From db919af9153b9b8740f9380752822dde89d4f18e Mon Sep 17 00:00:00 2001
From: Humorhenker <36549980+Humorhenker@users.noreply.github.com>
Date: Mon, 15 Jul 2019 20:48:31 +0200
Subject: [PATCH] Initial commit
---
private/captcha.sh | 102 +++++++++++++++++++++++++
private/config.ini | 10 +++
public/admin.php | 85 +++++++++++++++++++++
public/bin/activatemail.php | 34 +++++++++
public/bin/captcha.php | 29 +++++++
public/bin/changemailpw.php | 73 ++++++++++++++++++
public/bin/createmailpre.php | 59 +++++++++++++++
public/bin/createmailuser.php | 138 ++++++++++++++++++++++++++++++++++
public/bin/deactivatemail.php | 33 ++++++++
public/bin/deletemail.php | 63 ++++++++++++++++
public/index.php | 41 ++++++++++
public/login.php | 45 +++++++++++
public/logout.php | 20 +++++
public/settings.php | 59 +++++++++++++++
14 files changed, 791 insertions(+)
create mode 100644 private/captcha.sh
create mode 100644 private/config.ini
create mode 100644 public/admin.php
create mode 100644 public/bin/activatemail.php
create mode 100644 public/bin/captcha.php
create mode 100644 public/bin/changemailpw.php
create mode 100644 public/bin/createmailpre.php
create mode 100644 public/bin/createmailuser.php
create mode 100644 public/bin/deactivatemail.php
create mode 100644 public/bin/deletemail.php
create mode 100644 public/index.php
create mode 100644 public/login.php
create mode 100644 public/logout.php
create mode 100644 public/settings.php
diff --git a/private/captcha.sh b/private/captcha.sh
new file mode 100644
index 0000000..afdb9d4
--- /dev/null
+++ b/private/captcha.sh
@@ -0,0 +1,102 @@
+#!/bin/sh
+
+# Taken from https://github.com/processone/ejabberd/blob/master/tools/captcha.sh
+
+# This script is an example captcha script.
+# It takes the text to recognize in the captcha image as a parameter.
+# It return the image binary as a result. ejabberd support PNG, JPEG and GIF.
+
+# The whole idea of the captcha script is to let server admins adapt it to
+# their own needs. The goal is to be able to make the captcha generation as
+# unique as possible, to make the captcha challenge difficult to bypass by
+# a bot.
+# Server admins are thus supposed to write and use their own captcha generators.
+
+# This script relies on ImageMagick.
+# It is NOT compliant with ImageMagick forks like GraphicsMagick.
+
+INPUT=$1
+
+if test -n ${BASH_VERSION:-''} ; then
+ get_random ()
+ {
+ R=$RANDOM
+ }
+else
+ for n in `od -A n -t u2 -N 48 /dev/urandom`; do RL="$RL$n "; done
+ get_random ()
+ {
+ R=${RL%% *}
+ RL=${RL#* }
+ }
+fi
+
+get_random
+WAVE1_AMPLITUDE=$((2 + $R % 5))
+get_random
+WAVE1_LENGTH=$((50 + $R % 25))
+get_random
+WAVE2_AMPLITUDE=$((2 + $R % 5))
+get_random
+WAVE2_LENGTH=$((50 + $R % 25))
+get_random
+WAVE3_AMPLITUDE=$((2 + $R % 5))
+get_random
+WAVE3_LENGTH=$((50 + $R % 25))
+get_random
+W1_LINE_START_Y=$((10 + $R % 40))
+get_random
+W1_LINE_STOP_Y=$((10 + $R % 40))
+get_random
+W2_LINE_START_Y=$((10 + $R % 40))
+get_random
+W2_LINE_STOP_Y=$((10 + $R % 40))
+get_random
+W3_LINE_START_Y=$((10 + $R % 40))
+get_random
+W3_LINE_STOP_Y=$((10 + $R % 40))
+
+get_random
+B1_LINE_START_Y=$(($R % 40))
+get_random
+B1_LINE_STOP_Y=$(($R % 40))
+get_random
+B2_LINE_START_Y=$(($R % 40))
+get_random
+B2_LINE_STOP_Y=$(($R % 40))
+#B3_LINE_START_Y=$(($R % 40))
+#B3_LINE_STOP_Y=$(($R % 40))
+
+get_random
+B1_LINE_START_X=$(($R % 20))
+get_random
+B1_LINE_STOP_X=$((100 + $R % 40))
+get_random
+B2_LINE_START_X=$(($R % 20))
+get_random
+B2_LINE_STOP_X=$((100 + $R % 40))
+#B3_LINE_START_X=$(($R % 20))
+#B3_LINE_STOP_X=$((100 + $R % 40))
+
+get_random
+ROLL_X=$(($R % 40))
+
+convert -size 180x60 xc:none -pointsize 40 \
+ \( -clone 0 -fill white \
+ -stroke black -strokewidth 4 -annotate +0+40 "$INPUT" \
+ -stroke white -strokewidth 2 -annotate +0+40 "$INPUT" \
+ -roll +$ROLL_X+0 \
+ -wave "$WAVE1_AMPLITUDE"x"$WAVE1_LENGTH" \
+ -roll -$ROLL_X+0 \) \
+ \( -clone 0 -stroke black \
+ -strokewidth 1 -draw \
+ "line $B1_LINE_START_X,$B1_LINE_START_Y $B1_LINE_STOP_X,$B1_LINE_STOP_Y" \
+ -strokewidth 1 -draw \
+ "line $B2_LINE_START_X,$B2_LINE_START_Y $B2_LINE_STOP_X,$B2_LINE_STOP_Y" \
+ -wave "$WAVE2_AMPLITUDE"x"$WAVE2_LENGTH" \) \
+ \( -clone 0 -stroke white \
+ -strokewidth 2 -draw "line 0,$W1_LINE_START_Y 140,$W1_LINE_STOP_Y" \
+ -strokewidth 2 -draw "line 0,$W2_LINE_START_Y 140,$W2_LINE_STOP_Y" \
+ -strokewidth 2 -draw "line 0,$W3_LINE_START_Y 140,$W3_LINE_STOP_Y" \
+ -wave "$WAVE3_AMPLITUDE"x"$WAVE3_LENGTH" \) \
+ -flatten -crop 140x60 +repage -quality 90 -depth 8 png:-
\ No newline at end of file
diff --git a/private/config.ini b/private/config.ini
new file mode 100644
index 0000000..faf22c8
--- /dev/null
+++ b/private/config.ini
@@ -0,0 +1,10 @@
+[database]
+dbservername =
+dbusername =
+dbpassword =
+dbname =
+
+[misc]
+mailfolderpath =
+maildirencryption =
+captcha =
\ No newline at end of file
diff --git a/public/admin.php b/public/admin.php
new file mode 100644
index 0000000..84232e9
--- /dev/null
+++ b/public/admin.php
@@ -0,0 +1,85 @@
+. */
+$config = parse_ini_file('../private/config.ini');
+try {
+ $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
+} catch (PDOException $e) {
+ //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
+ echo 'Connection failed';
+}
+session_start();
+if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
+ echo '
+
+Roteserver - Mail Admin Settings
+
+
+Mail Admin Settings:
';
+ if (isset($_GET['success'])) {
+ echo 'Erfolgreich geändert.';
+ }
+ if (isset($_GET['fehler'])) {
+ echo 'Fehler: ' . $_GET['fehler'] . '
';
+ }
+ echo 'Normale Einstellungen
';
+ echo 'Mailadresse aktivieren:
+
+Mailadresse deaktivieren:
+
+Emailadresse hinzufügen:
+
+Emailadresse entfernen:
+
+
+';
+ exit;
+}
+header("Location: index.php");
+?>
\ No newline at end of file
diff --git a/public/bin/activatemail.php b/public/bin/activatemail.php
new file mode 100644
index 0000000..e4b2258
--- /dev/null
+++ b/public/bin/activatemail.php
@@ -0,0 +1,34 @@
+. */
+$config = parse_ini_file('../../private/config.ini');
+try {
+ $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
+} catch (PDOException $e) {
+ //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
+ echo 'Connection failed';
+}
+session_start();
+if ($_SESSION['log'] == 1) {
+ $mailuserID = $_POST['mailuserID'];
+ $eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='1' WHERE `id` LIKE :mailuserID";
+ $sth = $dbh->prepare($eintrag);
+ $sth->execute(array(':mailuserID' => $mailuserID));
+ header("Location: ../admin.php?success=1");
+ exit;
+}
+header("Location: ../index.php");
+?>
\ No newline at end of file
diff --git a/public/bin/captcha.php b/public/bin/captcha.php
new file mode 100644
index 0000000..4df528a
--- /dev/null
+++ b/public/bin/captcha.php
@@ -0,0 +1,29 @@
+. */
+$config = parse_ini_file('../../private/config.ini');
+if (TRUE) {
+ session_start();
+ $captchacode = rand(10000, 99999);
+ $_SESSION['captchacode'] = $captchacode;
+ $captcha = shell_exec('sh ../../private/captcha.sh ' . $captchacode);
+ header('Content-type: image/png');
+ echo $captcha;
+ exit;
+} else {
+ header("Location: ../index.php");
+}
+?>
\ No newline at end of file
diff --git a/public/bin/changemailpw.php b/public/bin/changemailpw.php
new file mode 100644
index 0000000..65ba0a4
--- /dev/null
+++ b/public/bin/changemailpw.php
@@ -0,0 +1,73 @@
+. */
+$config = parse_ini_file('../../private/config.ini');
+try {
+ $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
+} catch (PDOException $e) {
+ //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
+ echo 'Connection failed';
+}
+session_start();
+if ($_SESSION['log'] == 1) {
+ if ($_POST['newmailpw'] == $_POST['newmailpwrep']) {
+ $newmailpw = $_POST['newmailpw'];
+ $oldmailpw = $_POST['oldmailpw'];
+ if (strpos($newmailpw, "'") !== false) {
+ header("Location: settings.php?wrongsymbols=1");
+ exit;
+ }
+ $mailusername = $_SESSION['email'];
+ $abfrage = "SELECT `password` FROM `virtual_users` WHERE `email` = :newmailusernamefull";
+ $sth = $dbh->prepare($abfrage);
+ $sth->execute(array('newmailusernamefull' => $mailusername));
+ $result= $sth->fetchAll();
+ $oldpwhashed = $result[0]['password'];
+ if (password_verify($oldmailpw, $oldpwhashed)) {
+ if (strlen($newmailpw) >= 8) {
+ $newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]);
+ $eintrag = "UPDATE `virtual_users` SET `password` = :newmailpwhashed WHERE `email` LIKE :mailusername";
+ $sth = $dbh->prepare($eintrag);
+ $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'mailusername' => $mailusername));
+ $eintragen = mysqli_query($link, $eintrag);
+ if ($config['maildirencryption']) {
+ if ($_POST['forcekeyregen']) {
+ exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($mailusername));
+ }
+ else {
+ exec('sudo -u vmail /usr/bin/doveadm mailbox cryptokey password -o stats_writer_socket_path= -u ' . escapeshellarg($mailusername) . ' -n ' . escapeshellarg($newmailpw) . ' -o' . escapeshellcmd($oldmailpw));
+ }
+ }
+ header("Location: ../settings.php?success=1");
+ exit;
+ }
+ else {
+ header("Location: ../settings.php?pwtoshort=1");
+ exit;
+ }
+ }
+ else {
+ header( "Location: ../settings.php?pwmissmatch=1");
+ exit;
+ }
+ }
+ else {
+ header("Location: ../settings.php?pwnotequal=1");
+ exit;
+ }
+}
+header("Location: index.php");
+?>
\ No newline at end of file
diff --git a/public/bin/createmailpre.php b/public/bin/createmailpre.php
new file mode 100644
index 0000000..13affcb
--- /dev/null
+++ b/public/bin/createmailpre.php
@@ -0,0 +1,59 @@
+. */
+$config = parse_ini_file('../../private/config.ini');
+try {
+ $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
+} catch (PDOException $e) {
+ //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
+ echo 'Connection failed';
+}
+session_start();
+if (!isset($_SESSION['log']) or $_SESSION['log'] != 1) {
+ echo' Emailadresse hinzufügen:
+ ';
+ if (isset($_GET['wrongcaptchacode']) AND $config['captcha']) {
+ echo 'Captcha falsch
';
+ }
+ if (isset($_GET['pwtooshort'])) {
+ echo 'Passwort zu kurz. Bitte mindestens 8 Zeichen
';
+ }
+ if (isset($_GET['mailalreadytaken'])) {
+ echo 'Diese Mailadresse besteht leider schon
';
+ }
+ if (isset($_GET['pwnotequal'])) {
+ echo 'Passwörter nicht gleich!
';
+ }
+ if (isset($_GET[ 'wrongsymbols'])) {
+ echo 'Verbotene Symbole in Passwort oder Adresse enthalten!
';
+ }
+ echo '
+ Dein Konto muss erst freigeschaltet werden, bevor du es benutzen kannst.
';
+ exit;
+}
+else {
+ header("Location: ../settings.php");
+}
+?>
\ No newline at end of file
diff --git a/public/bin/createmailuser.php b/public/bin/createmailuser.php
new file mode 100644
index 0000000..679c402
--- /dev/null
+++ b/public/bin/createmailuser.php
@@ -0,0 +1,138 @@
+. */
+$config = parse_ini_file('../../private/config.ini');
+try {
+ $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
+} catch (PDOException $e) {
+ //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
+ echo 'Connection failed';
+}
+function createmailuser($newmailusername, $newmailpw, $newmailpwrep, $admin) {
+ global $dbh;
+ global $config;
+ $pattern = array();
+ $pattern[0] = ' ';
+ $pattern[1] = '@';
+ $pattern[2] = 'roteserver';
+ $pattern[3] = 'roteserver.de';
+ $pattern[4] = 'admin';
+ $pattern[5] = 'noreply';
+ $pattern[6] = 'info';
+ $pattern[7] = 'webmaster';
+ $newmailusername = str_replace($pattern, "", $newmailusername);
+ $newmailusernamefull = $newmailusername . '@roteserver.de';
+ if(strpos($newmailusername, "'") !== false) {
+ if ($admin == 1) {
+ header("Location: ../admin.php?fehler=Falsche Zeichen in Adresse");
+ exit;
+ } else {
+ header("Location: createmailpre.php?wrongsymbols=1");
+ exit;
+ }
+ }
+ if (strpos($newmailpw, "'") !== false) {
+ if ($admin == 1) {
+ header("Location: ../admin.php?fehler=Falsche Zeichen in Passwort");
+ exit;
+ } else {
+ header("Location: createmailpre.php?wrongsymbols=1");
+ exit;
+ }
+ }
+ if (strlen($newmailpw) >= 8) {
+ if ($newmailpw == $newmailpwrep) {
+ $abfrage = "SELECT 1 FROM `virtual_users` WHERE `email` = :newmailusernamefull";
+ $sth = $dbh->prepare($abfrage);
+ $sth->execute(array('newmailusernamefull' => $newmailusernamefull));
+ $result = $sth->fetchAll();
+ if ($result[0][1] !== 1) {
+ $newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]);
+ $createdtimestamp = date("Y-m-d H:i:s");
+ if ($config['maildirencryption']) {
+ $eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`, `pre-pw-key`, `pw-key`, `admin`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '1', '$createdtimestamp', '0', '0', '0')"; // Maildaten in MailServer DB eintragen
+ $sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert.
+ $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' =>$newmailusername));
+ $maildirpath = $config['mailfolderpath'] . $newmailusername;
+ umask(0);
+ mkdir($maildirpath, 0770);
+ exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($newmailusernamefull));
+ $eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `email` LIKE :newmailusernamefull";
+ }
+ else {
+ $eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '0', '$createdtimestamp')"; // Maildaten in MailServer DB eintragen
+ $sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert.
+ $sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' => $newmailusername));
+ $maildirpath = $config['mailfolderpath'] . $newmailusername;
+ umask(0);
+ mkdir($maildirpath, 0770);
+ }
+ $sth = $dbh->prepare($eintrag);
+ $sth->execute(array(':newmailusernamefull' => $newmailusernamefull));
+ $adminmailadress = $config['adminadress'];
+ $adresse = $config['domain'] . '/admin.php';
+ // eine Mail an den Admin verschicken, damit er die Mail freischalten kann
+ mail($adminmailadress, "Neue Mailadresse erstellt", "Eine neue Mailadresse wurde erstellt und muss freigeschaltet werden. \n \n" . htmlspecialchars($newmailusernamefull) . "\n " . $adresse, "From: mailservice");
+ if ($admin == 1) {
+ header("Location: ../admin.php?success=1");
+ exit;
+ } else {
+ header("Location: ../index.php");
+ exit;
+ }
+ exit;
+ } else { // Emailadresse ist bereits registriert
+ if ($admin == 1) {
+ header("Location: ../admin.php?fehler=Mail besteht schon");
+ exit;
+ } else {
+ header("Location: createmailpre.php?mailalreadytaken=1");
+ exit;
+ }
+ }
+ }
+ else {
+ if ($admin == 1) {
+ header("Location: ../admin.php?fehler=PW nicht gleich");
+ exit;
+ } else {
+ header("Location: createmailpre.php?pwnotequal=1");
+ exit;
+ }
+ }
+ } else { // Passwort zu kurz
+ if ($admin == 1) {
+ header("Location: ../admin.php?fehler=PW zu kurz");
+ exit;
+ } else {
+ header("Location: createmailpre.php?pwtooshort=1");
+ exit;
+ }
+ }
+}
+session_start();
+if ($_SESSION['log'] == 1 AND $_SESSION['admin'] == 1) {
+ createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 1);
+}
+if ($_POST['captchacode'] == $_SESSION['captchacode']) {
+ createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 0);
+}
+elseif ($_POST['captchacode'] != $_SESSION['captchacode']) {
+ header("Location: createmailpre.php?wrongcaptchacode=1");
+ exit;
+}
+header("Location: ../index.php");
+?>
\ No newline at end of file
diff --git a/public/bin/deactivatemail.php b/public/bin/deactivatemail.php
new file mode 100644
index 0000000..c650fe7
--- /dev/null
+++ b/public/bin/deactivatemail.php
@@ -0,0 +1,33 @@
+. */
+$config = parse_ini_file('../../private/config.ini');
+try {
+ $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
+} catch (PDOException $e) {
+ //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
+ echo 'Connection failed';
+}
+session_start();
+if ($_SESSION['log'] == 1) {
+ $mailuserID = $_POST['mailuserID'];
+ $eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `id` LIKE :mailuserID";
+ $sth = $dbh->prepare($eintrag);
+ $sth->execute(array(':mailuserID' => $mailuserID));
+ header("Location: ../admin.php?success=1");
+ exit;
+}
+header("Location: ../index.php");
diff --git a/public/bin/deletemail.php b/public/bin/deletemail.php
new file mode 100644
index 0000000..c2a3e64
--- /dev/null
+++ b/public/bin/deletemail.php
@@ -0,0 +1,63 @@
+. */
+$config = parse_ini_file('../../private/config.ini');
+try {
+ $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
+} catch (PDOException $e) {
+ //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
+ echo 'Connection failed';
+}
+function delete_directory($dirname)
+{
+ if (is_dir($dirname))
+ $dir_handle = opendir($dirname);
+ if (!$dir_handle)
+ return false;
+ while ($file = readdir($dir_handle)) {
+ if ($file != "." && $file != "..") {
+ if (!is_dir($dirname . "/" . $file))
+ unlink($dirname . "/" . $file);
+ else
+ delete_directory($dirname . '/' . $file);
+ }
+ }
+ closedir($dir_handle);
+ rmdir($dirname);
+ return true;
+}
+session_start();
+if ($_SESSION['log'] == 1) {
+ if ($_SESSION['admin'] == 1) {
+ $mailuserID = $_POST['mailuserID'];
+ }
+ else {
+ $mailuserID = $_SESSION['mailID'];
+ }
+ $abfrage = "SELECT `username` FROM `virtual_users` WHERE `id` = :mailuserID";
+ $sth = $dbh->prepare($abfrage);
+ $sth->execute(array('mailuserID' => $mailuserID));
+ $result = $sth->fetchAll();
+ $eintrag = "DELETE FROM `mailserver`.`virtual_users` WHERE `id` LIKE :mailuserID";
+ $sth = $dbh->prepare($eintrag);
+ $sth->execute(array(':mailuserID' => $mailuserID));
+ $maildirpath = $config['mailfolderpath'] . $result[0]['username'];
+ delete_directory($maildirpath);
+ header("Location: ../admin.php?success=1");
+ exit;
+}
+header("Location: ../index.php");
+?>
\ No newline at end of file
diff --git a/public/index.php b/public/index.php
new file mode 100644
index 0000000..6d85e3f
--- /dev/null
+++ b/public/index.php
@@ -0,0 +1,41 @@
+. */
+session_start();
+if (!isset($_SESSION['log']) OR $_SESSION['log'] != 1) {
+ echo '
+
+
+ ';
+ if (isset($_GET['badlogin'])) {
+ echo 'falsche Logindaten
';
+ }
+ echo 'Webmail
+ Config-Login:
+
+ Neues Konto erstellen:
+
+
+
+ ';
+} else {
+ header("Location: settings.php");
+}
+?>
\ No newline at end of file
diff --git a/public/login.php b/public/login.php
new file mode 100644
index 0000000..fab6fcf
--- /dev/null
+++ b/public/login.php
@@ -0,0 +1,45 @@
+. */
+$config = parse_ini_file('../private/config.ini');
+session_start();
+try {
+ $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
+} catch (PDOException $e) {
+ //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
+ echo 'Connection failed';
+}
+$user = $_POST['username'];
+$pw = $_POST['password'];
+
+$abfrage = "SELECT `id`, `password`, `email`, `username`, `admin` FROM `virtual_users` WHERE `email` = :username";
+$sth = $dbh->prepare($abfrage);
+$sth->execute(array(':username' => $user));
+$userdata = $sth->fetchAll();
+if ($sth->rowCount() > 0) {
+ if (password_verify($pw, $userdata[0]['password'])) {
+ $_SESSION['log'] = 1;
+ $_SESSION['username'] = $userdata[0]['username'];
+ $_SESSION['email'] = $userdata[0]['email'];
+ $_SESSION['admin'] = $userdata[0]['admin'];
+ $_SESSION['mailID'] = $userdata[0]['id'];
+ header("Location: settings.php");
+ exit;
+ }
+}
+header("Location: index.php?badlogin=1");
+exit;
+?>
\ No newline at end of file
diff --git a/public/logout.php b/public/logout.php
new file mode 100644
index 0000000..db66d2d
--- /dev/null
+++ b/public/logout.php
@@ -0,0 +1,20 @@
+. */
+session_start();
+session_destroy();
+header('Location: index.php');
+?>
\ No newline at end of file
diff --git a/public/settings.php b/public/settings.php
new file mode 100644
index 0000000..09bc910
--- /dev/null
+++ b/public/settings.php
@@ -0,0 +1,59 @@
+. */
+$config = parse_ini_file('../private/config.ini');
+try {
+ $dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
+} catch (PDOException $e) {
+ //echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
+ echo 'Connection failed';
+}
+session_start();
+if ($_SESSION['log'] == 1) {
+ echo '
+
+ Roteserver - Mail Settings
+
+
+ Mail Settings:
';
+ if (isset($_GET['success'])) {
+ echo 'Erfolgreich geändert.
';
+ }
+ if (isset($_GET['pwnotequal'])) {
+ echo 'Passwörter nicht gleich!
';
+ }
+ if ($_SESSION['admin'] == 1) {
+ echo 'Admin-Settings
';
+ }
+ echo '';
+ echo 'Passwort ändern:
+ ';
+
+ echo '
+ ';
+ exit;
+}
+header("Location: index.php");
+?>
\ No newline at end of file