diff --git a/private/config.ini b/private/config.ini index faf22c8..24f8589 100644 --- a/private/config.ini +++ b/private/config.ini @@ -7,4 +7,5 @@ dbname = [misc] mailfolderpath = maildirencryption = -captcha = \ No newline at end of file +captcha = +allowregistration = \ No newline at end of file diff --git a/public/admin.php b/public/admin.php index 84232e9..34fa856 100644 --- a/public/admin.php +++ b/public/admin.php @@ -77,6 +77,7 @@ if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) { echo ' +

Maillisten Einstellungen

 '; exit; diff --git a/public/bin/activatemail.php b/public/bin/activatemail.php index e4b2258..018ce31 100644 --- a/public/bin/activatemail.php +++ b/public/bin/activatemail.php @@ -22,7 +22,7 @@ try { echo 'Connection failed'; } session_start(); -if ($_SESSION['log'] == 1) { +if ($_SESSION['log'] == 1 && $_SESSION['admin']) { $mailuserID = $_POST['mailuserID']; $eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='1' WHERE `id` LIKE :mailuserID"; $sth = $dbh->prepare($eintrag); diff --git a/public/bin/addmaillist.php b/public/bin/addmaillist.php new file mode 100644 index 0000000..d873648 --- /dev/null +++ b/public/bin/addmaillist.php @@ -0,0 +1,32 @@ +. */ +$config = parse_ini_file('../../private/config.ini'); +try { + $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); +} catch (PDOException $e) { + //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen + echo 'Connection failed'; +} +session_start(); +if ($_SESSION['log'] == 1 && $_SESSION['admin']) { + $eintrag = "INSERT INTO `virtual_aliases` (`domain_id`, `source`, `destination`, `owner`, `private`, `name`) VALUES (1, :source, :destination, :owner, :private, :name)"; // Aliasdaten in MailServer DB eintragen + $sth = $dbh->prepare($eintrag); + $sth->execute(array('source' => $_POST['maillistsource'], 'destination' => $_POST['maillistadresses'], 'owner' => $_POST['maillistownerid'], 'private' => $_POST['listprivate'], 'name' => $_POST['maillistname'])); + } + header("Location: maillistsettings.php"); + exit; +?> \ No newline at end of file diff --git a/public/bin/changemailpw.php b/public/bin/changemailpw.php index 65ba0a4..b37cc5c 100644 --- a/public/bin/changemailpw.php +++ b/public/bin/changemailpw.php @@ -42,7 +42,6 @@ if ($_SESSION['log'] == 1) { $eintrag = "UPDATE `virtual_users` SET `password` = :newmailpwhashed WHERE `email` LIKE :mailusername"; $sth = $dbh->prepare($eintrag); $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'mailusername' => $mailusername)); - $eintragen = mysqli_query($link, $eintrag); if ($config['maildirencryption']) { if ($_POST['forcekeyregen']) { exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($mailusername)); diff --git a/public/bin/createmailpre.php b/public/bin/createmailpre.php index 13affcb..eb67b94 100644 --- a/public/bin/createmailpre.php +++ b/public/bin/createmailpre.php @@ -22,38 +22,43 @@ try { echo 'Connection failed'; } session_start(); -if (!isset($_SESSION['log']) or $_SESSION['log'] != 1) { - echo'

Emailadresse hinzufügen:

- '; - if (isset($_GET['wrongcaptchacode']) AND $config['captcha']) { - echo '

Captcha falsch

'; +if ($config['allowregistration']) { + if (!isset($_SESSION['log']) or $_SESSION['log'] != 1) { + echo'

Emailadresse hinzufügen:

+ '; + if (isset($_GET['wrongcaptchacode']) AND $config['captcha']) { + echo '

Captcha falsch

'; + } + if (isset($_GET['pwtooshort'])) { + echo '

Passwort zu kurz. Bitte mindestens 8 Zeichen

'; + } + if (isset($_GET['mailalreadytaken'])) { + echo '

Diese Mailadresse besteht leider schon

'; + } + if (isset($_GET['pwnotequal'])) { + echo '

Passwörter nicht gleich!

'; + } + if (isset($_GET['wrongsymbols'])) { + echo '

Verbotene Symbole in Passwort oder Adresse enthalten!

'; + } + echo '
+ + + '; + if ($config['captcha']) { + echo ''; + } + echo ' +
+

Dein Konto muss erst freigeschaltet werden, bevor du es benutzen kannst.

'; + exit; } - if (isset($_GET['pwtooshort'])) { - echo '

Passwort zu kurz. Bitte mindestens 8 Zeichen

'; + else { + header("Location: ../settings.php"); } - if (isset($_GET['mailalreadytaken'])) { - echo '

Diese Mailadresse besteht leider schon

'; - } - if (isset($_GET['pwnotequal'])) { - echo '

Passwörter nicht gleich!

'; - } - if (isset($_GET[ 'wrongsymbols'])) { - echo '

Verbotene Symbole in Passwort oder Adresse enthalten!

'; - } - echo '
- - - '; - if ($config['captcha']) { - echo ''; - } - echo ' -
-

Dein Konto muss erst freigeschaltet werden, bevor du es benutzen kannst.

'; - exit; } else { - header("Location: ../settings.php"); + header("Location: ../index.php"); } ?> \ No newline at end of file diff --git a/public/bin/createmailuser.php b/public/bin/createmailuser.php index 679c402..4b1c1f7 100644 --- a/public/bin/createmailuser.php +++ b/public/bin/createmailuser.php @@ -21,118 +21,129 @@ try { //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen echo 'Connection failed'; } -function createmailuser($newmailusername, $newmailpw, $newmailpwrep, $admin) { - global $dbh; - global $config; - $pattern = array(); - $pattern[0] = ' '; - $pattern[1] = '@'; - $pattern[2] = 'roteserver'; - $pattern[3] = 'roteserver.de'; - $pattern[4] = 'admin'; - $pattern[5] = 'noreply'; - $pattern[6] = 'info'; - $pattern[7] = 'webmaster'; - $newmailusername = str_replace($pattern, "", $newmailusername); - $newmailusernamefull = $newmailusername . '@roteserver.de'; - if(strpos($newmailusername, "'") !== false) { - if ($admin == 1) { - header("Location: ../admin.php?fehler=Falsche Zeichen in Adresse"); - exit; - } else { - header("Location: createmailpre.php?wrongsymbols=1"); - exit; - } - } - if (strpos($newmailpw, "'") !== false) { - if ($admin == 1) { - header("Location: ../admin.php?fehler=Falsche Zeichen in Passwort"); - exit; - } else { +if ($config['allowregistration']) { + + function createmailuser($newmailusername, $newmailpw, $newmailpwrep, $admin) { + global $dbh; + global $config; + $pattern = array(); + $pattern[0] = ' '; + $pattern[1] = '@'; + $pattern[2] = 'roteserver'; + $pattern[3] = 'roteserver.de'; + $pattern[4] = 'admin'; + $pattern[5] = 'noreply'; + $pattern[6] = 'info'; + $pattern[7] = 'webmaster'; + $newmailusername = str_replace($pattern, "", $newmailusername); + $newmailusernamefull = $newmailusername . '@roteserver.de'; + if (!filter_var($newmailuserfull, FILTER_VALIDATE_EMAIL)) { + // nicht ordentliche EmailAdresse header("Location: createmailpre.php?wrongsymbols=1"); exit; } - } - if (strlen($newmailpw) >= 8) { - if ($newmailpw == $newmailpwrep) { - $abfrage = "SELECT 1 FROM `virtual_users` WHERE `email` = :newmailusernamefull"; - $sth = $dbh->prepare($abfrage); - $sth->execute(array('newmailusernamefull' => $newmailusernamefull)); - $result = $sth->fetchAll(); - if ($result[0][1] !== 1) { - $newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]); - $createdtimestamp = date("Y-m-d H:i:s"); - if ($config['maildirencryption']) { - $eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`, `pre-pw-key`, `pw-key`, `admin`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '1', '$createdtimestamp', '0', '0', '0')"; // Maildaten in MailServer DB eintragen - $sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert. - $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' =>$newmailusername)); - $maildirpath = $config['mailfolderpath'] . $newmailusername; - umask(0); - mkdir($maildirpath, 0770); - exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($newmailusernamefull)); - $eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `email` LIKE :newmailusernamefull"; - } - else { - $eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '0', '$createdtimestamp')"; // Maildaten in MailServer DB eintragen - $sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert. - $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' => $newmailusername)); - $maildirpath = $config['mailfolderpath'] . $newmailusername; - umask(0); - mkdir($maildirpath, 0770); - } - $sth = $dbh->prepare($eintrag); - $sth->execute(array(':newmailusernamefull' => $newmailusernamefull)); - $adminmailadress = $config['adminadress']; - $adresse = $config['domain'] . '/admin.php'; - // eine Mail an den Admin verschicken, damit er die Mail freischalten kann - mail($adminmailadress, "Neue Mailadresse erstellt", "Eine neue Mailadresse wurde erstellt und muss freigeschaltet werden. \n \n" . htmlspecialchars($newmailusernamefull) . "\n " . $adresse, "From: mailservice"); - if ($admin == 1) { - header("Location: ../admin.php?success=1"); - exit; - } else { - header("Location: ../index.php"); - exit; - } - exit; - } else { // Emailadresse ist bereits registriert - if ($admin == 1) { - header("Location: ../admin.php?fehler=Mail besteht schon"); - exit; - } else { - header("Location: createmailpre.php?mailalreadytaken=1"); - exit; - } - } - } - else { + if(strpos($newmailusername, "'") !== false) { if ($admin == 1) { - header("Location: ../admin.php?fehler=PW nicht gleich"); + header("Location: ../admin.php?fehler=Falsche Zeichen in Adresse"); exit; } else { - header("Location: createmailpre.php?pwnotequal=1"); + header("Location: createmailpre.php?wrongsymbols=1"); + exit; + } + } + if (strpos($newmailpw, "'") !== false) { + if ($admin == 1) { + header("Location: ../admin.php?fehler=Falsche Zeichen in Passwort"); + exit; + } else { + header("Location: createmailpre.php?wrongsymbols=1"); exit; } } - } else { // Passwort zu kurz - if ($admin == 1) { - header("Location: ../admin.php?fehler=PW zu kurz"); - exit; - } else { - header("Location: createmailpre.php?pwtooshort=1"); - exit; + if (strlen($newmailpw) >= 8) { + if ($newmailpw == $newmailpwrep) { + $abfrage = "SELECT 1 FROM `virtual_users` WHERE `email` = :newmailusernamefull"; + $sth = $dbh->prepare($abfrage); + $sth->execute(array('newmailusernamefull' => $newmailusernamefull)); + $result = $sth->fetchAll(); + if ($result[0][1] !== 1) { + $newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]); + $createdtimestamp = date("Y-m-d H:i:s"); + if ($config['maildirencryption']) { + $eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`, `pre-pw-key`, `pw-key`, `admin`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '1', '$createdtimestamp', '0', '0', '0')"; // Maildaten in MailServer DB eintragen + $sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert. + $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' =>$newmailusername)); + $maildirpath = $config['mailfolderpath'] . $newmailusername; + umask(0); + mkdir($maildirpath, 0770); + exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($newmailusernamefull)); + $eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `email` LIKE :newmailusernamefull"; + } + else { + $eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '0', '$createdtimestamp')"; // Maildaten in MailServer DB eintragen + $sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert. + $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' => $newmailusername)); + $maildirpath = $config['mailfolderpath'] . $newmailusername; + umask(0); + mkdir($maildirpath, 0770); + } + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':newmailusernamefull' => $newmailusernamefull)); + $adminmailadress = $config['adminadress']; + $adresse = $config['domain'] . '/admin.php'; + // eine Mail an den Admin verschicken, damit er die Mail freischalten kann + mail($adminmailadress, "Neue Mailadresse erstellt", "Eine neue Mailadresse wurde erstellt und muss freigeschaltet werden. \n \n" . htmlspecialchars($newmailusernamefull) . "\n " . $adresse, "From: mailservice"); + if ($admin == 1) { + header("Location: ../admin.php?success=1"); + exit; + } else { + header("Location: ../index.php"); + exit; + } + exit; + } else { // Emailadresse ist bereits registriert + if ($admin == 1) { + header("Location: ../admin.php?fehler=Mail besteht schon"); + exit; + } else { + header("Location: createmailpre.php?mailalreadytaken=1"); + exit; + } + } + } + else { + if ($admin == 1) { + header("Location: ../admin.php?fehler=PW nicht gleich"); + exit; + } else { + header("Location: createmailpre.php?pwnotequal=1"); + exit; + } + } + } else { // Passwort zu kurz + if ($admin == 1) { + header("Location: ../admin.php?fehler=PW zu kurz"); + exit; + } else { + header("Location: createmailpre.php?pwtooshort=1"); + exit; + } } } + session_start(); + if ($_SESSION['log'] == 1 AND $_SESSION['admin'] == 1) { + createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 1); + } + if ($_POST['captchacode'] == $_SESSION['captchacode']) { + createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 0); + } + elseif ($_POST['captchacode'] != $_SESSION['captchacode']) { + header("Location: createmailpre.php?wrongcaptchacode=1"); + exit; + } + header("Location: ../index.php"); } -session_start(); -if ($_SESSION['log'] == 1 AND $_SESSION['admin'] == 1) { - createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 1); +else { + header("Location: ../index.php"); } -if ($_POST['captchacode'] == $_SESSION['captchacode']) { - createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 0); -} -elseif ($_POST['captchacode'] != $_SESSION['captchacode']) { - header("Location: createmailpre.php?wrongcaptchacode=1"); - exit; -} -header("Location: ../index.php"); ?> \ No newline at end of file diff --git a/public/bin/deactivatemail.php b/public/bin/deactivatemail.php index c650fe7..f096646 100644 --- a/public/bin/deactivatemail.php +++ b/public/bin/deactivatemail.php @@ -22,7 +22,7 @@ try { echo 'Connection failed'; } session_start(); -if ($_SESSION['log'] == 1) { +if ($_SESSION['log'] == 1 && $_SESSION['admin']) { $mailuserID = $_POST['mailuserID']; $eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `id` LIKE :mailuserID"; $sth = $dbh->prepare($eintrag); diff --git a/public/bin/dellist.php b/public/bin/dellist.php new file mode 100644 index 0000000..ea81218 --- /dev/null +++ b/public/bin/dellist.php @@ -0,0 +1,32 @@ +. */ +$config = parse_ini_file('../../private/config.ini'); +try { + $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); +} catch (PDOException $e) { + //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen + echo 'Connection failed'; +} +session_start(); +if ($_SESSION['log'] == 1 && $_SESSION['admin']) { + $eintrag = "DELETE FROM `mailserver`.`virtual_aliases` WHERE `id` LIKE :maillistid"; + $sth = $dbh->prepare($eintrag); + $sth->execute(array(':maillistid' => $_GET['dellistid'])); + header("Location: maillistsettings.php"); + exit; +} +?> \ No newline at end of file diff --git a/public/bin/editlist.php b/public/bin/editlist.php new file mode 100644 index 0000000..879f15e --- /dev/null +++ b/public/bin/editlist.php @@ -0,0 +1,32 @@ +. */ +$config = parse_ini_file('../../private/config.ini'); +try { + $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); +} catch (PDOException $e) { + //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen + echo 'Connection failed'; +} +session_start(); +if ($_SESSION['log'] == 1 && $_SESSION['admin']) { + $eintrag = "UPDATE `virtual_aliases` SET `source` = :newsource, `destination` = :newdestination, `owner` = :newowner, `private` = :newprivate, `name` = :newname WHERE `id` LIKE :editlistid"; + $sth = $dbh->prepare($eintrag); + $sth->execute(array('newsource' => $_POST['newlistsource'], 'newdestination' => $_POST['newlistdestination'], 'newowner' => $_POST['newlistownerid'], 'newprivate' => $_POST['newlistprivate'], 'newname' => $_POST['newlistname'], 'editlistid' => $_POST['editlistid'])); + header("Location: maillistsettings.php"); + exit; +} +?> \ No newline at end of file diff --git a/public/bin/editlistpre.php b/public/bin/editlistpre.php new file mode 100644 index 0000000..76bd5ca --- /dev/null +++ b/public/bin/editlistpre.php @@ -0,0 +1,67 @@ +. */ +$config = parse_ini_file('../../private/config.ini'); +try { + $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); +} catch (PDOException $e) { + //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen + echo 'Connection failed'; +} +session_start(); +if ($_SESSION['log'] == 1 && $_SESSION['admin']) { + echo ' + + Mailliste editieren + + +

Zurück zur Maillistoberfläche (Editieren abbrechen)


'; + $abfrage = "SELECT `source`, `destination`, `owner`, `private`, `name` FROM `virtual_aliases` WHERE `id` LIKE :editlistid"; + $result = $dbh->prepare($abfrage); + $result->execute(array('editlistid' => $_GET['editlistid'])); + while ($lists = $result->fetch()) { + echo' +
+ + +
+ +
+ + + + '; + } +} +?> \ No newline at end of file diff --git a/public/bin/maillistsettings.php b/public/bin/maillistsettings.php new file mode 100644 index 0000000..55cafb0 --- /dev/null +++ b/public/bin/maillistsettings.php @@ -0,0 +1,67 @@ +. */ +$config = parse_ini_file('../../private/config.ini'); +try { + $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); +} catch (PDOException $e) { + //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen + echo 'Connection failed'; +} +session_start(); +if ($_SESSION['log'] == 1 && $_SESSION['admin']) { + echo ' + + Maillist Einstellung + + +

Maillinglisten Einstellungen

+

Zurück zur Adminoberfläche


+ + + +
+ +
+ +
+

Bestehende Listen:

+ '; + $abfrage = "SELECT `id`, `source`, `destination`, `owner`, `private`, `name` FROM `virtual_aliases`"; + $result = $dbh->query($abfrage); + echo ''; + while ($lists = $result->fetch()) { + $abfrage2 = "SELECT `email` FROM `virtual_users` WHERE `id` LIKE :ownerid"; + $sth = $dbh->prepare($abfrage2); + $sth->execute(array('ownerid' => $lists['owner'])); + $result2 = $sth->fetchAll(); + echo ''; + } + echo '
ListennameListenadresseListenempfängerListenbesitzerListensicherheitOptionen
' . $lists['name'] . '' . $lists['source'] . '' . $lists['destination'] . '' . $result2[0]['email'] . '' . $lists['private'] . 'Löschen
Editieren
'; + echo ' + '; +} +?> \ No newline at end of file diff --git a/public/index.php b/public/index.php index 6d85e3f..645215b 100644 --- a/public/index.php +++ b/public/index.php @@ -15,6 +15,7 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . */ session_start(); +$config = parse_ini_file('../private/config.ini'); if (!isset($_SESSION['log']) OR $_SESSION['log'] != 1) { echo ' @@ -29,9 +30,12 @@ if (!isset($_SESSION['log']) OR $_SESSION['log'] != 1) { - -

Neues Konto erstellen:

- + '; + if ($config['allowregistration']) { + echo '

Neues Konto erstellen:

+ '; + } + echo ' ';