['id'] . '">' . $emails['username'] . '@' . $emails['domain'] . '</option>';
}
echo '</select></label>
<input type="submit" name="submit" value="deaktivieren"/>
</form>
<h3>Emailadresse hinzufügen:</h3>
<form name="createmailuser" method=POST action="bin/createmailuser.php">
<label>Neue email<input type="text" name="newmailusername"/>@roteserver.de (benutze nicht ' . "'" . ')</label>
<label>Neue email<input type="text" name="newmailusername"/>@<select name="newmaildomainid">';
$abfrage = "SELECT `id`, `domain` FROM `domains`";
$result = $dbh->query($abfrage);
while ($domains = $result->fetch()) {
echo '<option value="' . $domains['id'] . '">' . $domains['domain'] . '</option>';
}
echo '</select> (benutze nicht ' . "'" . ')</label>
<label>Neues Passwort<input type="password" name="newmailpw"/>(min. 8 Zeichen, benutze nicht ' . "'" . ')</label>
<label>Neues Passwort wiederholen<input type="password" name="newmailpwrep"/></label>
<input type="submit" name="submit" value="Hinzufügen"/>
@ -69,10 +75,10 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
<h3>Emailadresse entfernen:</h3>
<form name="deletemail" method=POST action="bin/deletemail.php">
<label>Delete Mail:<select name="mailuserID">';
$abfrage = "SELECT `id`, `email` FROM `virtual_users`";
$abfrage = "SELECT `id`, `username`, `domain` FROM `accounts`";
$result = $dbh->query($abfrage);
while ($emails = $result->fetch()) {
echo '<option value="' . $emails['id'] . '">' . $emails['email'] . '</option>';
echo '<option value="' . $emails['id'] . '">' . $emails['username'] . '@' . $emails['domain'] . '</option>';
}
echo '</select></label>
<input type="submit" name="submit" value="ENTFERNEN"/>

2
public/bin/activatemail.php
View File

@ -24,7 +24,7 @@ try {
session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) {
$mailuserID = $_POST['mailuserID'];
$eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='1' WHERE `id` LIKE :mailuserID";
$eintrag = "UPDATE `accounts` SET `enabled`='1' WHERE `id` LIKE :mailuserID";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':mailuserID' => $mailuserID));
header("Location: ../admin.php?success=1");

17
public/bin/addmaillist.php
View File

@ -23,10 +23,23 @@ try {
}
session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) {
$eintrag = "INSERT INTO `virtual_aliases` (`domain_id`, `source`, `destination`, `owner`, `private`, `name`) VALUES (1, :source, :destination, :owner, :private, :name)"; // Aliasdaten in MailServer DB eintragen
$eintrag = "INSERT INTO `alias_details` (`name`, `owners`, `destinations`, `security`) VALUES (:newlistname, :owners, :destinations, :security)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array('source' => $_POST['maillistsource'], 'destination' => $_POST['maillistadresses'], 'owner' => $_POST['maillistownerid'], 'private' => $_POST['listprivate'], 'name' => $_POST['maillistname']));
$sth->execute(array(':newlistname' => $_POST['newlistname'], ':owners' => $_POST['newlistowners'], ':destinations' => $_POST['newlistdestinations'], ':security' => $_POST['newlistsecurity']));
$newlistid = $dbh->lastInsertID();
foreach (explode(' ', $_POST['newlistowners']) as $maillistowner) {
$maillistownerex = explode('@', $maillistowner);
$eintrag = "INSERT INTO `alias_owner` (`alias_id`, `owner_username`, `owner_domain`) VALUES (:aliasid, :owner_username, :owner_domain)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $newlistid, ':owner_username' => $maillistownerex[0], ':owner_domain' => $maillistownerex[1]));
}
foreach (explode(' ', $_POST['newlistdestinations']) as $maillistdestination) {
$maillistdestinationex = explode('@', $maillistdestination);
$eintrag = "INSERT INTO `aliases` (`alias_id`, `source_username`, `source_domain`, `destination_username`, `destination_domain`) VALUES (:aliasid, :source_username, :source_domain, :destination_username, :destination_domain)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $newlistid, ':source_username' => $_POST['newlistsourceadress'], ':source_domain' => $_POST['newlistsourcedomain'], ':destination_username' => $maillistdestinationex[0], ':destination_domain' => $maillistdestinationex[1]));
}
}
header("Location: maillistsettings.php");
exit;
?>

27
public/bin/changemailpw.php
View File

@ -30,26 +30,27 @@ if ($_SESSION['log'] == 1) {
header("Location: settings.php?wrongsymbols=1");
exit;
}
$mailusername = $_SESSION['email'];
$abfrage = "SELECT `password` FROM `virtual_users` WHERE `email` = :newmailusernamefull";
$mailusername = $_SESSION['username'];
$maildomain = $_SESSION['domain'];
$abfrage = "SELECT `password` FROM `accounts` WHERE `username` = :newmailusername AND `domain` = :newmaildomain";
$sth = $dbh->prepare($abfrage);
$sth->execute(array('newmailusernamefull' => $mailusername));
$sth->execute(array(':newmailusername' => $mailusername, ':newmaildomain' => $maildomain));
$result= $sth->fetchAll();
$oldpwhashed = $result[0]['password'];
if (password_verify($oldmailpw, $oldpwhashed)) {
if (strlen($newmailpw) >= 8) {
$newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]);
$eintrag = "UPDATE `virtual_users` SET `password` = :newmailpwhashed WHERE `email` LIKE :mailusername";
$eintrag = "UPDATE `accounts` SET `password` = :newmailpwhashed WHERE `username` LIKE :mailusername AND `domain` LIKE :maildomain";
$sth = $dbh->prepare($eintrag);
$sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'mailusername' => $mailusername));
if ($config['maildirencryption']) {
if ($_POST['forcekeyregen']) {
exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($mailusername));
}
else {
exec('sudo -u vmail /usr/bin/doveadm mailbox cryptokey password -o stats_writer_socket_path= -u ' . escapeshellarg($mailusername) . ' -n ' . escapeshellarg($newmailpw) . ' -o' . escapeshellcmd($oldmailpw));
}
}
$sth->execute(array(':newmailpwhashed' => $newmailpwhashed, ':mailusername' => $mailusername, ':maildomain' => $maildomain));
//if ($config['maildirencryption']) {
// if ($_POST['forcekeyregen']) {
// exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($mailusername));
// }
// else {
// exec('sudo -u vmail /usr/bin/doveadm mailbox cryptokey password -o stats_writer_socket_path= -u ' . escapeshellarg($mailusername) . ' -n ' . escapeshellarg($newmailpw) . ' -o' . escapeshellcmd($oldmailpw));
// }
//}
header("Location: ../settings.php?success=1");
exit;
}

199
public/bin/createmailuser.php
View File

@ -21,121 +21,130 @@ try {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
if ($config['allowregistration']) {
function createmailuser($newmailusername, $newmailpw, $newmailpwrep, $admin) {
global $dbh;
global $config;
$pattern = array();
$pattern[0] = ' ';
$pattern[1] = '@';
$pattern[2] = 'roteserver';
$pattern[3] = 'roteserver.de';
$pattern[4] = 'admin';
$pattern[5] = 'noreply';
$pattern[6] = 'info';
$pattern[7] = 'webmaster';
$newmailusername = str_replace($pattern, "", $newmailusername);
$newmailusernamefull = $newmailusername . '@roteserver.de';
if (!filter_var($newmailuserfull, FILTER_VALIDATE_EMAIL)) {
// nicht ordentliche EmailAdresse
function createmailuser($newmailusername, $newmaildomainid, $newmailpw, $newmailpwrep, $admin) {
global $dbh;
global $config;
$abfrage = "SELECT domain FROM `domains` WHERE `id` LIKE :newmaildomainid";
$sth = $dbh->prepare($abfrage);
$sth->execute(array(':newmaildomainid' => $newmaildomainid));
$result = $sth->fetchAll();
$newmaildomain = $result[0]['domain'];
$pattern = array();
$pattern[0] = ' ';
$pattern[1] = '@';
if ($config['prohibadminmailcreation']) {
$pattern[2] = 'admin';
$pattern[3] = 'noreply';
$pattern[4] = 'info';
$pattern[5] = 'webmaster';
}
$newmailusername = str_replace($pattern, "", $newmailusername);
$newmailusernamefull = $newmailusername . '@' . $newmaildomain;
if (!filter_var($newmailusernamefull, FILTER_VALIDATE_EMAIL)) {
// nicht ordentliche EmailAdresse
header("Location: createmailpre.php?wrongsymbols=1");
exit;
}
if(strpos($newmailusername, "'") !== false) {
if ($admin == 1) {
header("Location: ../admin.php?fehler=Falsche Zeichen in Adresse");
exit;
} else {
header("Location: createmailpre.php?wrongsymbols=1");
exit;
}
}
if (strpos($newmailpw, "'") !== false) {
if ($admin == 1) {
header("Location: ../admin.php?fehler=Falsche Zeichen in Passwort");
exit;
} else {
header("Location: createmailpre.php?wrongsymbols=1");
exit;
}
if(strpos($newmailusername, "'") !== false) {
if ($admin == 1) {
header("Location: ../admin.php?fehler=Falsche Zeichen in Adresse");
exit;
} else {
header("Location: createmailpre.php?wrongsymbols=1");
exit;
}
}
if (strpos($newmailpw, "'") !== false) {
if ($admin == 1) {
header("Location: ../admin.php?fehler=Falsche Zeichen in Passwort");
exit;
} else {
header("Location: createmailpre.php?wrongsymbols=1");
exit;
}
}
if (strlen($newmailpw) >= 8) {
if ($newmailpw == $newmailpwrep) {
$abfrage = "SELECT 1 FROM `virtual_users` WHERE `email` = :newmailusernamefull";
$sth = $dbh->prepare($abfrage);
$sth->execute(array('newmailusernamefull' => $newmailusernamefull));
$result = $sth->fetchAll();
if ($result[0][1] !== 1) {
$newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]);
$createdtimestamp = date("Y-m-d H:i:s");
if ($config['maildirencryption']) {
$eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`, `pre-pw-key`, `pw-key`, `admin`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '1', '$createdtimestamp', '0', '0', '0')"; // Maildaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert.
$sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' =>$newmailusername));
$maildirpath = $config['mailfolderpath'] . $newmailusername;
umask(0);
mkdir($maildirpath, 0770);
exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($newmailusernamefull));
$eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `email` LIKE :newmailusernamefull";
}
else {
$eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '0', '$createdtimestamp')"; // Maildaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert.
$sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' => $newmailusername));
$maildirpath = $config['mailfolderpath'] . $newmailusername;
umask(0);
mkdir($maildirpath, 0770);
}
}
if (strlen($newmailpw) >= 8) {
if ($newmailpw == $newmailpwrep) {
$abfrage = "SELECT 1 FROM `accounts` WHERE `username` = :newmailusername AND `domain` = :newmaildomain";
$sth = $dbh->prepare($abfrage);
$sth->execute(array(':newmailusername' => $newmailusername, ':newmaildomain' => $newmaildomain));
$result = $sth->fetchAll();
print_r($result);
if ($result[0][1] !== 1) {
$newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]);
//$createdtimestamp = date("Y-m-d H:i:s");
// if ($config['maildirencryption']) {
// $eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`, `pre-pw-key`, `pw-key`, `admin`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '1', '$createdtimestamp', '0', '0', '0')"; // Maildaten in MailServer DB eintragen
// $sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert.
// $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' =>$newmailusername));
// $maildirpath = $config['mailfolderpath'] . $newmailusername;
// umask(0);
// mkdir($maildirpath, 0770);
// exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($newmailusernamefull));
// $eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `email` LIKE :newmailusernamefull";
// }
//else {
$eintrag = "INSERT INTO `accounts` (`username`, `domain`, `password`, `quota`, `enabled`, `sendonly`, `admin`) VALUES (:newmailusername, :newmaildomain, :newmailpwhashed, '2048', '1', '0', '0')"; // Maildaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':newmailusernamefull' => $newmailusernamefull));
$adminmailadress = $config['adminadress'];
$adresse = $config['domain'] . '/admin.php';
// eine Mail an den Admin verschicken, damit er die Mail freischalten kann
$sth->execute(array(':newmailusername' => $newmailusername, ':newmaildomain' => $newmaildomain, ':newmailpwhashed' => $newmailpwhashed));
//$maildirpath = $config['mailfolderpath'] . $newmailusername;
// umask(0);
// mkdir($maildirpath, 0770);
//}
//$sth = $dbh->prepare($eintrag);
//$sth->execute(array(':newmailusernamefull' => $newmailusernamefull));
$adminmailadress = $config['adminadress'];
$adresse = $config['domain'] . '/admin.php';
// eine Mail an den Admin verschicken, damit er die Mail freischalten kann
if ($config['sendactivationinfo']) {
mail($adminmailadress, "Neue Mailadresse erstellt", "Eine neue Mailadresse wurde erstellt und muss freigeschaltet werden. \n \n" . htmlspecialchars($newmailusernamefull) . "\n " . $adresse, "From: mailservice");
if ($admin == 1) {
header("Location: ../admin.php?success=1");
exit;
} else {
header("Location: ../index.php");
exit;
}
exit;
} else { // Emailadresse ist bereits registriert
if ($admin == 1) {
header("Location: ../admin.php?fehler=Mail besteht schon");
exit;
} else {
header("Location: createmailpre.php?mailalreadytaken=1");
exit;
}
}
}
else {
if ($admin == 1) {
header("Location: ../admin.php?fehler=PW nicht gleich");
header("Location: ../admin.php?success=1");
exit;
} else {
header("Location: createmailpre.php?pwnotequal=1");
header("Location: ../index.php");
exit;
}
exit;
} else { // Emailadresse ist bereits registriert
if ($admin == 1) {
header("Location: ../admin.php?fehler=Mail besteht schon");
exit;
} else {
header("Location: createmailpre.php?mailalreadytaken=1");
exit;
}
}
} else { // Passwort zu kurz
}
else {
if ($admin == 1) {
header("Location: ../admin.php?fehler=PW zu kurz");
header("Location: ../admin.php?fehler=PW nicht gleich");
exit;
} else {
header("Location: createmailpre.php?pwtooshort=1");
header("Location: createmailpre.php?pwnotequal=1");
exit;
}
}
} else { // Passwort zu kurz
if ($admin == 1) {
header("Location: ../admin.php?fehler=PW zu kurz");
exit;
} else {
header("Location: createmailpre.php?pwtooshort=1");
exit;
}
}
session_start();
if ($_SESSION['log'] == 1 AND $_SESSION['admin'] == 1) {
createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 1);
}
}
session_start();
if ($_SESSION['log'] == 1 AND $_SESSION['admin'] == 1) {
print_r($_POST);
createmailuser($_POST['newmailusername'], $_POST['newmaildomainid'], $_POST['newmailpw'], $_POST['newmailpwrep'], 1);
exit;
}
if ($config['allowregistration']) {
if ($_POST['captchacode'] == $_SESSION['captchacode']) {
createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 0);
createmailuser($_POST['newmailusername'], $_POST['newmaildomainid'], $_POST['newmailpw'], $_POST['newmailpwrep'], 0);
}
elseif ($_POST['captchacode'] != $_SESSION['captchacode']) {
header("Location: createmailpre.php?wrongcaptchacode=1");

3
public/bin/deactivatemail.php
View File

@ -24,10 +24,11 @@ try {
session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) {
$mailuserID = $_POST['mailuserID'];
$eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `id` LIKE :mailuserID";
$eintrag = "UPDATE `accounts` SET `enabled`='0' WHERE `id` LIKE :mailuserID";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':mailuserID' => $mailuserID));
header("Location: ../admin.php?success=1");
exit;
}
header("Location: ../index.php");
?>

10
public/bin/deletemail.php
View File

@ -47,15 +47,11 @@ if ($_SESSION['log'] == 1) {
else {
$mailuserID = $_SESSION['mailID'];
}
$abfrage = "SELECT `username` FROM `virtual_users` WHERE `id` = :mailuserID";
$sth = $dbh->prepare($abfrage);
$sth->execute(array('mailuserID' => $mailuserID));
$result = $sth->fetchAll();
$eintrag = "DELETE FROM `mailserver`.`virtual_users` WHERE `id` LIKE :mailuserID";
$eintrag = "DELETE FROM `accounts` WHERE `id` LIKE :mailuserID";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':mailuserID' => $mailuserID));
$maildirpath = $config['mailfolderpath'] . $result[0]['username'];
delete_directory($maildirpath);
//$maildirpath = $config['mailfolderpath'] . $result[0]['username'];
//delete_directory($maildirpath);
header("Location: ../admin.php?success=1");
exit;
}

18
public/bin/dellist.php
View File

@ -22,11 +22,23 @@ try {
echo 'Connection failed';
}
session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) {
$eintrag = "DELETE FROM `mailserver`.`virtual_aliases` WHERE `id` LIKE :maillistid";
if ($_SESSION['log'] == 1) {
if (!$_SESSION['admin']) {
$abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain AND alias_id LIKE :editlistid";
$result = $dbh->prepare($abfrage);
$result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain'], ':editlistid' => $_GET['editlistid']));
if ($result->rowCount() <= 0) {
header("Location: maillistsettings.php");
exit;
}
}
$eintrag = "DELETE FROM `aliases` WHERE `alias_id` LIKE :aliasid; DELETE FROM `alias_owner` WHERE `alias_id` LIKE :aliasid; DELETE FROM `alias_details` WHERE `id` LIKE :aliasid";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':maillistid' => $_GET['dellistid']));
$sth->execute(array(':aliasid' => $_GET['dellistid']));
header("Location: maillistsettings.php");
exit;
} else {
header("Location: ../index.php");
exit;
}
?>

38
public/bin/editlist.php
View File

@ -22,11 +22,43 @@ try {
echo 'Connection failed';
}
session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) {
$eintrag = "UPDATE `virtual_aliases` SET `source` = :newsource, `destination` = :newdestination, `owner` = :newowner, `private` = :newprivate, `name` = :newname WHERE `id` LIKE :editlistid";
if ($_SESSION['log'] == 1) {
if (!$_SESSION['admin']) {
$abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain AND alias_id LIKE :editlistid";
$result = $dbh->prepare($abfrage);
$result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain'], ':editlistid' => $_POST['editlistid']));
if ($result->rowCount() <= 0) {
header("Location: maillistsettings.php");
exit;
}
}
$newlistowner = explode('@', $_POST['newlistowner']);
$eintrag = "UPDATE `alias_details` SET `name` = :newlistname, `owners` = :owners, `destinations` = :destinations, `security` = :security WHERE `id` LIKE :editlistid"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array('newsource' => $_POST['newlistsource'], 'newdestination' => $_POST['newlistdestination'], 'newowner' => $_POST['newlistownerid'], 'newprivate' => $_POST['newlistprivate'], 'newname' => $_POST['newlistname'], 'editlistid' => $_POST['editlistid']));
$sth->execute(array(':newlistname' => $_POST['newlistname'], ':owners' => $_POST['newlistowners'], ':destinations' => $_POST['newlistdestinations'], ':security' => $_POST['newlistsecurity'], ':editlistid' => $_POST['editlistid']));
$newlistsource = explode('@', $_POST['newlistsource']);
$eintrag = "DELETE FROM `alias_owner` WHERE `alias_id` LIKE :aliasid";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $_POST['editlistid']));
foreach (explode(' ', $_POST['newlistowners']) as $maillistowner) {
$maillistownerex = explode('@', $maillistowner);
$eintrag = "INSERT INTO `alias_owner` (`alias_id`, `owner_username`, `owner_domain`) VALUES (:aliasid, :owner_username, :owner_domain)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $_POST['editlistid'], ':owner_username' => $maillistownerex[0], ':owner_domain' => $maillistownerex[1]));
}
$eintrag = "DELETE FROM `aliases` WHERE `alias_id` LIKE :aliasid";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $_POST['editlistid']));
foreach (explode(' ', $_POST['newlistdestinations']) as $maillistdestination) {
$maillistdestinationex = explode('@', $maillistdestination);
$eintrag = "INSERT INTO `aliases` (`alias_id`, `source_username`, `source_domain`, `destination_username`, `destination_domain`) VALUES (:aliasid, :source_username, :source_domain, :destination_username, :destination_domain)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $_POST['editlistid'], ':source_username' => $newlistsource[0], ':source_domain' => $newlistsource[1], ':destination_username' => $maillistdestinationex[0], ':destination_domain' => $maillistdestinationex[1]));
}
header("Location: maillistsettings.php");
exit;
} else {
header("Location: ../index.php");
exit;
}
?>

50
public/bin/editlistpre.php
View File

@ -22,40 +22,53 @@ try {
echo 'Connection failed';
}
session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) {
if ($_SESSION['log']) {
if (!$_SESSION['admin']) {
$abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain AND alias_id LIKE :editlistid";
$result = $dbh->prepare($abfrage);
$result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain'], ':editlistid' => $_GET['editlistid']));
if ($result->rowCount() <= 0) {
header("Location: maillistsettings.php");
exit;
}
}
echo '<html>
<head>
<title>Mailliste editieren</title>
</head>
<body>
<a href="maillistsettings.php"><h3>Zurück zur Maillistoberfläche (Editieren abbrechen)</h3></a><br>';
$abfrage = "SELECT `source`, `destination`, `owner`, `private`, `name` FROM `virtual_aliases` WHERE `id` LIKE :editlistid";
$abfrage = "SELECT `name`, `owners`, `security` FROM `alias_details` WHERE `id` LIKE :editlistid";
$result = $dbh->prepare($abfrage);
$result->execute(array('editlistid' => $_GET['editlistid']));
$result->execute(array(':editlistid' => $_GET['editlistid']));
while ($lists = $result->fetch()) {
$abfrage2 = "SELECT `source_username`, `source_domain` FROM `aliases` WHERE `alias_id` LIKE :aliasid";
$result2 = $dbh->prepare($abfrage2);
$result2->execute(array(':aliasid' => $_GET['editlistid']));
$listdetails = $result2->fetch();
echo'
<form name="editlist" method=POST action="editlist.php">
<label>Listenname:<input name="newlistname" type="text" placeholder="Listenname" value="' . $lists['name'] . '"/></label>
<label>Listenadresse:<input name="newlistsource" type="text" placeholder="Listenadresse" value="' . $lists['source'] . '"/></label>
<label>Listenbesitzer:<select name="newlistownerid">';
$abfrage = "SELECT `id`, `email` FROM `virtual_users`";
$result = $dbh->query($abfrage);
while ($emails = $result->fetch()) {
echo '<option value="' . $emails['id'] . '" ';
if ($emails['id'] == $lists['owner']) echo ' selected';
echo '>' . $emails['email'] . '</option>';
<label>Listenadresse:<input name="newlistsource" type="text" placeholder="Listenadresse" value="' . $listdetails['source_username'] . '@' . $listdetails['source_domain'] . '"/></label>
<label>Listenbesitzer:<textarea rows="1" cols="50" name="newlistowners">' . $lists['owners'] . '</textarea></label><br>
<label>Listenempfänger (durch Leerzeichen getrennt):<br><textarea rows="4" cols="50" name="newlistdestinations">';
$abfrage3 = "SELECT `destination_username`, `destination_domain` FROM `aliases` WHERE `alias_id` LIKE :aliasid";
$result3 = $dbh->prepare($abfrage3);
$result3->execute(array(':aliasid' => $_GET['editlistid']));
$listdestinations = "";
while ($listdestination = $result3->fetch()) {
$listdestinations = $listdestinations . $listdestination['destination_username'] . '@' . $listdestination['destination_domain'] . ' ';
}
echo '</select></label><br>
<label>Listenempfänger (durch Leerzeichen getrennt):<br><textarea rows="4" cols="50" name="newlistdestination">' . $lists['destination'] . '</textarea></label>
<label>Listensicherheitseinstellungen:<select name="newlistprivate">
echo substr($listdestinations, 0, -1) . '</textarea></label>
<label>Listensicherheitseinstellungen:<select name="newlistsecurity">
<option value="0"';
if ($lists['private'] == 0) echo ' selected';
if ($lists['security'] == 0) echo ' selected';
echo '>0 (Jeder kann Mails an die Liste schicken)</option>
<option value="1"';
if ($lists['private'] == 1) echo ' selected';
if ($lists['security'] == 1) echo ' selected';
echo '>1 (Mitglieder der Liste können Mails an die Liste schicken)</option>
<option value="2"';
if ($lists['private'] == 2) echo ' selected';
if ($lists['security'] == 2) echo ' selected';
echo '>2 (Der Besitzer der Liste kann Mails an die Liste schicken)</option>
</select></label><br>
<input type="hidden" name="editlistid" value="' . $_GET['editlistid'] . '"/>
@ -63,5 +76,8 @@ if ($_SESSION['log'] == 1 && $_SESSION['admin']) {
</body>
</html>';
}
} else {
header("Location: ../index.php");
exit;
}
?>

94
public/bin/maillistsettings.php
View File

@ -22,46 +22,82 @@ try {
echo 'Connection failed';
}
session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) {
if ($_SESSION['log'] == 1) {
if (!$_SESSION['admin']) {
$aliasids = "";
$abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain";
$result = $dbh->prepare($abfrage);
$result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain']));
if ($result->rowCount() <= 0) {
header("Location: ../settings.php");
exit;
}
while ($aliases = $result->fetch()) {
$aliasids = $aliasids . $aliases['alias_id'] . '|';
}
}
echo '<html>
<head>
<title>Maillist Einstellung</title>
</head>
<body>
<h2>Maillinglisten Einstellungen</h2>
<a href="../admin.php"><h3>Zurück zur Adminoberfläche</h3></a><br>
<form name="addmaillist" method=POST action="addmaillist.php">
<label>Listenname:<input name="maillistname" type="text" placeholder="Listenname"/></label>
<label>Listenadresse:<input name="maillistsource" type="text" placeholder="Listenadresse"/></label>
<label>Listenbesitzer:<select name="maillistownerid">';
$abfrage = "SELECT `id`, `email` FROM `virtual_users`";
$result = $dbh->query($abfrage);
while ($emails = $result->fetch()) {
echo '<option value="' . $emails['id'] . '">' . $emails['email'] . '</option>';
<h2>Maillinglisten Einstellungen</h2>';
if ($_SESSION['admin']) {
echo '<a href="../admin.php"><h3>Zurück zur Adminoberfläche</h3></a><br>
<h3>Mailliste hinzufügen</h3>
<form name="addmaillist" method=POST action="addmaillist.php">
<label>Listenname:<input name="newlistname" type="text" placeholder="Listenname"/></label>
<label>Listenadresse:<input name="newlistsourceadress" type="text" placeholder="Listenadresse"/>@<select name="newlistsourcedomain">';
$abfrage = "SELECT `id`, `domain` FROM `domains`";
$result = $dbh->query($abfrage);
while ($domains = $result->fetch()) {
echo '<option value="' . $domains['domain'] . '">' . $domains['domain'] . '</option>';
}
echo '</select></label>
<label>Listenbesitzer:<textarea rows="1" cols="50" name="newlistowners"></textarea></label><br>
<label>Listenempfänger (durch Leerzeichen getrennt):<br><textarea rows="4" cols="50" name="newlistdestinations"></textarea></label>
<label>Listensicherheitseinstellungen:<select name="newlistsecurity">
<option value="0">0 (Jeder kann Mails an die Liste schicken)</option>
<option value="1">1 (Mitglieder und Besitzer der Liste können Mails an die Liste schicken)</option>
<option value="2">2 (Nur Besitzer der Liste können Mails an die Liste schicken)</option>
</select></label><br>
<input type="submit" name="submit" value="Hinzufügen"/>
<br><h3>Bestehende Listen:</h3>';
}
else {
echo '<a href="../settings.php"><h3>Zurück</h3></a><br><h3>Meine bestehenden Listen:</h3>';
}
if ($_SESSION['admin']) {
$abfrage = "SELECT `id`, `name`, `owners`, `destinations`, `security` FROM `alias_details`";
$result = $dbh->query($abfrage);
}
else {
$abfrage = "SELECT `id`, `name`, `owners`, `destinations`, `security` FROM `alias_details` WHERE `id` REGEXP :aliasid";
$result = $dbh->prepare($abfrage);
$result->execute(array(':aliasid' => substr($aliasids, 0, -1)));
}
echo '</select></label><br>
<label>Listenempfänger (durch Leerzeichen getrennt):<br><textarea rows="4" cols="50" name="maillistadresses"></textarea></label>
<label>Listensicherheitseinstellungen:<select name="listprivate">
<option value="0">0 (Jeder kann Mails an die Liste schicken)</option>
<option value="1">1 (Mitglieder der Liste können Mails an die Liste schicken)</option>
<option value="2">2 (Der Besitzer der Liste kann Mails an die Liste schicken)</option>
</select></label><br>
<input type="submit" name="submit" value="Hinzufügen"/>
<br>
<h3>Bestehende Listen:</h3>
';
$abfrage = "SELECT `id`, `source`, `destination`, `owner`, `private`, `name` FROM `virtual_aliases`";
$result = $dbh->query($abfrage);
echo '<table style="text-align: center; vertical-align: middle;"><tr><th>Listenname</th><th>Listenadresse</th><th>Listenempfänger</th><th>Listenbesitzer</th><th>Listensicherheit</th><th>Optionen</th></tr>';
while ($lists = $result->fetch()) {
$abfrage2 = "SELECT `email` FROM `virtual_users` WHERE `id` LIKE :ownerid";
$sth = $dbh->prepare($abfrage2);
$sth->execute(array('ownerid' => $lists['owner']));
$result2 = $sth->fetchAll();
echo '<tr><td>' . $lists['name'] . '</td><td>' . $lists['source'] . '</td><td>' . $lists['destination'] . '</td><td>' . $result2[0]['email'] . '</td><td>' . $lists['private'] . '</td><td><a href="dellist.php?dellistid=' . $lists['id'] . '">Löschen</a><br><a href="editlistpre.php?editlistid=' . $lists['id'] . '">Editieren</a></td></tr>';
$abfrage2 = "SELECT `source_username`, `source_domain` FROM `aliases` WHERE `alias_id` LIKE :aliasid";
$result2 = $dbh->prepare($abfrage2);
$result2->execute(array(':aliasid' => $lists['id']));
$listdetails = $result2->fetch();
echo '<tr><td>' . $lists['name'] . '</td><td>' . $listdetails['source_username'] . '@' . $listdetails['source_domain'] . '</td><td>';
foreach (explode(' ', $lists['destinations']) as $destination) {
echo $destination . '<br>';
}
echo '</td><td>';
foreach (explode(' ', $lists['owners']) as $owner) {
echo $owner . '<br>';
}
echo '</td><td>' . $lists['security'] . '</td><td><a href="dellist.php?dellistid=' . $lists['id'] . '">Löschen</a><br><a href="editlistpre.php?editlistid=' . $lists['id'] . '">Editieren</a></td></tr>';
}
echo '</table>';
echo '</body>
</html>';
}
else {
header("Location: ../index.php");
exit;
}
?>

65
public/bin/unsubmaillist.php Normal file
View File

@ -0,0 +1,65 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
$eintrag = "DELETE FROM `alias_del_requests` WHERE DATEDIFF(NOW(), `created`) > :datediff";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':datediff' => $config['deletedelrequestdaydiff']));
if (isset($_GET['token'])) {
$abfrage = "SELECT `alias_id`, `destination_username`, `destination_domain` FROM `alias_del_requests` WHERE `token` LIKE :token";
$result = $dbh->prepare($abfrage);
$result->execute(array(':token' => $_GET['token']));
if ($result->rowCount() > 0) {
$daten = $result->fetch();
$aliasid = $daten['alias_id'];
$destination_username = $daten['destination_username'];
$destination_domain = $daten['destination_domain'];
$eintrag = "DELETE FROM `aliases` WHERE `alias_id` LIKE :aliasid AND `destination_username` LIKE :destination_username AND `destination_domain` LIKE :destination_domain";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $aliasid, ':destination_username' => $destination_username, ':destination_domain' => $destination_domain));
// Destinationszeile neu generieren (würde bestimmt einfacher gehen)
$abfrage2 = "SELECT `destination_username`, `destination_domain` FROM `aliases` WHERE `alias_id` LIKE :aliasid";
$result2 = $dbh->prepare($abfrage2);
$result2->execute(array(':aliasid' => $aliasid));
$listdestinations = "";
while ($listdestination = $result2->fetch()) {
$listdestinations = $listdestinations . $listdestination['destination_username'] . '@' . $listdestination['destination_domain'] . ' ';
}
$eintrag = "UPDATE `alias_details` SET `destinations` = :destinations WHERE `id` LIKE :aliasid";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':destinations' => substr($listdestinations, 0, -1), ':aliasid' => $aliasid));
$eintrag = "DELETE FROM `alias_del_requests` WHERE `token` LIKE :token";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':token' => $_GET['token']));
print_r($_GET['token']);
header("Location: ../unsub.php?success=1");
exit;
} else {
header("Location: ../unsub.php?unknowntoken=1");
exit;
}
} else {
header("Location: ../index.php");
exit;
}
?>

77
public/bin/unsubmaillistpre.php Normal file
View File

@ -0,0 +1,77 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
require '../vendor/autoload.php';
$config = parse_ini_file('../../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
$destination = explode('@', $_POST['destination_adress']);
$source = explode('@', $_POST['source_adress']);
$abfrage = "SELECT `alias_id` FROM `aliases` WHERE `source_username` LIKE :source_username AND `source_domain` LIKE :source_domain AND `destination_username` LIKE :destination_username AND `destination_domain` LIKE :destination_domain";
$result = $dbh->prepare($abfrage);
$result->execute(array(':source_username' => $source[0], ':source_domain' => $source[1], ':destination_username' => $destination[0], ':destination_domain' => $destination[1]));
if ($result->rowCount() > 0) {
$aliasid = $result->fetch()['alias_id'];
$eintrag = "DELETE FROM `alias_del_requests` WHERE `alias_id` LIKE :aliasid AND `destination_username` LIKE :destination_username AND `destination_domain` LIKE :destination_domain";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $aliasid, ':destination_username' => $destination[0], ':destination_domain' => $destination[1])); // eventuell bestehenden Token löschen
$token = bin2hex(openssl_random_pseudo_bytes(16)); // Token zur abmeldung erstellen
$date = date("Y-m-d H:i:s"); // Datum der Tokenerstellung für automatische löschung speichern
$eintrag = "INSERT INTO `alias_del_requests` (`alias_id`, `destination_username`, `destination_domain`, `token`, `created`) VALUES (:aliasid, :destination_username, :destination_domain, :token, :created)";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $aliasid, ':destination_username' => $destination[0], ':destination_domain' => $destination[1], ':token' => $token, ':created' => $date));
$mail = new PHPMailer(true);
try {
$mail->CharSet = 'UTF-8';
$mail->Encoding = 'base64';
//Server settings
$mail->SMTPDebug = 0;
$mail->isSMTP(); // Set mailer to use SMTP
$mail->Host = $config['mailsmtpserver']; // Specify main and backup SMTP servers
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = $config['mailadress']; // SMTP username
$mail->Password = $config['mailpw']; // SMTP password
$mail->SMTPSecure = 'tls';
$mail->Port = 587; // TCP port to connect to
//Recipients
$mail->setFrom($config['mailadress']);
$mail->addAddress($_POST['destination_adress']);
// Content
$mail->isHTML(true);
$mail->Subject = 'Aus Liste ' . htmlspecialchars($_POST['source_adress']) . ' abmelden';
$mail->Body = 'Eine Anfrage zur Abmeldung dieser Adresse aus ' . htmlspecialchars($_POST['source_adress']) . ' wurde erstellt.<br><a href="https://mail.cloud.sdaj.org/bin/unsubmaillist.php?token=' . $token . '">Abmeldung abschließen</a>' . '<br>Der Link ist 2 Tage gültig<br>Schade, dass du gehst. Bis dahin.';
$mail->AltBody = 'Eine Anfrage zur Abmeldung dieser Adresse aus ' . htmlspecialchars($_POST['source_adress']) . ' wurde erstellt. Hier kannst du die Abmeldung abschließen: https://mail.cloud.sdaj.org/bin/unsubmaillist.php?token=' . $token . 'Der Link ist 2 Tage gültig Schade, dass du gehst. Bis dahin.';
$mail->send();
} catch (Exception $e) {
echo "Message could not be sent.";
}
header("Location: ../unsub.php?mailsent=1");
exit;
}
else {
header("Location: ../unsub.php?unknown=1");
exit;
}
?>

2
public/index.php
View File

@ -35,7 +35,7 @@ if (!isset($_SESSION['log']) OR $_SESSION['log'] != 1) {
echo '<h3>Neues Konto erstellen:</h3>
<a href="bin/createmailpre.php"><button>Kontoerstellung</button></a>';
}
echo '
echo '<a href="unsub.php">Von einer Maillingliste abmelden</a>
</body>
</html>
';

10
public/login.php
View File

@ -22,18 +22,18 @@ try {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
$user = $_POST['username'];
$user = explode('@', $_POST['username']);
$pw = $_POST['password'];
$abfrage = "SELECT `id`, `password`, `email`, `username`, `admin` FROM `virtual_users` WHERE `email` = :username AND `active`='1'";
$abfrage = "SELECT `id`, `password`, `admin` FROM `accounts` WHERE `username` = :username AND `domain` = :domain AND `enabled`='1'";
$sth = $dbh->prepare($abfrage);
$sth->execute(array(':username' => $user));
$sth->execute(array(':username' => $user[0], ':domain' => $user[1]));
$userdata = $sth->fetchAll();
if ($sth->rowCount() > 0) {
if (password_verify($pw, $userdata[0]['password'])) {
$_SESSION['log'] = 1;
$_SESSION['username'] = $userdata[0]['username'];
$_SESSION['email'] = $userdata[0]['email'];
$_SESSION['username'] = $user[0];
$_SESSION['domain'] = $user[1];
$_SESSION['admin'] = $userdata[0]['admin'];
$_SESSION['mailID'] = $userdata[0]['id'];
header("Location: settings.php");

33
public/settings.php
View File

@ -25,10 +25,15 @@ session_start();
if ($_SESSION['log'] == 1) {
echo '<html>
<head>
<title>Roteserver - Mail Settings</title>
<title>Mail Settings</title>
</head>
<body>
<h1>Mail Settings:</h1>';
<h1>Mail Settings:</h1><p>Guten Tag, ' . $_SESSION['username'] . '@' . $_SESSION['domain'] . '</p>';
$randval = rand(0, 99);
echo '<!-- '. $randval . ' -->';
if (rand(0,99) == 42) {
echo '<img src="img/mailcat.gif"/><br>';
}
if (isset($_GET['success'])) {
echo '<p>Erfolgreich geändert.</p>';
}
@ -36,17 +41,27 @@ if ($_SESSION['log'] == 1) {
echo '<h3>Passwörter nicht gleich!</h3>';
}
if ($_SESSION['admin'] == 1) {
echo '<a href="admin.php"><p>Admin-Settings</p></a>';
echo '<a href="admin.php"><p>Admin-Settings (inklusive Maillisten)</p></a>';
}
else {
$abfrage = "SELECT `alias_id` FROM `alias_owner` WHERE `owner_username` LIKE :owner_username AND `owner_domain` LIKE :owner_domain";
$result = $dbh->prepare($abfrage);
$result->execute(array(':owner_username' => $_SESSION['username'], ':owner_domain' => $_SESSION['domain']));
if ($result->rowCount() > 0) {
echo '<a href="bin/maillistsettings.php"><p>Meine Maillisten verwalten</p></a>';
}
}
echo '<a href="logout.php"><button>Logout</button></a>';
echo '<h3>Passwort ändern:</h3>
<form name="changemailpw" method=POST action="bin/changemailpw.php">
<label>Altes Passwort<input type="password" name="oldmailpw"/></label>
<label>Neues Passwort<input type="password" name="newmailpw"/>(min. 8 Zeichen, benutze nicht ' . "'" . ')</label>
<label>Neue Passwort wiederholen<input type="password" name="newmailpwrep"/></label>
<label><p style="font-size: x-small">Schlüssel-Neuerstellung erzwingen</p><p style="font-size: small">ACHTUNG! Alle alten Mails werden dann wahrscheinlich nicht mehr lesbar sein!<input type="checkbox" name="forcekeyregen"/></p></label>
<input type="submit" value="Abschicken"/>
<h3>Mailadresse löschen:</h3>
<label>Altes Passwort: <input type="password" name="oldmailpw"/></label>
<label>Neues Passwort: <input type="password" name="newmailpw"/>(min. 8 Zeichen, benutze nicht ' . "'" . ')</label>
<label>Neue Passwort wiederholen: <input type="password" name="newmailpwrep"/></label>';
if ($config['maildirencryption']) {
echo '<label><p style="font-size: x-small">Schlüssel-Neuerstellung erzwingen</p><p style="font-size: small">ACHTUNG! Alle alten Mails werden dann wahrscheinlich nicht mehr lesbar sein!<input type="checkbox" name="forcekeyregen"/></p></label>';
}
echo '<input type="submit" value="Abschicken"/>
<h3>Diese Mailadresse löschen:</h3>
<form name="deletemail" method=POST action="bin/deletemail.php">
<input type="submit" value="LÖSCHEN"/>
</form>';

56
public/unsub.php Normal file
View File

@ -0,0 +1,56 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
$eintrag = "DELETE FROM `alias_del_requests` WHERE DATEDIFF(NOW(), `created`) > :datediff";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':datediff' => $config['deletedelrequestdaydiff']));
echo '<html>
<head>
<title>Abmelden</title>
</head>
<body>';
if (isset($_GET['unknown'])) {
echo '<p>Diese Adresse ist dieser Liste nicht zugeordnet</p>';
}
if (isset($_GET['unknowntoken'])) {
echo '<p>Unbekannter Abmeldetoken. Erneut veruschen?</p>';
}
if (isset($_GET['mailsent'])) {
echo '<h3>Wir haben dir eine Email mit einem Link zur Bestätigung deiner Abmeldung geschickt. Der Link in der Mail ist 2 Tage gültig</h3>';
}
if (isset($_GET['success'])) {
echo '<p>Erfolgreich abgemeldet</p>';
}
echo '<h2>Mailliste Abmeldung:</h2>
<form method="POST" action="bin/unsubmaillistpre.php">
<label>Maillistadresse: <input name="source_adress" type="text"';
if (isset($_GET['maillist'])) {
echo 'value="' . htmlspecialchars($_GET['maillist']) . '" readonly="true"';
}
echo '/></label>
<label>Nutzeradresse: <input name="destination_adress" type="text"/></label>
<input name="Submit" type="submit" value="Abmelden"/>
</form>';
echo '</body>
</html>';
?>