2022-05-15 19:39:39 +00:00
< ? php
use Egulias\EmailValidator\EmailLexer ;
use Egulias\EmailValidator\EmailParser ;
require_once ( '../common_config.php' );
2022-12-31 20:27:40 +00:00
global $language , $dir , $locale ;
2022-05-15 19:39:39 +00:00
session_start ();
if ( empty ( $_SESSION [ 'csrf_token' ] ) ) {
$_SESSION [ 'csrf_token' ] = sha1 ( uniqid () );
}
$msg = '' ;
$db = get_db_instance ();
if ( ! empty ( $_SESSION [ 'email_admin_user' ] ) ) {
$stmt = $db -> prepare ( 'SELECT null FROM admin WHERE username=? AND active = 1;' );
$stmt -> execute ( [ $_SESSION [ 'email_admin_user' ] ] );
if ( ! $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
$_SESSION = [];
session_regenerate_id ( true );
$_SESSION [ 'csrf_token' ] = sha1 ( uniqid () );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . _ ( 'It looks like your user no longer exists!' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
}
if ( $_SERVER [ 'REQUEST_METHOD' ] === 'POST' ) {
if ( isset ( $_POST [ 'action' ] ) ) {
if ( $_SESSION [ 'csrf_token' ] !== $_POST [ 'csrf_token' ] ? ? '' ) {
2022-12-31 20:27:40 +00:00
die ( 'Invalid CSRF token' );
2022-05-15 19:39:39 +00:00
}
if ( $_POST [ 'action' ] === 'logout' ) {
$_SESSION = [];
session_regenerate_id ( true );
$_SESSION [ 'csrf_token' ] = sha1 ( uniqid () );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully logged out' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} elseif ( $_POST [ 'action' ] === 'login' ) {
if ( empty ( $_POST [ 'user' ] ) ) {
$ok = false ;
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . _ ( 'Invalid username' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
$stmt = $db -> prepare ( 'SELECT username, password, password_hash_type, superadmin FROM admin WHERE username = ? AND active = 1;' );
$stmt -> execute ( [ $_POST [ 'user' ] ] );
if ( $tmp = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
if ( empty ( $_POST [ 'pwd' ] ) || ! password_verify ( $_POST [ 'pwd' ], $tmp [ 'password' ] ) ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . _ ( 'Incorrect username or password' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} else {
$_SESSION [ 'email_admin_user' ] = $tmp [ 'username' ];
$_SESSION [ 'email_admin_superadmin' ] = ( bool ) $tmp [ 'superadmin' ];
// update password hash if it's using an old hashing algorithm
if ( $tmp [ 'password_hash_type' ] !== '{ARGON2ID}' ) {
$hash = password_hash ( $_POST [ 'pwd' ], PASSWORD_ARGON2ID );
$stmt = $db -> prepare ( 'UPDATE admin SET password_hash_type = "{ARGON2ID}", password = ? WHERE username = ? AND active = 1;' );
$stmt -> execute ( [ $hash , $_SESSION [ 'email_admin_user' ] ] );
}
}
} else {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . _ ( 'Incorrect username or password' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
} elseif ( ! empty ( $_SESSION [ 'email_admin_user' ] ) ) {
if ( $_POST [ 'action' ] === 'update_alias' ) {
$alias_goto = '' ;
if ( isset ( $_POST [ 'alias_keep_copy' ] ) ) {
$alias_goto .= $_SESSION [ 'email_admin_user' ] . ',' ;
}
if ( ! empty ( $_POST [ 'alias_to' ] ) ) {
$additional = preg_split ( " /[ \ s,]+/ " , $_POST [ 'alias_to' ] );
$alias_goto .= validate_email_list ( $additional , $msg );
}
$alias_goto = rtrim ( $alias_goto , ',' );
$stmt = $db -> prepare ( 'UPDATE alias SET goto = ? WHERE address = ? AND active = 1;' );
$stmt -> execute ( [ $alias_goto , $_SESSION [ 'email_admin_user' ] ] );
} elseif ( $_POST [ 'action' ] === 'delete_admin' && ! empty ( $_POST [ 'admin' ] ) && $_SESSION [ 'email_admin_superadmin' ] ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . sprintf ( _ ( 'Warning: This will permanently delete the admin account "%s". It cannot be reversed. Are you absolutely sure?' ), htmlspecialchars ( $_POST [ 'admin' ] ) ) . '</div>' ;
2022-05-15 19:39:39 +00:00
$msg .= '<form method="post"><input type="hidden" name="csrf_token" value="' . $_SESSION [ 'csrf_token' ] . '">' ;
$msg .= '<input type="hidden" name="admin" value="' . htmlspecialchars ( $_POST [ 'admin' ] ) . '">' ;
2022-12-31 20:27:40 +00:00
$msg .= '<button type="submit" name="action" value="delete_admin2">' . _ ( 'Yes, I want to permanently delete this admin account' ) . '</button></form>' ;
2022-05-15 19:39:39 +00:00
} elseif ( $_POST [ 'action' ] === 'delete_domain' && ! empty ( $_POST [ 'domain' ] ) && $_SESSION [ 'email_admin_superadmin' ] ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . sprintf ( _ ( 'Warning: This will permanently delete the domain "%s". It cannot be reversed. Are you absolutely sure?' ), htmlspecialchars ( $_POST [ 'domain' ] ) ) . '</div>' ;
2022-05-15 19:39:39 +00:00
$msg .= '<form method="post"><input type="hidden" name="csrf_token" value="' . $_SESSION [ 'csrf_token' ] . '">' ;
$msg .= '<input type="hidden" name="domain" value="' . htmlspecialchars ( $_POST [ 'domain' ] ) . '">' ;
2022-12-31 20:27:40 +00:00
$msg .= '<button type="submit" name="action" value="delete_domain2">' . _ ( 'Yes, I want to permanently delete this domain' ) . '</button></form>' ;
2022-05-15 19:39:39 +00:00
} elseif ( $_POST [ 'action' ] === 'delete_alias_domain' && ! empty ( $_POST [ 'alias_domain' ] ) && $_SESSION [ 'email_admin_superadmin' ] ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . sprintf ( _ ( 'Warning: This will permanently delete the alias domain "%s". It cannot be reversed. Are you absolutely sure?' ), htmlspecialchars ( $_POST [ 'alias_domain' ] ) ) . '</div>' ;
2022-05-15 19:39:39 +00:00
$msg .= '<form method="post"><input type="hidden" name="csrf_token" value="' . $_SESSION [ 'csrf_token' ] . '">' ;
$msg .= '<input type="hidden" name="alias_domain" value="' . htmlspecialchars ( $_POST [ 'alias_domain' ] ) . '">' ;
2022-12-31 20:27:40 +00:00
$msg .= '<button type="submit" name="action" value="delete_alias_domain2">' . _ ( 'Yes, I want to permanently delete this alias domain' ) . '</button></form>' ;
2022-05-15 19:39:39 +00:00
} elseif ( $_POST [ 'action' ] === 'delete_alias' && ! empty ( $_POST [ 'alias' ] ) ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . sprintf ( _ ( 'Warning: This will permanently delete the alias "%s". It cannot be reversed. Are you absolutely sure?' ), htmlspecialchars ( $_POST [ 'alias' ] ) ) . '</div>' ;
2022-05-15 19:39:39 +00:00
$msg .= '<form method="post"><input type="hidden" name="csrf_token" value="' . $_SESSION [ 'csrf_token' ] . '">' ;
$msg .= '<input type="hidden" name="alias" value="' . htmlspecialchars ( $_POST [ 'alias' ] ) . '">' ;
2022-12-31 20:27:40 +00:00
$msg .= '<button type="submit" name="action" value="delete_alias2">' . _ ( 'Yes, I want to permanently delete this alias' ) . '</button></form>' ;
2022-05-15 19:39:39 +00:00
} elseif ( $_POST [ 'action' ] === 'delete_mailbox' && ! empty ( $_POST [ 'user' ] ) ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . sprintf ( _ ( 'Warning: This will permanently delete the mailbox "%s". It cannot be reversed. Are you absolutely sure?' ), htmlspecialchars ( $_POST [ 'user' ] ) ) . '</div>' ;
2022-05-15 19:39:39 +00:00
$msg .= '<form method="post"><input type="hidden" name="csrf_token" value="' . $_SESSION [ 'csrf_token' ] . '">' ;
$msg .= '<input type="hidden" name="user" value="' . htmlspecialchars ( $_POST [ 'user' ] ) . '">' ;
2022-12-31 20:27:40 +00:00
$msg .= '<button type="submit" name="action" value="delete_mailbox2">' . _ ( 'Yes, I want to permanently delete this mailbox' ) . '</button></form>' ;
2022-05-15 19:39:39 +00:00
} elseif ( $_POST [ 'action' ] === 'delete_admin2' && ! empty ( $_POST [ 'admin' ] ) && $_SESSION [ 'email_admin_superadmin' ] ) {
if ( $_SESSION [ 'email_admin_user' ] === $_POST [ 'admin' ] ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . _ ( 'You can\'t delete your own admin account!' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} else {
$stmt = $db -> prepare ( 'DELETE FROM admin WHERE username = ?;' );
$stmt -> execute ( [ $_POST [ 'admin' ] ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully deleted admin account.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
} elseif ( $_POST [ 'action' ] === 'delete_domain2' && ! empty ( $_POST [ 'domain' ] ) && $_SESSION [ 'email_admin_superadmin' ] ) {
$stmt = $db -> prepare ( 'UPDATE domain SET active = -1 WHERE domain = ?;' );
$stmt -> execute ( [ $_POST [ 'domain' ] ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully deleted domain.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} elseif ( $_POST [ 'action' ] === 'delete_alias_domain2' && ! empty ( $_POST [ 'alias_domain' ] ) && $_SESSION [ 'email_admin_superadmin' ] ) {
$stmt = $db -> prepare ( 'DELETE FROM alias_domain WHERE alias_domain = ?;' );
$stmt -> execute ( [ $_POST [ 'alias_domain' ] ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully deleted alias domain.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} elseif ( $_POST [ 'action' ] === 'delete_alias2' && ! empty ( $_POST [ 'alias' ] ) ) {
if ( check_domain_access ( $_POST [ 'alias' ], $msg ) ) {
$stmt = $db -> prepare ( 'DELETE FROM alias WHERE address = ?;' );
$stmt -> execute ( [ $_POST [ 'alias' ] ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully deleted alias.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
} elseif ( $_POST [ 'action' ] === 'delete_mailbox2' && ! empty ( $_POST [ 'user' ] ) ) {
if ( check_domain_access ( $_POST [ 'user' ], $msg ) ) {
$stmt = $db -> prepare ( 'UPDATE mailbox SET active = -2 WHERE username = ?;' );
$stmt -> execute ( [ $_POST [ 'user' ] ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully deleted mailbox.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
} elseif ( $_POST [ 'action' ] === 'save_edit_admin' && ! empty ( $_POST [ 'admin' ] ) && ( $_SESSION [ 'email_admin_superadmin' ] || $_POST [ 'admin' ] === $_SESSION [ 'email_admin_user' ] ) ) {
$stmt = $db -> prepare ( 'SELECT null FROM admin WHERE username = ?;' );
$stmt -> execute ( [ $_POST [ 'admin' ] ] );
if ( ! $stmt -> fetch () ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . sprintf ( _ ( 'Oops, it looks like the admin account "%s" doesn\'t exist.' ), htmlspecialchars ( $_POST [ 'admin' ] ) ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} else {
if ( ! empty ( $_POST [ 'pass_update' ] ) ) {
if ( empty ( $_POST [ 'pass_update2' ] ) || $_POST [ 'pass_update' ] !== $_POST [ 'pass_update2' ] ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . _ ( 'Passwords don\'t match!' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} else {
$hash = password_hash ( $_POST [ 'pass_update' ], PASSWORD_ARGON2ID );
$stmt = $db -> prepare ( 'UPDATE admin SET password_hash_type = "{ARGON2ID}", password = ?, modified = NOW() WHERE username = ?;' );
$stmt -> execute ( [ $hash , $_POST [ 'admin' ] ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully updated password.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
}
if ( $_SESSION [ 'email_admin_superadmin' ] ) {
if ( $_POST [ 'admin' ] !== $_SESSION [ 'email_admin_user' ] ) {
$active = isset ( $_POST [ 'active' ] ) ? 1 : 0 ;
$superadmin = isset ( $_POST [ 'superadmin' ] ) ? 1 : 0 ;
$stmt = $db -> prepare ( 'UPDATE admin SET superadmin = ?, active = ?, modified = NOW() WHERE username = ?;' );
$stmt -> execute ( [ $superadmin , $active , $_POST [ 'admin' ] ] );
}
$managed_domains = [];
$stmt = $db -> prepare ( 'SELECT domain FROM domain_admins WHERE username = ?;' );
$stmt -> execute ( [ $_POST [ 'admin' ] ] );
while ( $tmp = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
$managed_domains [] = $tmp [ 'domain' ];
}
foreach ( $managed_domains as $domain ) {
if ( ! in_array ( $domain , $_POST [ 'domains' ], true ) ) {
$stmt = $db -> prepare ( 'DELETE FROM domain_admins WHERE username = ? AND domain = ?;' );
$stmt -> execute ( [ $_POST [ 'admin' ], $domain ] );
}
}
foreach ( $_POST [ 'domains' ] as $domain ) {
if ( ! in_array ( $domain , $managed_domains , true ) ) {
$stmt = $db -> prepare ( 'INSERT INTO domain_admins (username, domain) VALUES (?, ?);' );
$stmt -> execute ( [ $_POST [ 'admin' ], $domain ] );
}
}
}
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully edited admin account.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
} elseif ( $_POST [ 'action' ] === 'save_new_admin' && ! empty ( $_POST [ 'admin' ] ) && $_SESSION [ 'email_admin_superadmin' ] ) {
$stmt = $db -> prepare ( 'SELECT null FROM admin WHERE username = ?;' );
$stmt -> execute ( [ $_POST [ 'admin' ] ] );
if ( $stmt -> fetch () ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . sprintf ( _ ( 'Oops, it looks like the admin account "%s" already exists.' ), htmlspecialchars ( $_POST [ 'admin' ] ) ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} else {
if ( empty ( $_POST [ 'pass_update2' ] ) || $_POST [ 'pass_update' ] !== $_POST [ 'pass_update2' ] ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . _ ( 'Passwords empty or don\'t match' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} else {
$hash = password_hash ( $_POST [ 'pass_update' ], PASSWORD_ARGON2ID );
$active = isset ( $_POST [ 'active' ] ) ? 1 : 0 ;
$superadmin = isset ( $_POST [ 'superadmin' ] ) ? 1 : 0 ;
$stmt = $db -> prepare ( 'INSERT INTO admin (password_hash_type, password, superadmin, active, username, created, modified) VALUES ("{ARGON2ID}", ?, ?, ?, ?, NOW(), NOW());' );
$stmt -> execute ( [ $hash , $superadmin , $active , $_POST [ 'admin' ] ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully created admin account.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
}
} elseif ( $_POST [ 'action' ] === 'save_edit_domain' && ! empty ( $_POST [ 'domain' ] ) && $_SESSION [ 'email_admin_superadmin' ] ) {
$stmt = $db -> prepare ( 'SELECT null FROM domain WHERE domain = ?;' );
$stmt -> execute ( [ $_POST [ 'domain' ] ] );
if ( ! $stmt -> fetch () ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . sprintf ( _ ( 'Oops, it looks like the domain "%s" doesn\'t exists.' ), htmlspecialchars ( $_POST [ 'domain' ] ) ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} else {
$active = isset ( $_POST [ 'active' ] ) ? 1 : 0 ;
$stmt = $db -> prepare ( 'UPDATE domain set active = ?, modified = NOW() WHERE domain = ?;' );
$stmt -> execute ( [ $active , $_POST [ 'domain' ] ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully updated domain.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
} elseif ( $_POST [ 'action' ] === 'save_edit_alis_domain' && ! empty ( $_POST [ 'alias_domain' ] ) && $_SESSION [ 'email_admin_superadmin' ] ) {
$stmt = $db -> prepare ( 'SELECT null FROM alias_domain WHERE alias_domain = ?;' );
$stmt -> execute ( [ $_POST [ 'alias_domain' ] ] );
if ( ! $stmt -> fetch () ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . sprintf ( _ ( 'Oops, it looks like the alias domain "%s" doesn\'t exists.' ), htmlspecialchars ( $_POST [ 'alias_domain' ] ) ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} else {
$active = isset ( $_POST [ 'active' ] ) ? 1 : 0 ;
$stmt = $db -> prepare ( 'UPDATE alias_domain set active = ?, modified = NOW() WHERE alias_domain = ?;' );
$stmt -> execute ( [ $active , $_POST [ 'alias_domain' ] ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully updated alias domain.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
} elseif ( $_POST [ 'action' ] === 'save_new_domain' && ! empty ( $_POST [ 'domain' ] ) && $_SESSION [ 'email_admin_superadmin' ] ) {
2022-12-30 12:31:57 +00:00
$stmt = $db -> prepare ( 'SELECT null FROM domain WHERE domain = ? UNION SELECT null FROM alias_domain WHERE alias_domain = ?;' );
$stmt -> execute ( [ $_POST [ 'domain' ], $_POST [ 'domain' ] ] );
2022-05-15 19:39:39 +00:00
if ( $stmt -> fetch () ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . sprintf ( _ ( 'Oops, it looks like the domain "%s" already exists.' ), htmlspecialchars ( $_POST [ 'domain' ] ) ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} else {
2022-12-31 20:27:40 +00:00
$ascii_domain = idn_to_ascii ( $_POST [ 'domain' ], IDNA_NONTRANSITIONAL_TO_ASCII );
$utf8_domain = idn_to_utf8 ( $_POST [ 'domain' ], IDNA_NONTRANSITIONAL_TO_UNICODE );
2022-05-15 19:39:39 +00:00
$active = isset ( $_POST [ 'active' ] ) ? 1 : 0 ;
$stmt = $db -> prepare ( 'INSERT INTO domain (active, domain, created, modified) VALUES (?, ?, NOW(), NOW());' );
2022-12-30 12:31:57 +00:00
$stmt -> execute ( [ $active , $utf8_domain ] );
if ( $ascii_domain !== $utf8_domain ){
$stmt = $db -> prepare ( 'INSERT INTO alias_domain (active, alias_domain, target_domain, created, modified) VALUES (1, ?, ?, NOW(), NOW());' );
$stmt -> execute ( [ $ascii_domain , $utf8_domain ] );
}
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully created domain.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
} elseif ( $_POST [ 'action' ] === 'save_new_alias_domain' && ! empty ( $_POST [ 'alias_domain' ] ) && $_SESSION [ 'email_admin_superadmin' ] ) {
2022-12-30 12:31:57 +00:00
$stmt = $db -> prepare ( 'SELECT null FROM domain WHERE domain = ? UNION SELECT null FROM alias_domain WHERE alias_domain = ?;' );
$stmt -> execute ( [ $_POST [ 'alias_domain' ], $_POST [ 'alias_domain' ] ] );
2022-05-15 19:39:39 +00:00
if ( $stmt -> fetch () ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . sprintf ( _ ( 'Oops, it looks like the alias domain "%s" already exists.' ), htmlspecialchars ( $_POST [ 'alias_domain' ] ) ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} else {
2022-12-31 20:27:40 +00:00
$ascii_domain = idn_to_ascii ( $_POST [ 'alias_domain' ], IDNA_NONTRANSITIONAL_TO_ASCII );
$utf8_domain = idn_to_utf8 ( $_POST [ 'alias_domain' ], IDNA_NONTRANSITIONAL_TO_UNICODE );
2022-05-15 19:39:39 +00:00
$active = isset ( $_POST [ 'active' ] ) ? 1 : 0 ;
$stmt = $db -> prepare ( 'INSERT INTO alias_domain (active, alias_domain, target_domain, created, modified) VALUES (?, ?, ?, NOW(), NOW());' );
2022-12-30 12:31:57 +00:00
$stmt -> execute ( [ $active , $utf8_domain , $_POST [ 'target_domain' ] ] );
if ( $ascii_domain !== $utf8_domain ){
$stmt = $db -> prepare ( 'INSERT INTO alias_domain (active, alias_domain, target_domain, created, modified) VALUES (?, ?, ?, NOW(), NOW());' );
$stmt -> execute ( [ $active , $ascii_domain , $_POST [ 'target_domain' ] ] );
}
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully created alias domain.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
} elseif ( $_POST [ 'action' ] === 'save_new_alias' && ! empty ( $_POST [ 'alias' ] ) && ! empty ( $_POST [ 'target' ] ) ) {
$ok = check_email_valid ( $_POST [ 'alias' ], $msg );
if ( $ok ) {
$ok = check_domain_access ( $_POST [ 'alias' ], $msg );
}
if ( $ok ) {
$targets = preg_split ( " /[ \ s,]+/ " , $_POST [ 'target' ] );
$alias_goto = validate_email_list ( $targets , $msg );
$stmt = $db -> prepare ( 'SELECT null FROM alias WHERE address = ?;' );
$stmt -> execute ( [ $_POST [ 'alias' ] ] );
if ( $stmt -> fetch () ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . sprintf ( _ ( 'Oops, it looks like the alias "%s" already exists.' ), htmlspecialchars ( $_POST [ 'alias' ] ) ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} else {
$parser = new EmailParser ( new EmailLexer () );
$parser -> parse ( $_POST [ 'alias' ] );
$domain = $parser -> getDomainPart ();
$active = isset ( $_POST [ 'active' ] ) ? 1 : 0 ;
$enforce_tls_in = isset ( $_POST [ 'enforce_tls_in' ] ) ? 1 : 0 ;
$stmt = $db -> prepare ( 'INSERT INTO alias (goto, address, domain, active, created, modified, enforce_tls_in) VALUES (?, ?, ?, ?, NOW(), NOW(), ?);' );
$stmt -> execute ( [ $alias_goto , $_POST [ 'alias' ], $domain , $active , $enforce_tls_in ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully added alias.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
}
} elseif ( $_POST [ 'action' ] === 'save_edit_alias' && ! empty ( $_POST [ 'alias' ] ) && ! empty ( $_POST [ 'target' ] ) ) {
$ok = check_email_valid ( $_POST [ 'alias' ], $msg );
if ( $ok ) {
$ok = check_domain_access ( $_POST [ 'alias' ], $msg );
}
if ( $ok ) {
$targets = preg_split ( " /[ \ s,]+/ " , $_POST [ 'target' ] );
$alias_goto = validate_email_list ( $targets , $msg );
$active = isset ( $_POST [ 'active' ] ) ? 1 : 0 ;
$enforce_tls_in = isset ( $_POST [ 'enforce_tls_in' ] ) ? 1 : 0 ;
$stmt = $db -> prepare ( 'UPDATE alias SET goto = ?, active = ?, enforce_tls_in = ?, modified = NOW() WHERE address = ?;' );
$stmt -> execute ( [ $alias_goto , $active , $enforce_tls_in , $_POST [ 'alias' ] ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully updated alias.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
} elseif ( $_POST [ 'action' ] === 'save_edit_mailbox' && ! empty ( $_POST [ 'user' ] ) ) {
$ok = check_email_valid ( $_POST [ 'user' ], $msg );
if ( $ok ) {
$ok = check_domain_access ( $_POST [ 'user' ], $msg );
}
if ( $ok ) {
$alias_goto = '' ;
if ( isset ( $_POST [ 'alias_keep_copy' ] ) ) {
$alias_goto .= $_POST [ 'user' ] . ',' ;
}
if ( ! empty ( $_POST [ 'alias_to' ] ) ) {
$additional = preg_split ( " /[ \ s,]+/ " , $_POST [ 'alias_to' ] );
$alias_goto .= validate_email_list ( $additional , $msg );
}
$quota = 1024 * 1024 * 1024 ;
$alias_goto = rtrim ( $alias_goto , ',' );
$stmt = $db -> prepare ( 'UPDATE alias SET goto = ?, enforce_tls_in = ?, active = ? WHERE address = ?;' );
$stmt -> execute ( [ $alias_goto , ( isset ( $_POST [ 'enforce_tls_in' ] ) ? 1 : 0 ), ( isset ( $_POST [ 'active' ] ) ? 1 : 0 ), $_POST [ 'user' ] ] );
$stmt = $db -> prepare ( 'UPDATE mailbox SET enforce_tls_in = ?, enforce_tls_out = ?, active = ?, quota = ?, modified = NOW() WHERE username = ?;' );
$stmt -> execute ( [ ( isset ( $_POST [ 'enforce_tls_in' ] ) ? 1 : 0 ), ( isset ( $_POST [ 'enforce_tls_out' ] ) ? 1 : 0 ), ( isset ( $_POST [ 'active' ] ) ? 1 : 0 ), $quota , $_POST [ 'user' ] ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully updated mailbox.' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
} elseif ( $_POST [ 'action' ] === 'save_new_mailbox' && ! empty ( $_POST [ 'user' ] ) ) {
$email = $_POST [ 'user' ];
$ok = check_email_valid ( $email , $msg );
if ( $ok ) {
$ok = check_domain_access ( $email , $msg );
}
if ( $ok ) {
$stmt = $db -> prepare ( 'SELECT null FROM mailbox WHERE username = ? UNION SELECT null FROM alias WHERE address = ?;' );
$stmt -> execute ( [ $email , $email ] );
if ( $stmt -> fetch () ) {
$ok = false ;
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . _ ( 'Sorry, this user already exists' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
if ( $ok ) {
$parser = new EmailParser ( new EmailLexer () );
$parser -> parse ( $email );
$user = $parser -> getLocalPart ();
$domain = $parser -> getDomainPart ();
$hash = password_hash ( $_POST [ 'pwd' ], PASSWORD_ARGON2ID );
$quota = 50 * 1024 * 1024 ;
$alias_goto = '' ;
if ( isset ( $_POST [ 'alias_keep_copy' ] ) ) {
$alias_goto .= $email . ',' ;
}
if ( ! empty ( $_POST [ 'alias_to' ] ) ) {
$additional = preg_split ( " /[ \ s,]+/ " , $_POST [ 'alias_to' ] );
$alias_goto .= validate_email_list ( $additional , $msg );
}
$alias_goto = rtrim ( $alias_goto , ',' );
$stmt = $db -> prepare ( 'INSERT INTO alias (address, goto, domain, created, modified, enforce_tls_in, active) VALUES (?, ?, ?, NOW(), NOW(), ?, ?);' );
$stmt -> execute ( [ $email , $alias_goto , $domain , ( isset ( $_POST [ 'enforce_tls_in' ] ) ? 1 : 0 ), ( isset ( $_POST [ 'active' ] ) ? 1 : 0 ) ] );
$stmt = $db -> prepare ( 'INSERT INTO mailbox (username, password, quota, local_part, domain, created, modified, password_hash_type, openpgpkey_wkd, enforce_tls_in, enforce_tls_out, active) VALUES(?, ?, ?, ?, ?, NOW(), NOW(), ?, ?, ?, ?, ?);' );
$stmt -> execute ( [ $email , $hash , $quota , $user , $domain , '{ARGON2ID}' , z_base32_encode ( hash ( 'sha1' , mb_strtolower ( $user ), true ) ), ( isset ( $_POST [ 'enforce_tls_in' ] ) ? 1 : 0 ), ( isset ( $_POST [ 'enforce_tls_out' ] ) ? 1 : 0 ), ( isset ( $_POST [ 'active' ] ) ? 1 : 0 ) ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully created new mailbox!' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
}
} elseif ( $_POST [ 'action' ] === 'save_password_mailbox' && ! empty ( $_POST [ 'user' ] ) ) {
$ok = check_email_valid ( $_POST [ 'user' ], $msg );
if ( $ok ) {
$ok = check_domain_access ( $_POST [ 'user' ], $msg );
}
if ( $ok ) {
if ( empty ( $_POST [ 'pass_update' ] ) || empty ( $_POST [ 'pass_update2' ] ) || $_POST [ 'pass_update' ] !== $_POST [ 'pass_update2' ] ) {
2022-12-31 20:27:40 +00:00
$msg .= '<div class="red" role="alert">' . _ ( 'Passwords empty or don\'t match' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
} else {
$hash = password_hash ( $_POST [ 'pass_update' ], PASSWORD_ARGON2ID );
$stmt = $db -> prepare ( 'UPDATE mailbox SET password_hash_type = "{ARGON2ID}", password = ? WHERE username = ?;' );
$stmt -> execute ( [ $hash , $_POST [ 'user' ] ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully updated password' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
}
} elseif ( $_POST [ 'action' ] === 'disable_tfa_mailbox' && ! empty ( $_POST [ 'user' ] ) ) {
$ok = check_email_valid ( $_POST [ 'user' ], $msg );
if ( $ok ) {
$ok = check_domain_access ( $_POST [ 'user' ], $msg );
}
if ( $ok ) {
$stmt = $db -> prepare ( 'UPDATE mailbox SET tfa = 0 WHERE username = ?;' );
$stmt -> execute ( [ $_POST [ 'user' ] ] );
2022-12-31 20:27:40 +00:00
$msg .= '<div class="green" role="alert">' . _ ( 'Successfully disabled two-factor authentication' ) . '</div>' ;
2022-05-15 19:39:39 +00:00
}
}
}
}
}
?>
<! DOCTYPE html >
2022-12-31 20:27:40 +00:00
< html lang = " <?php echo $language ; ?> " dir = " <?php echo $dir ; ?> " >
2022-05-15 19:39:39 +00:00
< head >
2022-12-31 20:27:40 +00:00
< title >< ? php echo _ ( 'E-Mail and XMPP - Admin management' ); ?> </title>
2022-05-15 19:39:39 +00:00
< meta http - equiv = " Content-Type " content = " text/html; charset=utf-8 " >
< meta name = " author " content = " Daniel Winzen " >
< meta name = " viewport " content = " width=device-width, initial-scale=1 " >
2022-12-31 20:27:40 +00:00
< meta name = " description " content = " <?php echo _('Lets domain owners manage their email domain and user accounts.'); ?> " >
< link rel = " canonical " href = " <?php echo CANONICAL_URL; ?>admin.php " >
< link rel = " alternate " href = " <?php echo CANONICAL_URL; ?>admin.php " hreflang = " x-default " >
< ? php alt_links (); ?>
< meta property = " og:type " content = " website " >
< meta property = " og:title " content = " <?php echo _('E-Mail and XMPP - Admin management'); ?> " >
< meta property = " og:description " content = " <?php echo _('Lets domain owners manage their email domain and user accounts.'); ?> " >
< meta property = " og:url " content = " <?php echo CANONICAL_URL; ?>admin.php " >
< meta property = " og:locale " content = " <?php echo $locale ; ?> " >
2023-01-01 13:41:36 +00:00
< script type = " application/ld+json " > { " @context " : " https://schema.org " , " @type " : " WebPage " , " name " : " <?php echo _('E-Mail and XMPP - Admin management'); ?> " , " description " : " <?php echo _('Lets domain owners manage their email domain and user accounts.'); ?> " } </ script >
2022-05-15 19:39:39 +00:00
</ head >
< body >
2022-12-31 20:27:40 +00:00
< main >< h1 >< ? php echo _ ( 'E-Mail and XMPP - Admin management' ); ?> </h1>
< ? php
if ( ! empty ( $_SESSION [ 'email_admin_user' ] ) ) { ?>
2022-05-15 19:39:39 +00:00
< form method = " post " >< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
2022-12-31 20:27:40 +00:00
< p >< ? php printf ( _ ( 'Logged in as %s' ), htmlspecialchars ( $_SESSION [ 'email_admin_user' ] ) ); ?> |
< button name = " action " value = " logout " type = " submit " >< ? php echo _ ( 'Logout' ); ?> </button><?php
2022-05-15 19:39:39 +00:00
if ( $_SESSION [ 'email_admin_superadmin' ] ) {
2022-12-31 20:27:40 +00:00
?> | <a href="?action=admins"><?php echo _('Manage admins'); ?></a><?php
?> | <a href="?action=alias_domains"><?php echo _('Manage alias domains'); ?></a><?php
2022-05-15 19:39:39 +00:00
} else {
2022-12-31 20:27:40 +00:00
?> | <a href="?action=edit_admin"><?php echo _('Manage your admin account'); ?></a><?php
2022-05-15 19:39:39 +00:00
}
2022-12-31 20:27:40 +00:00
?> | <a href="?action=domains"><?php echo _('Manage domains'); ?></a><?php
?> | <a href="?action=alias"><?php echo _('Manage aliases'); ?></a><?php
?> | <a href="?action=mailbox"><?php echo _('Manage mailboxes'); ?></a><?php
2022-05-15 19:39:39 +00:00
?> </p></form><?php
}
echo " <p> $msg </p> " ;
if ( empty ( $_SESSION [ 'email_admin_user' ] ) ) { ?>
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " user " >< ? php echo _ ( 'Username' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " text " name = " user " id = " user " autocomplete = " username " required ></ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " pwd " >< ? php echo _ ( 'Password' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " password " name = " pwd " id = " pwd " autocomplete = " new-password " required ></ div >
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button name = " action " value = " login " type = " submit " >< ? php echo _ ( 'Login' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
</ form >
< ? php } else {
if ( empty ( $_REQUEST [ 'action' ] ) || $_REQUEST [ 'action' ] === 'login' ) {
2022-12-31 20:27:40 +00:00
?> <p><?php echo _('Welcome to the admin management interface. You can configure your domain(s) and accounts here. Please select an option from the menu.'); ?></p><?php
2022-05-15 19:39:39 +00:00
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'admins' , 'delete_admin2' ], true ) && $_SESSION [ 'email_admin_superadmin' ] ) {
send_manage_admins ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'domains' , 'delete_domain2' ], true ) ) {
send_manage_domains ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'alias_domains' , 'delete_alias_domain2' ], true ) && $_SESSION [ 'email_admin_superadmin' ] ) {
send_manage_alias_domains ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'alias' , 'delete_alias2' ], true ) ) {
send_manage_aliases ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'mailbox' , 'delete_mailbox2' ], true ) ) {
send_manage_mailboxes ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'new_admin' , 'save_new_admin' ], true ) && $_SESSION [ 'email_admin_superadmin' ] ) {
send_new_admin ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'new_domain' , 'save_new_domain' ], true ) && $_SESSION [ 'email_admin_superadmin' ] ) {
send_new_domain ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'new_alias_domain' , 'save_new_alias_domain' ], true ) && $_SESSION [ 'email_admin_superadmin' ] ) {
send_new_alias_domain ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'new_alias' , 'save_new_alias' ], true ) ) {
send_new_alias ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'new_mailbox' , 'save_new_mailbox' ], true ) ) {
send_new_mailbox ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'edit_admin' , 'save_edit_admin' ], true ) ) {
send_edit_admin ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'edit_domain' , 'save_edit_domain' ], true ) ) {
send_edit_domain ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'edit_alias_domain' , 'save_edit_alias_domain' ], true ) && $_SESSION [ 'email_admin_superadmin' ] ) {
send_edit_alias_domain ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'edit_alias' , 'save_edit_alias' ], true ) ) {
send_edit_alias ();
} elseif ( in_array ( $_REQUEST [ 'action' ], [ 'edit_mailbox' , 'save_edit_mailbox' , 'save_password_mailbox' , 'disable_tfa_mailbox' ], true ) ) {
send_edit_mailbox ();
} elseif ( empty ( $msg ) ) {
2022-12-31 20:27:40 +00:00
?> <p><?php echo _('Oops, it looks like the page you tried to access does not exist or you do not have permission to access it.') ?></p><?php
2022-05-15 19:39:39 +00:00
}
} ?>
</ main >
</ body >
</ html >
< ? php
function send_manage_admins () : void
{
$db = get_db_instance ();
$stmt = $db -> query ( 'SELECT username, modified, active FROM admin;' );
?>
2022-12-31 20:27:40 +00:00
< p >< a href = " ?action=new_admin " >< ? php echo _ ( 'Create new admin' ); ?> </a></p>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< input type = " hidden " name = " action " value = " edit_admin " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< ? php echo _ ( 'Admin' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Active' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Last modified' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Edit account' ); ?> </div>
2022-05-15 19:39:39 +00:00
</ div >
< ? php
while ( $tmp = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
$active = 'Disabled' ;
if ( $tmp [ 'active' ] === 1 ) {
$active = 'Active' ;
}
2022-12-31 20:27:40 +00:00
echo '<div class="row"><div class="col">' . htmlspecialchars ( $tmp [ 'username' ] ) . '</div><div class="col">' . $active . '</div><div class="col">' . $tmp [ 'modified' ] . '</div><div class="col"><button type="submit" name="admin" value="' . htmlspecialchars ( $tmp [ 'username' ] ) . '">' . _ ( 'Edit' ) . '</button></div></div>' ;
2022-05-15 19:39:39 +00:00
}
?> </form>
2022-12-31 20:27:40 +00:00
< p >< a href = " ?action=new_admin " >< ? php echo _ ( 'Create new admin' ); ?> </a></p>
2022-05-15 19:39:39 +00:00
< ? php
}
function send_edit_admin () : void
{
$db = get_db_instance ();
$admin = $_POST [ 'admin' ] ? ? $_SESSION [ 'email_admin_user' ];
$stmt = $db -> prepare ( 'SELECT username, superadmin, active FROM admin WHERE username = ?;' );
$stmt -> execute ( [ $admin ] );
if ( $admin = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
?>
2022-12-31 20:27:40 +00:00
< h2 >< ? php printf ( _ ( 'Edit admin account %s' ), htmlspecialchars ( $admin [ 'username' ] ) ); ?> </h2>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< input type = " hidden " name = " admin " value = " <?php echo htmlspecialchars( $admin [ 'username' ] ); ?> "
autocomplete = " username " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " pass_update " >< ? php echo _ ( 'Password' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " password " name = " pass_update " id = " pass_update " autocomplete = " new-password " >
</ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " pass_update2 " >< ? php echo _ ( 'Password again' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " password " name = " pass_update2 " id = " pass_update2 "
autocomplete = " new-password " ></ div >
</ div >
< ? php if ( $admin [ 'username' ] !== $_SESSION [ 'email_admin_user' ] ) { ?>
< div class = " row " >
< div class = " col " >< label >< input type = " checkbox " name = " superadmin "
2022-12-31 20:27:40 +00:00
value = " 1 " < ? php echo $admin [ 'superadmin' ] ? ' checked' : '' ; ?> ><?php echo _('Superadmin'); ?></label>
2022-05-15 19:39:39 +00:00
</ div >
2022-12-31 20:27:40 +00:00
< div class = " col " >< ? php echo _ ( 'Superadmins can manage other admins' ); ?> </div>
2022-05-15 19:39:39 +00:00
</ div >
< div class = " row " >
< div class = " col " >< label >< input type = " checkbox " name = " active "
2022-12-31 20:27:40 +00:00
value = " 1 " < ? php echo $admin [ 'active' ] ? ' checked' : '' ; ?> ><?php echo _('Active'); ?></label>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< ? php } else { ?>
< div class = " row " >
< div class = " col " >< label >< input type = " checkbox " name = " superadmin "
value = " 1 " < ? php echo $admin [ 'superadmin' ] ? ' checked' : '' ; ?>
2022-12-31 20:27:40 +00:00
disabled >< ? php echo _ ( 'Superadmin' ); ?> </label></div>
< div class = " col " >< ? php echo _ ( 'Superadmins can manage other admins' ); ?> </div>
2022-05-15 19:39:39 +00:00
</ div >
< div class = " row " >
< div class = " col " >< label >< input type = " checkbox " name = " active "
value = " 1 " < ? php echo $admin [ 'active' ] ? ' checked' : '' ; ?>
2022-12-31 20:27:40 +00:00
disabled >< ? php echo _ ( 'Active' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
</ div >
< ? php } ?>
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " domains " >< ? php echo _ ( 'Managed domains' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< select name = " domains[] " id = " domains " multiple >< ? php
$domains = [];
$managed_domains = [];
$stmt = $db -> query ( 'SELECT domain FROM domain;' );
while ( $tmp = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
$domains [] = $tmp [ 'domain' ];
}
$stmt = $db -> prepare ( 'SELECT domain FROM domain_admins WHERE username = ?;' );
$stmt -> execute ( [ $admin [ 'username' ] ] );
while ( $tmp = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
$managed_domains [] = $tmp [ 'domain' ];
}
foreach ( $domains as $domain ) {
echo '<option value="' . htmlspecialchars ( $domain ) . '"' . ( in_array ( $domain , $managed_domains , true ) ? ' selected' : '' ) . '>' . htmlspecialchars ( $domain ) . '</value>' ;
}
?> </select></div>
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button name = " action " value = " save_edit_admin " type = " submit " >< ? php echo _ ( 'Save changes' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< ? php if ( $admin [ 'username' ] !== $_SESSION [ 'email_admin_user' ] ) { ?>
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button type = " submit " name = " action " value = " delete_admin " >< ? php echo _ ( 'Delete admin' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< ? php } ?>
</ form >
< ? php
} else {
2022-12-31 20:27:40 +00:00
echo '<p>' . _ ( 'Oops, this admin doesn\'t seem to exist.' ) . '</p>' ;
2022-05-15 19:39:39 +00:00
}
}
function send_new_admin () : void
{
?>
2022-12-31 20:27:40 +00:00
< h2 >< ? php echo _ ( 'Create new admin account' ); ?> </h2>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " admin " >< ? php echo _ ( 'Username' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " text " name = " admin " id = " admin " autocomplete = " username " ></ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " pass_update " >< ? php echo _ ( 'Password' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " password " name = " pass_update " id = " pass_update " autocomplete = " new-password " >
</ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " pass_update2 " >< ? php echo _ ( 'Password again' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " password " name = " pass_update2 " id = " pass_update2 " autocomplete = " new-password " >
</ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label >< input type = " checkbox " name = " superadmin " value = " 1 " >< ? php echo _ ( 'Superadmin' ); ?> </label></div>
< div class = " col " >< ? php echo _ ( 'Superadmins can manage other admins' ); ?> </div>
2022-05-15 19:39:39 +00:00
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label >< input type = " checkbox " name = " active " value = " 1 " >< ? php echo _ ( 'Active' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button name = " action " value = " save_new_admin " type = " submit " >< ? php echo _ ( 'Add admin' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
</ form >
< ? php
}
function send_manage_domains () : void
{
$db = get_db_instance ();
$stmt = $db -> query ( 'SELECT domain, modified, active FROM domain;' );
if ( $_SESSION [ 'email_admin_superadmin' ] ) {
?>
2022-12-31 20:27:40 +00:00
< p >< a href = " ?action=new_domain " >< ? php echo _ ( 'Create new domain' ); ?> </a></p>
2022-05-15 19:39:39 +00:00
< ? php } ?>
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< input type = " hidden " name = " action " value = " edit_domain " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< ? php echo _ ( 'Domain' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Active' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Last modified' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Edit domain' ); ?> </div>
2022-05-15 19:39:39 +00:00
</ div >
< ? php
while ( $tmp = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
$active = 'Disabled' ;
if ( $tmp [ 'active' ] === 1 ) {
$active = 'Active' ;
} elseif ( $tmp [ 'active' ] === - 1 ) {
$active = 'Deleting' ;
}
2022-12-31 20:27:40 +00:00
echo '<div class="row"><div class="col">' . htmlspecialchars ( $tmp [ 'domain' ] ) . '</div><div class="col">' . $active . '</div><div class="col">' . $tmp [ 'modified' ] . '</div><div class="col"><button type="submit" name="domain" value="' . htmlspecialchars ( $tmp [ 'domain' ] ) . '">' . _ ( 'Edit' ) . '</button></div></div>' ;
2022-05-15 19:39:39 +00:00
}
?> </form>
< ? php if ( $_SESSION [ 'email_admin_superadmin' ] ) { ?>
2022-12-31 20:27:40 +00:00
< p >< a href = " ?action=new_domain " >< ? php echo _ ( 'Create new domain' ); ?> </a></p>
2022-05-15 19:39:39 +00:00
< ? php
}
}
function send_new_domain () : void
{
?>
2022-12-31 20:27:40 +00:00
< h2 >< ? php echo _ ( 'Create new domain' ); ?> </h2>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " domain " >< ? php echo _ ( 'Domain' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " text " name = " domain " id = " domain " ></ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label >< input type = " checkbox " name = " active " value = " 1 " >< ? php echo _ ( 'Active' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button name = " action " value = " save_new_domain " type = " submit " >< ? php echo _ ( 'Add domain' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
</ form >
< ? php
}
function send_edit_domain () : void
{
$db = get_db_instance ();
$stmt = $db -> prepare ( 'SELECT domain, active FROM domain WHERE domain = ?;' );
$stmt -> execute ( [ $_POST [ 'domain' ] ] );
if ( $admin = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
?>
2022-12-31 20:27:40 +00:00
< h2 >< ? php printf ( _ ( 'Edit domain %s' ), htmlspecialchars ( $_POST [ 'domain' ] ) ); ?> </h2>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< input type = " hidden " name = " domain " value = " <?php echo htmlspecialchars( $_POST [ 'domain' ] ); ?> " >
< div class = " row " >
< div class = " col " >< label >< input type = " checkbox " name = " active "
2022-12-31 20:27:40 +00:00
value = " 1 " < ? php echo $admin [ 'active' ] ? ' checked' : '' ; ?> ><?php echo _('Active'); ?></label>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button name = " action " value = " save_edit_domain " type = " submit " >< ? php echo _ ( 'Save changes' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button type = " submit " name = " action " value = " delete_domain " >< ? php echo _ ( 'Delete domain' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
</ form >
< ? php
} else {
2022-12-31 20:27:40 +00:00
echo '<p>' . _ ( 'Oops, this admin doesn\'t seem to exist.' ) . '</p>' ;
2022-05-15 19:39:39 +00:00
}
}
function send_manage_alias_domains () : void
{
$db = get_db_instance ();
$stmt = $db -> query ( 'SELECT alias_domain, target_domain, modified, active FROM alias_domain;' );
if ( $_SESSION [ 'email_admin_superadmin' ] ) {
?>
2022-12-31 20:27:40 +00:00
< p >< a href = " ?action=new_alias_domain " >< ? php echo _ ( 'Create new alias domain' ); ?> </a></p>
2022-05-15 19:39:39 +00:00
< ? php } ?>
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< input type = " hidden " name = " action " value = " edit_alias_domain " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< ? php echo _ ( 'Alias Domain' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Target Domain' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Active' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Last modified' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Edit alias domain' ); ?> </div>
2022-05-15 19:39:39 +00:00
</ div >
< ? php
while ( $tmp = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
$active = 'Disabled' ;
if ( $tmp [ 'active' ] === 1 ) {
$active = 'Active' ;
}
2022-12-31 20:27:40 +00:00
echo '<div class="row"><div class="col">' . htmlspecialchars ( $tmp [ 'alias_domain' ] ) . '</div><div class="col">' . htmlspecialchars ( $tmp [ 'target_domain' ] ) . '</div><div class="col">' . $active . '</div><div class="col">' . $tmp [ 'modified' ] . '</div><div class="col"><button type="submit" name="alias_domain" value="' . htmlspecialchars ( $tmp [ 'alias_domain' ] ) . '">' . _ ( 'Edit' ) . '</button></div></div>' ;
2022-05-15 19:39:39 +00:00
}
?> </form>
< ? php if ( $_SESSION [ 'email_admin_superadmin' ] ) { ?>
2022-12-31 20:27:40 +00:00
< p >< a href = " ?action=new_alias_domain " >< ? php echo _ ( 'Create new alias domain' ); ?> </a></p>
2022-05-15 19:39:39 +00:00
< ? php
}
}
function send_new_alias_domain () : void
{
?>
2022-12-31 20:27:40 +00:00
< h2 >< ? php echo _ ( 'Create new alias domain' ); ?> </h2>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " alias_domain " >< ? php echo _ ( 'Alias Domain' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " text " name = " alias_domain " id = " alias_domain " ></ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " target_domain " >< ? php echo _ ( 'Target Domain' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " text " name = " target_domain " id = " target_domain " ></ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label >< input type = " checkbox " name = " active " value = " 1 " >< ? php echo _ ( 'Active' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button name = " action " value = " save_new_alias_domain " type = " submit " >< ? php echo _ ( 'Add alias domain' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
</ form >
< ? php
}
function send_edit_alias_domain () : void
{
$db = get_db_instance ();
$stmt = $db -> prepare ( 'SELECT alias_domain, target_domain, active FROM alias_domain WHERE alias_domain = ?;' );
$stmt -> execute ( [ $_POST [ 'alias_domain' ] ] );
if ( $alias = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
?>
2022-12-31 20:27:40 +00:00
< h2 >< ? php printf ( _ ( 'Edit alias domain %s' ), htmlspecialchars ( $_POST [ 'alias_domain' ] ) ); ?> </h2>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< input type = " hidden " name = " alias_domain "
value = " <?php echo htmlspecialchars( $_POST [ 'alias_domain' ] ); ?> " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " target_domain " >< ? php echo _ ( 'Target Domain' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " text " name = " target_domain " id = " target_domain "
value = " <?php echo htmlspecialchars( $alias [ 'target_domain' ] ); ?> " ></ div >
</ div >
< div class = " row " >
< div class = " col " >< label >< input type = " checkbox " name = " active "
2022-12-31 20:27:40 +00:00
value = " 1 " < ? php echo $alias [ 'active' ] ? ' checked' : '' ; ?> ><?php echo _('Active'); ?></label>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button name = " action " value = " save_edit_alias_domain " type = " submit " >< ? php echo _ ( 'Save changes' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button type = " submit " name = " action " value = " delete_alias_domain " >< ? php echo _ ( 'Delete alias domain' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
</ form >
< ? php
} else {
2022-12-31 20:27:40 +00:00
echo '<p>' . _ ( 'Oops, this alias domain doesn\'t seem to exist.' ) . '</p>' ;
2022-05-15 19:39:39 +00:00
}
}
function send_manage_aliases () : void
{
$db = get_db_instance ();
$stmt = $db -> prepare ( 'SELECT a.address, a.goto, a.modified, a.active FROM alias AS a LEFT JOIN mailbox AS m ON (m.username=a.address AND m.active=1) WHERE a.domain IN (SELECT domain FROM domain_admins WHERE username = ?) AND isnull(m.username) limit 200;' );
$stmt -> execute ( [ $_SESSION [ 'email_admin_user' ] ] );
?>
2022-12-31 20:27:40 +00:00
< p >< a href = " ?action=new_alias " >< ? php echo _ ( 'Create new alias' ); ?> </a></p>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< input type = " hidden " name = " action " value = " edit_alias " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< ? php echo _ ( 'Alias' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Target' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Active' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Last modified' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Edit alias' ); ?> </div>
2022-05-15 19:39:39 +00:00
</ div >
< ? php
while ( $tmp = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
$active = 'Disabled' ;
if ( $tmp [ 'active' ] === 1 ) {
$active = 'Active' ;
}
2022-12-31 20:27:40 +00:00
echo '<div class="row"><div class="col">' . htmlspecialchars ( $tmp [ 'address' ] ) . '</div><div class="col">' . htmlspecialchars ( $tmp [ 'goto' ] ) . '</div><div class="col">' . $active . '</div><div class="col">' . $tmp [ 'modified' ] . '</div><div class="col"><button type="submit" name="alias" value="' . htmlspecialchars ( $tmp [ 'address' ] ) . '">' . _ ( 'Edit' ) . '</button></div></div>' ;
2022-05-15 19:39:39 +00:00
}
?> </form>
2022-12-31 20:27:40 +00:00
< p >< a href = " ?action=new_alias " >< ? php echo _ ( 'Create new alias' ); ?> </a></p>
2022-05-15 19:39:39 +00:00
< ? php
}
function send_new_alias () : void
{
?>
2022-12-31 20:27:40 +00:00
< h2 >< ? php echo _ ( 'Create new alias' ); ?> </h2>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " alias " >< ? php echo _ ( 'Alias' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " text " name = " alias " id = " alias " ></ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " target " >< ? php echo _ ( 'Target' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " text " name = " target " id = " target " ></ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label >< input type = " checkbox " name = " active " value = " 1 " >< ? php echo _ ( 'Active' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label >< input type = " checkbox " name = " enforce_tls_in " value = " 1 " >< ? php echo _ ( 'Enforce encryption' ); ?> </label>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button name = " action " value = " save_new_alias " type = " submit " >< ? php echo _ ( 'Add alias' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
</ form >
< ? php
}
function send_edit_alias () : void
{
$db = get_db_instance ();
$stmt = $db -> prepare ( 'SELECT a.address, a.goto, a.active, a.enforce_tls_in FROM alias AS a LEFT JOIN mailbox AS m ON (m.username=a.address AND m.active=1) WHERE a.address = ? AND isnull(m.username);' );
$stmt -> execute ( [ $_POST [ 'alias' ] ] );
if ( $alias = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
?>
2022-12-31 20:27:40 +00:00
< h2 >< ? php printf ( _ ( 'Edit alias %s' ), htmlspecialchars ( $_POST [ 'alias' ] ) ); ?> </h2>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< input type = " hidden " name = " alias " value = " <?php echo htmlspecialchars( $_POST [ 'alias' ] ); ?> " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " target " >< ? php echo _ ( 'Target' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< textarea name = " target "
id = " target " >< ? php echo str_replace ( ',' , " \n " , htmlspecialchars ( $alias [ 'goto' ] ) ); ?> </textarea>
</ div >
</ div >
< div class = " row " >
< div class = " col " >< label >< input type = " checkbox " name = " active "
2022-12-31 20:27:40 +00:00
value = " 1 " < ? php echo $alias [ 'active' ] ? ' checked' : '' ; ?> ><?php echo _('Active'); ?></label>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
< div class = " col " >< label >< input type = " checkbox " name = " enforce_tls_in "
2022-12-31 20:27:40 +00:00
value = " 1 " < ? php echo $alias [ 'enforce_tls_in' ] ? ' checked' : '' ; ?> ><?php echo _('Enforce encryption'); ?></label></div>
2022-05-15 19:39:39 +00:00
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button name = " action " value = " save_edit_alias " type = " submit " >< ? php echo _ ( 'Save changes' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button type = " submit " name = " action " value = " delete_alias " >< ? php echo _ ( 'Delete alias' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
</ form >
< ? php
} else {
2022-12-31 20:27:40 +00:00
echo '<p>' . _ ( 'Oops, this alias doesn\'t seem to exist.' ) . '</p>' ;
2022-05-15 19:39:39 +00:00
}
}
function send_manage_mailboxes () : void
{
$db = get_db_instance ();
$stmt = $db -> prepare ( 'SELECT username, modified, active FROM mailbox WHERE domain IN (SELECT domain FROM domain_admins WHERE username = ?) limit 200;' );
$stmt -> execute ( [ $_SESSION [ 'email_admin_user' ] ] );
?>
2022-12-31 20:27:40 +00:00
< p >< a href = " ?action=new_mailbox " >< ? php echo _ ( 'Create new mailbox' ); ?> </a></p>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< input type = " hidden " name = " action " value = " edit_mailbox " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< ? php echo _ ( 'Username' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Active' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Last modified' ); ?> </div>
< div class = " col " >< ? php echo _ ( 'Edit mailbox' ); ?> </div>
2022-05-15 19:39:39 +00:00
</ div >
< ? php
while ( $tmp = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
$active = 'Disabled' ;
if ( $tmp [ 'active' ] === 1 ) {
$active = 'Active' ;
} elseif ( $tmp [ 'active' ] === - 1 ) {
$active = 'Disabling' ;
} elseif ( $tmp [ 'active' ] === - 2 ) {
$active = 'Deleting' ;
}
2022-12-31 20:27:40 +00:00
echo '<div class="row"><div class="col">' . htmlspecialchars ( $tmp [ 'username' ] ) . '</div><div class="col">' . $active . '</div><div class="col">' . $tmp [ 'modified' ] . '</div><div class="col"><button type="submit" name="user" value="' . htmlspecialchars ( $tmp [ 'username' ] ) . '">' . _ ( 'Edit' ) . '</button></div></div>' ;
2022-05-15 19:39:39 +00:00
}
?> </form>
2022-12-31 20:27:40 +00:00
< p >< a href = " ?action=new_mailbox " >< ? php echo _ ( 'Create new mailbox' ); ?> </a></p>
2022-05-15 19:39:39 +00:00
< ? php
}
function send_new_mailbox () : void
{
?>
2022-12-31 20:27:40 +00:00
< h2 >< ? php echo _ ( 'Create new mailbox' ); ?> </h2>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " user " >< ? php echo _ ( 'Username' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " text " name = " user " id = " user " ></ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " pwd " >< ? php echo _ ( 'Password' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " password " name = " pwd " id = " pwd " autocomplete = " new-password " required ></ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " pwd2 " >< ? php echo _ ( 'Password again' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " password " name = " pwd2 " id = " pwd2 " autocomplete = " new-password " required ></ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " alias_to " >< ? php echo _ ( 'Forward to' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< textarea name = " alias_to " id = " alias_to " ></ textarea ></ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " alias_keep_copy " >< ? php echo _ ( 'Keep a local copy' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " checkbox " name = " alias_keep_copy " id = " alias_keep_copy " checked ></ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label >< input type = " checkbox " name = " active " value = " 1 " checked >< ? php echo _ ( 'Active' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label >< input type = " checkbox " name = " enforce_tls_in " value = " 1 " checked >< ? php echo _ ( 'Enforce encryption for incoming mail' ); ?> </label>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label >< input type = " checkbox " name = " enforce_tls_out " value = " 1 " checked >< ? php echo _ ( 'Enforce encryption for outgoing mail' ); ?> </label>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button name = " action " value = " save_new_mailbox " type = " submit " >< ? php echo _ ( 'Add mailbox' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
</ form >
< ? php
}
function send_edit_mailbox () : void
{
$db = get_db_instance ();
$stmt = $db -> prepare ( 'SELECT a.goto, m.active, m.enforce_tls_in, m.enforce_tls_out FROM alias AS a INNER JOIN mailbox AS m ON (m.username=a.address) WHERE m.username = ?;' );
$stmt -> execute ( [ $_REQUEST [ 'user' ] ] );
if ( $email = $stmt -> fetch ( PDO :: FETCH_ASSOC ) ) {
$aliases = explode ( ',' , $email [ 'goto' ] );
2022-12-30 12:31:57 +00:00
$aliases_to = implode ( " \n " , array_diff ( $aliases , [ $_REQUEST [ 'user' ] ] ) );
2022-05-15 19:39:39 +00:00
?>
2022-12-31 20:27:40 +00:00
< h2 >< ? php printf ( _ ( 'Edit mailbox %s' ), htmlspecialchars ( $_REQUEST [ 'user' ] ) ); ?> </h2>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
2022-12-30 12:31:57 +00:00
< input type = " hidden " name = " user " value = " <?php echo htmlspecialchars( $_REQUEST [ 'user' ] ); ?> " >
2022-05-15 19:39:39 +00:00
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " alias_to " >< ? php echo _ ( 'Forward to' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< textarea name = " alias_to "
id = " alias_to " >< ? php echo htmlspecialchars ( $aliases_to ); ?> </textarea></div>
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " alias_keep_copy " >< ? php echo _ ( 'Keep a local copy' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " checkbox " name = " alias_keep_copy "
2022-12-30 12:31:57 +00:00
id = " alias_keep_copy " < ? php echo in_array ( $_REQUEST [ 'user' ], $aliases , true ) ? ' checked' : '' ; ?> >
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
< div class = " col " >< label >< input type = " checkbox " name = " active "
2022-12-31 20:27:40 +00:00
value = " 1 " < ? php echo $email [ 'active' ] === 1 ? ' checked' : '' ; ?> ><?php echo _('Active'); ?></label>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
< div class = " col " >< label >< input type = " checkbox " name = " enforce_tls_in "
2022-12-31 20:27:40 +00:00
value = " 1 " < ? php echo $email [ 'enforce_tls_in' ] === 1 ? ' checked' : '' ; ?> ><?php echo _('Enforce encryption for incoming mail'); ?></label>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
< div class = " col " >< label >< input type = " checkbox " name = " enforce_tls_out "
2022-12-31 20:27:40 +00:00
value = " 1 " < ? php echo $email [ 'enforce_tls_out' ] === 1 ? ' checked' : '' ; ?> ><?php echo _('Enforce encryption for outgoing mail'); ?></label>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button name = " action " value = " save_edit_mailbox " type = " submit " >< ? php echo _ ( 'Save mailbox' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
</ form >
2022-12-31 20:27:40 +00:00
< h2 >< ? php echo _ ( 'Change password' ); ?> </h2>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< input type = " hidden " name = " user " value = " <?php echo htmlspecialchars( $_POST [ 'user' ] ); ?> " >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " pass_update " >< ? php echo _ ( 'Password' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " password " name = " pass_update " id = " pass_update " autocomplete = " new-password "
required ></ div >
</ div >
< div class = " row " >
2022-12-31 20:27:40 +00:00
< div class = " col " >< label for = " pass_update2 " >< ? php echo _ ( 'Password again' ); ?> </label></div>
2022-05-15 19:39:39 +00:00
< div class = " col " >< input type = " password " name = " pass_update2 " id = " pass_update2 "
autocomplete = " new-password " required ></ div >
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button name = " action " value = " save_password_mailbox " type = " submit " >< ? php echo _ ( 'Change password' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
</ form >
2022-12-31 20:27:40 +00:00
< h2 >< ? php echo _ ( 'Delete mailbox / Disable two-factor authentication' ); ?> </h2>
2022-05-15 19:39:39 +00:00
< form class = " form_limit " action = " admin.php " method = " post " >
< input type = " hidden " name = " csrf_token " value = " <?php echo $_SESSION [ 'csrf_token' ]; ?> " >
< input type = " hidden " name = " user " value = " <?php echo htmlspecialchars( $_POST [ 'user' ] ); ?> " >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button type = " submit " name = " action " value = " disable_tfa_mailbox " >< ? php echo _ ( 'Disable two-factor authentication' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
< div class = " row " >
< div class = " col " >
2022-12-31 20:27:40 +00:00
< button type = " submit " name = " action " value = " delete_mailbox " >< ? php echo _ ( 'Delete mailbox' ); ?> </button>
2022-05-15 19:39:39 +00:00
</ div >
</ div >
</ form >
< ? php
} else {
2022-12-31 20:27:40 +00:00
echo '<p>' . _ ( 'Oops, this mailbox doesn\'t seem to exist.' ) . '</p>' ;
2022-05-15 19:39:39 +00:00
}
}