prepare( 'SELECT null FROM mailbox WHERE username=? AND active = 1;' ); $stmt->execute( [ $_SESSION[ 'email_user' ] ] ); if ( ! $user = $stmt->fetch( PDO::FETCH_ASSOC ) ) { $_SESSION = []; session_regenerate_id( true ); $_SESSION[ 'csrf_token' ] = sha1( uniqid() ); $msg .= ''; } } if ( $_SERVER[ 'REQUEST_METHOD' ] === 'POST' ) { if ( $_SESSION[ 'csrf_token' ] !== $_POST[ 'csrf_token' ] ?? '' ) { die( 'Invalid CSRF token' ); } if ( isset( $_SESSION[ '2fa_code' ] ) ) { if ( ! empty( $_POST[ '2fa_code' ] ) && $_POST[ '2fa_code' ] === $_SESSION[ '2fa_code' ] ) { unset( $_SESSION[ '2fa_code' ] ); unset( $_SESSION[ 'pgp_key' ] ); } else { $msg .= '

'._('Wrong 2FA code').'

'; } } if ( ! isset( $_SESSION[ '2fa_code' ] ) && isset( $_POST[ 'action' ] ) ) { if ( $_POST[ 'action' ] === 'logout' ) { $_SESSION = []; session_regenerate_id( true ); $_SESSION[ 'csrf_token' ] = sha1( uniqid() ); $msg .= ''; } elseif ( $_POST[ 'action' ] === 'login' ) { $ok = true; if ( ! check_captcha( $_POST[ 'challenge' ] ?? '', $_POST[ 'captcha' ] ?? '' ) ) { $ok = false; $msg .= ''; } if ( empty( $_POST[ 'user' ] ) || ! preg_match( '/^([^+]+?)(@([^@]+))?$/i', $_POST[ 'user' ], $match ) ) { $ok = false; $msg .= ''; } if ( $ok ) { $db = get_db_instance(); $user = $match[ 1 ]; $domain = $match[ 3 ] ?? 'danwin1210.de'; $stmt = $db->prepare( 'SELECT target_domain FROM alias_domain WHERE alias_domain = ? AND active=1;' ); $stmt->execute( [ $domain ] ); if ( $tmp = $stmt->fetch( PDO::FETCH_ASSOC ) ) { $domain = $tmp[ 'target_domain' ]; } $stmt = $db->prepare( 'SELECT username, password, password_hash_type, tfa, pgp_key FROM mailbox WHERE username = ? AND active = 1;' ); $stmt->execute( [ "$user@$domain" ] ); if ( $tmp = $stmt->fetch( PDO::FETCH_ASSOC ) ) { if ( empty( $_POST[ 'pwd' ] ) || ! password_verify( $_POST[ 'pwd' ], $tmp[ 'password' ] ) ) { $ok = false; $msg .= ''; } else { $_SESSION[ 'email_user' ] = $tmp[ 'username' ]; $stmt = $db->prepare( 'UPDATE mailbox SET last_login = ? WHERE username = ? AND active = 1;' ); $stmt->execute( [ time(), $_SESSION[ 'email_user' ] ] ); // update password hash if it's using an old hashing algorithm if ( $tmp[ 'password_hash_type' ] !== '{ARGON2ID}' ) { $hash = password_hash( $_POST[ 'pwd' ], PASSWORD_ARGON2ID ); $stmt = $db->prepare( 'UPDATE mailbox SET password_hash_type = "{ARGON2ID}", password = ? WHERE username = ? AND active = 1;' ); $stmt->execute( [ $hash, $_SESSION[ 'email_user' ] ] ); } if ( $tmp[ 'tfa' ] ) { $code = bin2hex( random_bytes( 3 ) ); $_SESSION[ '2fa_code' ] = $code; $_SESSION[ 'pgp_key' ] = $tmp[ 'pgp_key' ]; } } } else { $msg .= ''; } } } elseif ( ! empty( $_SESSION[ 'email_user' ] ) && $_POST[ 'action' ] === 'update_settings' ) { $alias_goto = ''; if ( isset( $_POST[ 'alias_keep_copy' ] ) ) { $alias_goto .= $_SESSION[ 'email_user' ] . ','; } if ( ! empty( $_POST[ 'alias_to' ] ) ) { $additional = preg_split( "/[\s,]+/", $_POST[ 'alias_to' ] ); $alias_goto .= validate_email_list( $additional, $msg ); } $alias_goto = rtrim( $alias_goto, ',' ); $stmt = $db->prepare( 'UPDATE alias SET goto = ?, enforce_tls_in = ? WHERE address = ? AND active = 1;' ); $stmt->execute( [ $alias_goto, ( isset( $_POST[ 'enforce_tls_in' ] ) ? 1 : 0 ), $_SESSION[ 'email_user' ] ] ); $stmt = $db->prepare( 'UPDATE mailbox SET enforce_tls_in = ?, enforce_tls_out = ? WHERE username = ? AND active = 1;' ); $stmt->execute( [ ( isset( $_POST[ 'enforce_tls_in' ] ) ? 1 : 0 ), ( isset( $_POST[ 'enforce_tls_out' ] ) ? 1 : 0 ), $_SESSION[ 'email_user' ] ] ); } elseif ( ! empty( $_SESSION[ 'email_user' ] ) && $_POST[ 'action' ] === 'update_password' ) { if ( empty( $_POST[ 'pass_update' ] ) || empty( $_POST[ 'pass_update2' ] ) || $_POST[ 'pass_update' ] !== $_POST[ 'pass_update2' ] ) { $msg .= ''; } else { $hash = password_hash( $_POST[ 'pass_update' ], PASSWORD_ARGON2ID ); $stmt = $db->prepare( 'UPDATE mailbox SET password_hash_type = "{ARGON2ID}", password = ? WHERE username = ? AND active = 1;' ); $stmt->execute( [ $hash, $_SESSION[ 'email_user' ] ] ); $msg .= ''; } } elseif ( ! empty( $_SESSION[ 'email_user' ] ) && $_POST[ 'action' ] === 'delete_account' ) { $msg .= ''; $msg .= '
'; $msg .= '
'; } elseif ( ! empty( $_SESSION[ 'email_user' ] ) && $_POST[ 'action' ] === 'disable_account' ) { $msg .= ''; $msg .= '
'; $msg .= '
'; } elseif ( ! empty( $_SESSION[ 'email_user' ] ) && $_POST[ 'action' ] === 'delete_account2' ) { $stmt = $db->prepare( 'DELETE FROM alias WHERE address = ?;' ); $stmt->execute( [ $_SESSION[ 'email_user' ] ] ); $stmt = $db->prepare( 'UPDATE mailbox SET active = -2 WHERE username = ? AND active = 1;' ); $stmt->execute( [ $_SESSION[ 'email_user' ] ] ); $_SESSION = []; session_regenerate_id( true ); $_SESSION[ 'csrf_token' ] = sha1( uniqid() ); $msg .= ''; } elseif ( ! empty( $_SESSION[ 'email_user' ] ) && $_POST[ 'action' ] === 'disable_account2' ) { $stmt = $db->prepare( 'UPDATE alias SET active = 0 WHERE address = ?;' ); $stmt->execute( [ $_SESSION[ 'email_user' ] ] ); $stmt = $db->prepare( 'UPDATE mailbox SET active = -1 WHERE username = ? AND active = 1;' ); $stmt->execute( [ $_SESSION[ 'email_user' ] ] ); $_SESSION = []; session_regenerate_id( true ); $_SESSION[ 'csrf_token' ] = sha1( uniqid() ); $msg .= ''; } elseif ( isset( $_POST[ 'pgp_key' ] ) && ! empty( $_SESSION[ 'email_user' ] ) && $_POST[ 'action' ] === 'update_pgp_key' ) { $pgp_key = trim( $_POST[ 'pgp_key' ] ); if ( empty( $pgp_key ) ) { $msg .= '

'._('Successfully removed the key').'

'; $stmt = $db->prepare( 'UPDATE mailbox SET pgp_key = "", tfa = 0, pgp_verified = 0 WHERE username = ?;' ); $stmt->execute( [ $_SESSION[ 'email_user' ] ] ); } else { $gpg = gnupg_init(); gnupg_seterrormode( $gpg, GNUPG_ERROR_WARNING ); gnupg_setarmor( $gpg, 1 ); $imported_key = gnupg_import( $gpg, $pgp_key ); if ( ! $imported_key ) { $msg .= '

'._('There was an error importing the key').'

'; } else { $has_this_email = false; $key_info = gnupg_keyinfo( $gpg, $imported_key[ 'fingerprint' ] ); foreach ( $key_info as $key ) { foreach ( $key[ 'uids' ] as $uid ) { if ( $uid[ 'email' ] === $_SESSION[ 'email_user' ] ) { $has_this_email = true; break; } } } if ( $has_this_email ) { $msg .= '

'._('Successfully imported the key').'

'; $stmt = $db->prepare( 'UPDATE mailbox SET pgp_key = ?, tfa = 0, pgp_verified = 0 WHERE username = ?;' ); $stmt->execute( [ $pgp_key, $_SESSION[ 'email_user' ] ] ); } else { $msg .= '

' . sprintf( _('Oops, looks like the key is missing this email address as user id. Please add your address "%s" as user ID to your pgp key or create a new key pair.'), htmlspecialchars( $_SESSION[ 'email_user' ] ) ) . '

'; } } } } elseif ( isset( $_POST[ 'enable_2fa_code' ] ) && ! empty( $_SESSION[ 'email_user' ] ) && $_POST[ 'action' ] === 'enable_2fa' ) { if ( $_POST[ 'enable_2fa_code' ] !== $_SESSION[ 'enable_2fa_code' ] ) { $msg .= '

'._('Sorry, the code was incorrect').'

'; } else { $stmt = $db->prepare( 'UPDATE mailbox SET tfa = 1, pgp_verified = 1 WHERE username = ?;' ); $stmt->execute( [ $_SESSION[ 'email_user' ] ] ); $msg .= '

'._('Successfully enabled 2FA').'

'; } } } } ?> <?php echo _('E-Mail and XMPP - Manage account'); ?>
'._('To login, please decrypt the following PGP encrypted message and confirm the code:').'

'; echo "
$encrypted
"; ?>

| | | | | |

$msg

"; if ( empty( $_SESSION[ 'email_user' ] ) ) { ?>
prepare( 'SELECT goto FROM alias WHERE address = ?;' ); $stmt->execute( [ $_SESSION[ 'email_user' ] ] ); if ( $tmp = $stmt->fetch( PDO::FETCH_ASSOC ) ) { $aliases = explode( ',', $tmp[ 'goto' ] ); } $aliases_to = implode( "\n", array_diff( $aliases, [ $_SESSION[ 'email_user' ] ] ) ); $stmt = $db->prepare( 'SELECT enforce_tls_in, enforce_tls_out FROM mailbox WHERE username = ?;' ); $stmt->execute( [ $_SESSION[ 'email_user' ] ] ); $tls_status = $stmt->fetch( PDO::FETCH_ASSOC ); ?>

>

>
>

prepare( 'SELECT pgp_key, tfa FROM mailbox WHERE username = ?;' ); $stmt->execute( [ $_SESSION[ 'email_user' ] ] ); $pgp_status = $stmt->fetch( PDO::FETCH_ASSOC ); if ( ! empty( $pgp_status[ 'pgp_key' ] ) ) { if ( $pgp_status[ 'tfa' ] === 1 ) { echo '

'._('Yay, PGP based 2FA is enabled!').'

'; } else { $gpg = gnupg_init(); gnupg_seterrormode( $gpg, GNUPG_ERROR_WARNING ); gnupg_setarmor( $gpg, 1 ); $imported_key = gnupg_import( $gpg, $pgp_status[ 'pgp_key' ] ); if ( $imported_key ) { $key_info = gnupg_keyinfo( $gpg, $imported_key[ 'fingerprint' ] ); foreach ( $key_info as $key ) { if ( ! $key[ 'can_encrypt' ] ) { echo '

'._('Sorry, this key can\'t be used to encrypt a message to you. Your key may have expired or has been revoked.').'

'; } else { foreach ( $key[ 'subkeys' ] as $subkey ) { gnupg_addencryptkey( $gpg, $subkey[ 'fingerprint' ] ); } } } $_SESSION[ 'enable_2fa_code' ] = bin2hex( random_bytes( 3 ) ); if ( $encrypted = gnupg_encrypt( $gpg, _('To enable 2FA, please enter the following code to confirm ownership of your key:'). "\n\n$_SESSION[enable_2fa_code]\n" ) ) { echo '

'._( 'Enable 2FA').'

'; echo '

'._('To enable 2FA using your PGP key, please decrypt the following PGP encrypted message and confirm the code:').'

'; echo "
$encrypted
"; ?>