hmrhkr
/
Mailadminscript
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

prevent creation of lists with the address of existing accounts and the other way around

This commit is contained in:
Paul 2021-11-10 15:55:10 +01:00
parent bf56072f20
commit f203bec567
3 changed files with 52 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
public/bin/addmaillist.php
View File

@ -25,21 +25,31 @@ session_start();
if ($_SESSION['log'] == 1 && $_SESSION['admin']) {
if (!isset($_POST['newlistislist'])) $islist = 0; // wenn die checkbox nicht ausgewählt wurde ist die Post Variable nicht gesetzt, dass stört die Datenbank, deshalb wird Null eingertragen
else $islist = $_POST['newlistislist'];
$eintrag = "INSERT INTO `alias_details` (`name`, `owners`, `destinations`, `security`, `islist`) VALUES (:newlistname, :owners, :destinations, :security, :islist)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':newlistname' => $_POST['newlistname'], ':owners' => $_POST['newlistowners'], ':destinations' => $_POST['newlistdestinations'], ':security' => $_POST['newlistsecurity'], ':islist' => $islist));
$newlistid = $dbh->lastInsertID();
foreach (explode(' ', $_POST['newlistowners']) as $maillistowner) {
$maillistownerex = explode('@', $maillistowner);
$eintrag = "INSERT INTO `alias_owner` (`alias_id`, `owner_username`, `owner_domain`) VALUES (:aliasid, :owner_username, :owner_domain)"; // Aliasdaten in MailServer DB eintragen
// check if an account with same address exists
$abfrage = "SELECT 1 FROM `accounts` WHERE `username` = :username AND `domain` = :domain";
$sth = $dbh->prepare($abfrage);
$sth->execute(array(':username' => $_POST['newlistsourceadress'], ':domain' => $_POST['newlistsourcedomain']));
$result = $sth->fetchAll();
// only create the list if no account with the same adress exists
if ($result[0][1] !== 1) {
$newlistsource = $_POST['newlistsourceadress'] . '@' . $_POST['newlistsourcedomain'];
$eintrag = "INSERT INTO `alias_details` (`name`, `owners`, `source`, `destinations`, `security`, `islist`) VALUES (:newlistname, :owners, :source, :destinations, :security, :islist)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $newlistid, ':owner_username' => $maillistownerex[0], ':owner_domain' => $maillistownerex[1]));
}
foreach (explode(' ', $_POST['newlistdestinations']) as $maillistdestination) {
$maillistdestinationex = explode('@', $maillistdestination);
$eintrag = "INSERT INTO `aliases` (`alias_id`, `source_username`, `source_domain`, `destination_username`, `destination_domain`) VALUES (:aliasid, :source_username, :source_domain, :destination_username, :destination_domain)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $newlistid, ':source_username' => $_POST['newlistsourceadress'], ':source_domain' => $_POST['newlistsourcedomain'], ':destination_username' => $maillistdestinationex[0], ':destination_domain' => $maillistdestinationex[1]));
$sth->execute(array(':newlistname' => $_POST['newlistname'], ':owners' => $_POST['newlistowners'], ':source' => $newlistsource, ':destinations' => $_POST['newlistdestinations'], ':security' => $_POST['newlistsecurity'], ':islist' => $islist));
$newlistid = $dbh->lastInsertID();
foreach (explode(' ', $_POST['newlistowners']) as $maillistowner) {
$maillistownerex = explode('@', $maillistowner);
$eintrag = "INSERT INTO `alias_owner` (`alias_id`, `owner_username`, `owner_domain`) VALUES (:aliasid, :owner_username, :owner_domain)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $newlistid, ':owner_username' => $maillistownerex[0], ':owner_domain' => $maillistownerex[1]));
}
foreach (explode(' ', $_POST['newlistdestinations']) as $maillistdestination) {
$maillistdestinationex = explode('@', $maillistdestination);
$eintrag = "INSERT INTO `aliases` (`alias_id`, `source_username`, `source_domain`, `destination_username`, `destination_domain`) VALUES (:aliasid, :source_username, :source_domain, :destination_username, :destination_domain)"; // Aliasdaten in MailServer DB eintragen
$sth = $dbh->prepare($eintrag);
$sth->execute(array(':aliasid' => $newlistid, ':source_username' => $_POST['newlistsourceadress'], ':source_domain' => $_POST['newlistsourcedomain'], ':destination_username' => $maillistdestinationex[0], ':destination_domain' => $maillistdestinationex[1]));
}
}
}
header("Location: maillistsettings.php");

13
public/bin/createmailuser.php
View File

@ -65,12 +65,19 @@ function createmailuser($newmailusername, $newmaildomainid, $newmailpw, $newmail
}
if (strlen($newmailpw) >= 8) {
if ($newmailpw == $newmailpwrep) {
// check if an account with same address exists
$abfrage = "SELECT 1 FROM `accounts` WHERE `username` = :newmailusername AND `domain` = :newmaildomain";
$sth = $dbh->prepare($abfrage);
$sth->execute(array(':newmailusername' => $newmailusername, ':newmaildomain' => $newmaildomain));
$result = $sth->fetchAll();
//print_r($result);
if ($result[0][1] !== 1) {
// check if a list with same address exists
$abfrage = "SELECT 1 FROM `aliases` WHERE `source_username` = :source_username AND `source_domain` = :source_domain";
$sth = $dbh->prepare($abfrage);
$sth->execute(array(':source_username' => $newmailusername, ':source_domain' => $newmaildomain));
$result_list = $sth->fetchAll();
if ($result[0][1] !== 1 and $result_list[0][1] !== 1 ) {
$newmailpwhashed = password_hash($newmailpw, PASSWORD_ARGON2I, ['memory_cost' => 32768, 'time_cost' => 4]);
//$createdtimestamp = date("Y-m-d H:i:s");
// if ($config['maildirencryption']) {
@ -109,7 +116,7 @@ function createmailuser($newmailusername, $newmaildomainid, $newmailpw, $newmail
exit;
} else { // Emailadresse ist bereits registriert
if ($admin == 1) {
header("Location: ../admin.php?fehler=Mail besteht schon");
header("Location: ../admin.php?fehler=Mail oder Liste besteht schon");
exit;
} else {
header("Location: createmailpre.php?mailalreadytaken=1");

24
public/bin/editlist.php
View File

@ -59,13 +59,25 @@ if ($_SESSION['log'] == 1) {
$newlistsource = $_POST['newlistsource'];
$newlistsourceexp = explode('@', $newlistsource);
if ($newlistsource != $oldlistsource) {
$abfrage = "UPDATE `alias_details` SET `source` = :source WHERE `id` LIKE :alias_id";
$result = $dbh->prepare($abfrage);
$result->execute(array(':source' => $newlistsource, ':alias_id' => $_POST['editlistid']));
// check if an account with same address exists
$abfrage = "SELECT 1 FROM `accounts` WHERE `username` = :username AND `domain` = :domain";
$sth = $dbh->prepare($abfrage);
$sth->execute(array(':username' => $newlistsourceexp[0], ':domain' => $newlistsourceexp[1]));
$result = $sth->fetchAll();
if ($result[0][1] !== 1) {
$abfrage = "UPDATE `alias_details` SET `source` = :source WHERE `id` LIKE :alias_id";
$result = $dbh->prepare($abfrage);
$result->execute(array(':source' => $newlistsource, ':alias_id' => $_POST['editlistid']));
$abfrage = "UPDATE `aliases` SET `source_username` = :source_username, `source_domain` = :source_domain WHERE `alias_id` LIKE :alias_id";
$result = $dbh->prepare($abfrage);
$result->execute(array(':source_username' => $newlistsourceexp[0], ':source_domain' => $newlistsourceexp[1], ':alias_id' => $_POST['editlistid']));
$abfrage = "UPDATE `aliases` SET `source_username` = :source_username, `source_domain` = :source_domain WHERE `alias_id` LIKE :alias_id";
$result = $dbh->prepare($abfrage);
$result->execute(array(':source_username' => $newlistsourceexp[0], ':source_domain' => $newlistsourceexp[1], ':alias_id' => $_POST['editlistid']));
}
else {
$newlistsource = $oldlistsource;
$newlistsourceexp = explode('@', $newlistsource);
}
}
}
else {