hmrhkr
/
Mailadminscript
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial commit

This commit is contained in:
Humorhenker 2019-07-15 20:48:31 +02:00
parent b903cae554
commit db919af915
14 changed files with 791 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
private/captcha.sh Normal file
View File

@ -0,0 +1,102 @@
#!/bin/sh
# Taken from https://github.com/processone/ejabberd/blob/master/tools/captcha.sh
# This script is an example captcha script.
# It takes the text to recognize in the captcha image as a parameter.
# It return the image binary as a result. ejabberd support PNG, JPEG and GIF.
# The whole idea of the captcha script is to let server admins adapt it to
# their own needs. The goal is to be able to make the captcha generation as
# unique as possible, to make the captcha challenge difficult to bypass by
# a bot.
# Server admins are thus supposed to write and use their own captcha generators.
# This script relies on ImageMagick.
# It is NOT compliant with ImageMagick forks like GraphicsMagick.
INPUT=$1
if test -n ${BASH_VERSION:-''} ; then
get_random ()
{
R=$RANDOM
}
else
for n in `od -A n -t u2 -N 48 /dev/urandom`; do RL="$RL$n "; done
get_random ()
{
R=${RL%% *}
RL=${RL#* }
}
fi
get_random
WAVE1_AMPLITUDE=$((2 + $R % 5))
get_random
WAVE1_LENGTH=$((50 + $R % 25))
get_random
WAVE2_AMPLITUDE=$((2 + $R % 5))
get_random
WAVE2_LENGTH=$((50 + $R % 25))
get_random
WAVE3_AMPLITUDE=$((2 + $R % 5))
get_random
WAVE3_LENGTH=$((50 + $R % 25))
get_random
W1_LINE_START_Y=$((10 + $R % 40))
get_random
W1_LINE_STOP_Y=$((10 + $R % 40))
get_random
W2_LINE_START_Y=$((10 + $R % 40))
get_random
W2_LINE_STOP_Y=$((10 + $R % 40))
get_random
W3_LINE_START_Y=$((10 + $R % 40))
get_random
W3_LINE_STOP_Y=$((10 + $R % 40))
get_random
B1_LINE_START_Y=$(($R % 40))
get_random
B1_LINE_STOP_Y=$(($R % 40))
get_random
B2_LINE_START_Y=$(($R % 40))
get_random
B2_LINE_STOP_Y=$(($R % 40))
#B3_LINE_START_Y=$(($R % 40))
#B3_LINE_STOP_Y=$(($R % 40))
get_random
B1_LINE_START_X=$(($R % 20))
get_random
B1_LINE_STOP_X=$((100 + $R % 40))
get_random
B2_LINE_START_X=$(($R % 20))
get_random
B2_LINE_STOP_X=$((100 + $R % 40))
#B3_LINE_START_X=$(($R % 20))
#B3_LINE_STOP_X=$((100 + $R % 40))
get_random
ROLL_X=$(($R % 40))
convert -size 180x60 xc:none -pointsize 40 \
\( -clone 0 -fill white \
-stroke black -strokewidth 4 -annotate +0+40 "$INPUT" \
-stroke white -strokewidth 2 -annotate +0+40 "$INPUT" \
-roll +$ROLL_X+0 \
-wave "$WAVE1_AMPLITUDE"x"$WAVE1_LENGTH" \
-roll -$ROLL_X+0 \) \
\( -clone 0 -stroke black \
-strokewidth 1 -draw \
"line $B1_LINE_START_X,$B1_LINE_START_Y $B1_LINE_STOP_X,$B1_LINE_STOP_Y" \
-strokewidth 1 -draw \
"line $B2_LINE_START_X,$B2_LINE_START_Y $B2_LINE_STOP_X,$B2_LINE_STOP_Y" \
-wave "$WAVE2_AMPLITUDE"x"$WAVE2_LENGTH" \) \
\( -clone 0 -stroke white \
-strokewidth 2 -draw "line 0,$W1_LINE_START_Y 140,$W1_LINE_STOP_Y" \
-strokewidth 2 -draw "line 0,$W2_LINE_START_Y 140,$W2_LINE_STOP_Y" \
-strokewidth 2 -draw "line 0,$W3_LINE_START_Y 140,$W3_LINE_STOP_Y" \
-wave "$WAVE3_AMPLITUDE"x"$WAVE3_LENGTH" \) \
-flatten -crop 140x60 +repage -quality 90 -depth 8 png:-

10
private/config.ini Normal file
View File

@ -0,0 +1,10 @@
[database]
dbservername =
dbusername =
dbpassword =
dbname =
[misc]
mailfolderpath =
maildirencryption =
captcha =

85
public/admin.php Normal file
View File

@ -0,0 +1,85 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
session_start();
if ($_SESSION['log'] == 1 and $_SESSION['admin'] == 1) {
echo '<html>
<head>
<title>Roteserver - Mail Admin Settings</title>
</head>
<body>
<h1>Mail Admin Settings:</h1>';
if (isset($_GET['success'])) {
echo 'Erfolgreich geändert.';
}
if (isset($_GET['fehler'])) {
echo '<h3>Fehler: ' . $_GET['fehler'] . '</h3>';
}
echo '<a href="settings.php"><p>Normale Einstellungen</p></a><a href="logout.php"><button>Logout</button></a>';
echo '<h3>Mailadresse aktivieren:</h3>
<form name="activatemail" method=POST action="bin/activatemail.php">
<label>Activate Mail:<select name="mailuserID">';
$abfrage = "SELECT `id`, `email` FROM `virtual_users` WHERE `active` LIKE 0";
$result = $dbh->query($abfrage);
while ($emails = $result->fetch()) {
echo '<option value="' . $emails['id'] . '">' . $emails['email'] . '</option>';
}
echo '</select></label>
<input type="submit" name="submit" value="aktivieren"/>';
echo '</form>
<h3>Mailadresse deaktivieren:</h3>
<form name="deactivatemail" method=POST action="bin/deactivatemail.php">
<label>Deactivate Mail:<select name="mailuserID">';
$abfrage = "SELECT `id`, `email` FROM `virtual_users` WHERE `active` LIKE 1";
$result = $dbh->query($abfrage);
while ($emails = $result->fetch()) {
echo '<option value="' . $emails['id'] . '">' . $emails['email'] . '</option>';
}
echo '</select></label>
<input type="submit" name="submit" value="deaktivieren"/>
</form>
<h3>Emailadresse hinzufügen:</h3>
<form name="createmailuser" method=POST action="bin/createmailuser.php">
<label>Neue email<input type="text" name="newmailusername"/>@roteserver.de (benutze nicht ' . "'" . ')</label>
<label>Neues Passwort<input type="password" name="newmailpw"/>(min. 8 Zeichen, benutze nicht ' . "'" . ')</label>
<label>Neues Passwort wiederholen<input type="password" name="newmailpwrep"/></label>
<input type="submit" name="submit" value="Hinzufügen"/>
</form>
<h3>Emailadresse entfernen:</h3>
<form name="deletemail" method=POST action="bin/deletemail.php">
<label>Delete Mail:<select name="mailuserID">';
$abfrage = "SELECT `id`, `email` FROM `virtual_users`";
$result = $dbh->query($abfrage);
while ($emails = $result->fetch()) {
echo '<option value="' . $emails['id'] . '">' . $emails['email'] . '</option>';
}
echo '</select></label>
<input type="submit" name="submit" value="ENTFERNEN"/>
</form>
</body>
</html>';
exit;
}
header("Location: index.php");
?>

34
public/bin/activatemail.php Normal file
View File

@ -0,0 +1,34 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
session_start();
if ($_SESSION['log'] == 1) {
$mailuserID = $_POST['mailuserID'];
$eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='1' WHERE `id` LIKE :mailuserID";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':mailuserID' => $mailuserID));
header("Location: ../admin.php?success=1");
exit;
}
header("Location: ../index.php");
?>

29
public/bin/captcha.php Normal file
View File

@ -0,0 +1,29 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../../private/config.ini');
if (TRUE) {
session_start();
$captchacode = rand(10000, 99999);
$_SESSION['captchacode'] = $captchacode;
$captcha = shell_exec('sh ../../private/captcha.sh ' . $captchacode);
header('Content-type: image/png');
echo $captcha;
exit;
} else {
header("Location: ../index.php");
}
?>

73
public/bin/changemailpw.php Normal file
View File

@ -0,0 +1,73 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
session_start();
if ($_SESSION['log'] == 1) {
if ($_POST['newmailpw'] == $_POST['newmailpwrep']) {
$newmailpw = $_POST['newmailpw'];
$oldmailpw = $_POST['oldmailpw'];
if (strpos($newmailpw, "'") !== false) {
header("Location: settings.php?wrongsymbols=1");
exit;
}
$mailusername = $_SESSION['email'];
$abfrage = "SELECT `password` FROM `virtual_users` WHERE `email` = :newmailusernamefull";
$sth = $dbh->prepare($abfrage);
$sth->execute(array('newmailusernamefull' => $mailusername));
$result= $sth->fetchAll();
$oldpwhashed = $result[0]['password'];
if (password_verify($oldmailpw, $oldpwhashed)) {
if (strlen($newmailpw) >= 8) {
$newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]);
$eintrag = "UPDATE `virtual_users` SET `password` = :newmailpwhashed WHERE `email` LIKE :mailusername";
$sth = $dbh->prepare($eintrag);
$sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'mailusername' => $mailusername));
$eintragen = mysqli_query($link, $eintrag);
if ($config['maildirencryption']) {
if ($_POST['forcekeyregen']) {
exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($mailusername));
}
else {
exec('sudo -u vmail /usr/bin/doveadm mailbox cryptokey password -o stats_writer_socket_path= -u ' . escapeshellarg($mailusername) . ' -n ' . escapeshellarg($newmailpw) . ' -o' . escapeshellcmd($oldmailpw));
}
}
header("Location: ../settings.php?success=1");
exit;
}
else {
header("Location: ../settings.php?pwtoshort=1");
exit;
}
}
else {
header( "Location: ../settings.php?pwmissmatch=1");
exit;
}
}
else {
header("Location: ../settings.php?pwnotequal=1");
exit;
}
}
header("Location: index.php");
?>

59
public/bin/createmailpre.php Normal file
View File

@ -0,0 +1,59 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
session_start();
if (!isset($_SESSION['log']) or $_SESSION['log'] != 1) {
echo' <h3>Emailadresse hinzufügen:</h3>
';
if (isset($_GET['wrongcaptchacode']) AND $config['captcha']) {
echo '<h3>Captcha falsch</h3>';
}
if (isset($_GET['pwtooshort'])) {
echo '<h3>Passwort zu kurz. Bitte mindestens 8 Zeichen</h3>';
}
if (isset($_GET['mailalreadytaken'])) {
echo '<h3>Diese Mailadresse besteht leider schon</h3>';
}
if (isset($_GET['pwnotequal'])) {
echo '<h3>Passwörter nicht gleich!</h3>';
}
if (isset($_GET[ 'wrongsymbols'])) {
echo '<h3>Verbotene Symbole in Passwort oder Adresse enthalten!</h3>';
}
echo '<form name="createmailuser" method=POST action="createmailuser.php">
<label>Neue email<input type="text" name="newmailusername"/>@roteserver.de (benutze nicht ' . "'" . ')</label>
<label>Neue Passwort<input type="password" name="newmailpw"/>(min. 8 Zeichen, benutze nicht ' . "'" . ')</label>
<label>Neue Passwort wiederholen<input type="password" name="newmailpwrep"/></label>';
if ($config['captcha']) {
echo '<label><p>Captcha:</p><p>gebe hier bitte den Zahlencode aus dem Bild ein</p><img src="captcha.php"/>
<input type="text" name="captchacode"/></label>';
}
echo '<input type="submit" name="submit" value="Hinzufügen"/>
</form>
<p>Dein Konto muss erst freigeschaltet werden, bevor du es benutzen kannst.</p>';
exit;
}
else {
header("Location: ../settings.php");
}
?>

138
public/bin/createmailuser.php Normal file
View File

@ -0,0 +1,138 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
function createmailuser($newmailusername, $newmailpw, $newmailpwrep, $admin) {
global $dbh;
global $config;
$pattern = array();
$pattern[0] = ' ';
$pattern[1] = '@';
$pattern[2] = 'roteserver';
$pattern[3] = 'roteserver.de';
$pattern[4] = 'admin';
$pattern[5] = 'noreply';
$pattern[6] = 'info';
$pattern[7] = 'webmaster';
$newmailusername = str_replace($pattern, "", $newmailusername);
$newmailusernamefull = $newmailusername . '@roteserver.de';
if(strpos($newmailusername, "'") !== false) {
if ($admin == 1) {
header("Location: ../admin.php?fehler=Falsche Zeichen in Adresse");
exit;
} else {
header("Location: createmailpre.php?wrongsymbols=1");
exit;
}
}
if (strpos($newmailpw, "'") !== false) {
if ($admin == 1) {
header("Location: ../admin.php?fehler=Falsche Zeichen in Passwort");
exit;
} else {
header("Location: createmailpre.php?wrongsymbols=1");
exit;
}
}
if (strlen($newmailpw) >= 8) {
if ($newmailpw == $newmailpwrep) {
$abfrage = "SELECT 1 FROM `virtual_users` WHERE `email` = :newmailusernamefull";
$sth = $dbh->prepare($abfrage);
$sth->execute(array('newmailusernamefull' => $newmailusernamefull));
$result = $sth->fetchAll();
if ($result[0][1] !== 1) {
$newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]);
$createdtimestamp = date("Y-m-d H:i:s");
if ($config['maildirencryption']) {
$eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`, `pre-pw-key`, `pw-key`, `admin`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '1', '$createdtimestamp', '0', '0', '0')"; // Maildaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert.
$sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' =>$newmailusername));
$maildirpath = $config['mailfolderpath'] . $newmailusername;
umask(0);
mkdir($maildirpath, 0770);
exec('sudo -u vmail /usr/bin/doveadm -o stats_writer_socket_path= -o plugin/mail_crypt_private_password=' . escapeshellarg($newmailpw) . ' mailbox cryptokey generate -U -f -u ' . escapeshellarg($newmailusernamefull));
$eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `email` LIKE :newmailusernamefull";
}
else {
$eintrag = "INSERT INTO `virtual_users` (`domain_id`, `password`, `email`, `username`, `active`, `created`) VALUES ('1', :newmailpwhashed, :newmailusernamefull, :newmailusername, '0', '$createdtimestamp')"; // Maildaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag); // der Nutzer muss erst kurzzeitig aktive geschaltet werden, damit die cryptkeys erstellt werden können. Danach wird er direkt wieder deaktiviert.
$sth->execute(array('newmailpwhashed' => $newmailpwhashed, 'newmailusernamefull' => $newmailusernamefull, 'newmailusername' => $newmailusername));
$maildirpath = $config['mailfolderpath'] . $newmailusername;
umask(0);
mkdir($maildirpath, 0770);
}
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':newmailusernamefull' => $newmailusernamefull));
$adminmailadress = $config['adminadress'];
$adresse = $config['domain'] . '/admin.php';
// eine Mail an den Admin verschicken, damit er die Mail freischalten kann
mail($adminmailadress, "Neue Mailadresse erstellt", "Eine neue Mailadresse wurde erstellt und muss freigeschaltet werden. \n \n" . htmlspecialchars($newmailusernamefull) . "\n " . $adresse, "From: mailservice");
if ($admin == 1) {
header("Location: ../admin.php?success=1");
exit;
} else {
header("Location: ../index.php");
exit;
}
exit;
} else { // Emailadresse ist bereits registriert
if ($admin == 1) {
header("Location: ../admin.php?fehler=Mail besteht schon");
exit;
} else {
header("Location: createmailpre.php?mailalreadytaken=1");
exit;
}
}
}
else {
if ($admin == 1) {
header("Location: ../admin.php?fehler=PW nicht gleich");
exit;
} else {
header("Location: createmailpre.php?pwnotequal=1");
exit;
}
}
} else { // Passwort zu kurz
if ($admin == 1) {
header("Location: ../admin.php?fehler=PW zu kurz");
exit;
} else {
header("Location: createmailpre.php?pwtooshort=1");
exit;
}
}
}
session_start();
if ($_SESSION['log'] == 1 AND $_SESSION['admin'] == 1) {
createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 1);
}
if ($_POST['captchacode'] == $_SESSION['captchacode']) {
createmailuser($_POST['newmailusername'], $_POST['newmailpw'], $_POST['newmailpwrep'], 0);
}
elseif ($_POST['captchacode'] != $_SESSION['captchacode']) {
header("Location: createmailpre.php?wrongcaptchacode=1");
exit;
}
header("Location: ../index.php");
?>

33
public/bin/deactivatemail.php Normal file
View File

@ -0,0 +1,33 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
session_start();
if ($_SESSION['log'] == 1) {
$mailuserID = $_POST['mailuserID'];
$eintrag = "UPDATE `mailserver`.`virtual_users` SET `active`='0' WHERE `id` LIKE :mailuserID";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':mailuserID' => $mailuserID));
header("Location: ../admin.php?success=1");
exit;
}
header("Location: ../index.php");

63
public/bin/deletemail.php Normal file
View File

@ -0,0 +1,63 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
function delete_directory($dirname)
{
if (is_dir($dirname))
$dir_handle = opendir($dirname);
if (!$dir_handle)
return false;
while ($file = readdir($dir_handle)) {
if ($file != "." && $file != "..") {
if (!is_dir($dirname . "/" . $file))
unlink($dirname . "/" . $file);
else
delete_directory($dirname . '/' . $file);
}
}
closedir($dir_handle);
rmdir($dirname);
return true;
}
session_start();
if ($_SESSION['log'] == 1) {
if ($_SESSION['admin'] == 1) {
$mailuserID = $_POST['mailuserID'];
}
else {
$mailuserID = $_SESSION['mailID'];
}
$abfrage = "SELECT `username` FROM `virtual_users` WHERE `id` = :mailuserID";
$sth = $dbh->prepare($abfrage);
$sth->execute(array('mailuserID' => $mailuserID));
$result = $sth->fetchAll();
$eintrag = "DELETE FROM `mailserver`.`virtual_users` WHERE `id` LIKE :mailuserID";
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':mailuserID' => $mailuserID));
$maildirpath = $config['mailfolderpath'] . $result[0]['username'];
delete_directory($maildirpath);
header("Location: ../admin.php?success=1");
exit;
}
header("Location: ../index.php");
?>

41
public/index.php Normal file
View File

@ -0,0 +1,41 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
session_start();
if (!isset($_SESSION['log']) OR $_SESSION['log'] != 1) {
echo '<html>
<head>
</head>
<body>';
if (isset($_GET['badlogin'])) {
echo '<p>falsche Logindaten</p>';
}
echo '<a href="webmail"><h2>Webmail</h2></a>
<h2>Config-Login:</h2>
<form method="POST" action="login.php">
<label>Nutzername<input name="username" type="text"/></label>
<label>Passwort<input name="password" type="password"/></label>
<input name="Submit" type="submit" value="Einloggen"/>
</form>
<h3>Neues Konto erstellen:</h3>
<a href="bin/createmailpre.php"><button>Kontoerstellung</button></a>
</body>
</html>
';
} else {
header("Location: settings.php");
}
?>

45
public/login.php Normal file
View File

@ -0,0 +1,45 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../private/config.ini');
session_start();
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
$user = $_POST['username'];
$pw = $_POST['password'];
$abfrage = "SELECT `id`, `password`, `email`, `username`, `admin` FROM `virtual_users` WHERE `email` = :username";
$sth = $dbh->prepare($abfrage);
$sth->execute(array(':username' => $user));
$userdata = $sth->fetchAll();
if ($sth->rowCount() > 0) {
if (password_verify($pw, $userdata[0]['password'])) {
$_SESSION['log'] = 1;
$_SESSION['username'] = $userdata[0]['username'];
$_SESSION['email'] = $userdata[0]['email'];
$_SESSION['admin'] = $userdata[0]['admin'];
$_SESSION['mailID'] = $userdata[0]['id'];
header("Location: settings.php");
exit;
}
}
header("Location: index.php?badlogin=1");
exit;
?>

20
public/logout.php Normal file
View File

@ -0,0 +1,20 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
session_start();
session_destroy();
header('Location: index.php');
?>

59
public/settings.php Normal file
View File

@ -0,0 +1,59 @@
<?php
/* Mailadminscript
Copyright (C) 2019 Paul Schürholz contact AT roteserver . de
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
$config = parse_ini_file('../private/config.ini');
try {
$dbh = new PDO('mysql:host=' . $config['dbservername'] . ';dbname=' . $config['dbname'], $config['dbusername'], $config['dbpassword'], array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch (PDOException $e) {
//echo 'Connection failled: '. $e->getMessage(); // Errormessage kann Sicherheitsrelevantes enthalen
echo 'Connection failed';
}
session_start();
if ($_SESSION['log'] == 1) {
echo '<html>
<head>
<title>Roteserver - Mail Settings</title>
</head>
<body>
<h1>Mail Settings:</h1>';
if (isset($_GET['success'])) {
echo '<p>Erfolgreich geändert.</p>';
}
if (isset($_GET['pwnotequal'])) {
echo '<h3>Passwörter nicht gleich!</h3>';
}
if ($_SESSION['admin'] == 1) {
echo '<a href="admin.php"><p>Admin-Settings</p></a>';
}
echo '<a href="logout.php"><button>Logout</button></a>';
echo '<h3>Passwort ändern:</h3>
<form name="changemailpw" method=POST action="bin/changemailpw.php">
<label>Altes Passwort<input type="password" name="oldmailpw"/></label>
<label>Neues Passwort<input type="password" name="newmailpw"/>(min. 8 Zeichen, benutze nicht ' . "'" . ')</label>
<label>Neue Passwort wiederholen<input type="password" name="newmailpwrep"/></label>
<label><p style="font-size: x-small">Schlüssel-Neuerstellung erzwingen</p><p style="font-size: small">ACHTUNG! Alle alten Mails werden dann wahrscheinlich nicht mehr lesbar sein!<input type="checkbox" name="forcekeyregen"/></p></label>
<input type="submit" value="Abschicken"/>
<h3>Mailadresse löschen:</h3>
<form name="deletemail" method=POST action="bin/deletemail.php">
<input type="submit" value="LÖSCHEN"/>
</form>';
echo '</body>
</html>';
exit;
}
header("Location: index.php");
?>