prepare( 'SELECT null FROM admin WHERE username=? AND active = 1;' );
$stmt->execute( [ $_SESSION[ 'email_admin_user' ] ] );
if ( ! $stmt->fetch( PDO::FETCH_ASSOC ) ) {
$_SESSION = [];
session_regenerate_id( true );
$_SESSION[ 'csrf_token' ] = sha1( uniqid() );
$msg .= '
'._('It looks like your user no longer exists!').'
';
}
}
if ( $_SERVER[ 'REQUEST_METHOD' ] === 'POST' ) {
if ( isset( $_POST[ 'action' ] ) ) {
if ( $_SESSION[ 'csrf_token' ] !== $_POST[ 'csrf_token' ] ?? '' ) {
die( 'Invalid CSRF token' );
}
if ( $_POST[ 'action' ] === 'logout' ) {
$_SESSION = [];
session_regenerate_id( true );
$_SESSION[ 'csrf_token' ] = sha1( uniqid() );
$msg .= ''._('Successfully logged out').'
';
} elseif ( $_POST[ 'action' ] === 'login' ) {
if ( empty( $_POST[ 'user' ] ) ) {
$ok = false;
$msg .= ''._('Invalid username').'
';
}
$stmt = $db->prepare( 'SELECT username, password, password_hash_type, superadmin FROM admin WHERE username = ? AND active = 1;' );
$stmt->execute( [ $_POST[ 'user' ] ] );
if ( $tmp = $stmt->fetch( PDO::FETCH_ASSOC ) ) {
if ( empty( $_POST[ 'pwd' ] ) || ! password_verify( $_POST[ 'pwd' ], $tmp[ 'password' ] ) ) {
$msg .= ''._('Incorrect username or password').'
';
} else {
$_SESSION[ 'email_admin_user' ] = $tmp[ 'username' ];
$_SESSION[ 'email_admin_superadmin' ] = (bool) $tmp[ 'superadmin' ];
// update password hash if it's using an old hashing algorithm
if ( $tmp[ 'password_hash_type' ] !== '{ARGON2ID}' ) {
$hash = password_hash( $_POST[ 'pwd' ], PASSWORD_ARGON2ID );
$stmt = $db->prepare( 'UPDATE admin SET password_hash_type = "{ARGON2ID}", password = ? WHERE username = ? AND active = 1;' );
$stmt->execute( [ $hash, $_SESSION[ 'email_admin_user' ] ] );
}
}
} else {
$msg .= ''._('Incorrect username or password').'
';
}
} elseif ( ! empty( $_SESSION[ 'email_admin_user' ] ) ) {
if ( $_POST[ 'action' ] === 'update_alias' ) {
$alias_goto = '';
if ( isset( $_POST[ 'alias_keep_copy' ] ) ) {
$alias_goto .= $_SESSION[ 'email_admin_user' ] . ',';
}
if ( ! empty( $_POST[ 'alias_to' ] ) ) {
$additional = preg_split( "/[\s,]+/", $_POST[ 'alias_to' ] );
$alias_goto .= validate_email_list( $additional, $msg );
}
$alias_goto = rtrim( $alias_goto, ',' );
$stmt = $db->prepare( 'UPDATE alias SET goto = ? WHERE address = ? AND active = 1;' );
$stmt->execute( [ $alias_goto, $_SESSION[ 'email_admin_user' ] ] );
} elseif ( $_POST[ 'action' ] === 'delete_admin' && ! empty( $_POST[ 'admin' ] ) && $_SESSION[ 'email_admin_superadmin' ] ) {
$msg .= ''.sprintf(_('Warning: This will permanently delete the admin account "%s". It cannot be reversed. Are you absolutely sure?'), htmlspecialchars( $_POST[ 'admin' ] ) ).'
';
$msg .= '';
} elseif ( $_POST[ 'action' ] === 'delete_domain' && ! empty( $_POST[ 'domain' ] ) && $_SESSION[ 'email_admin_superadmin' ] ) {
$msg .= ''.sprintf(_('Warning: This will permanently delete the domain "%s". It cannot be reversed. Are you absolutely sure?'), htmlspecialchars( $_POST[ 'domain' ] ) ).'
';
$msg .= '';
} elseif ( $_POST[ 'action' ] === 'delete_alias_domain' && ! empty( $_POST[ 'alias_domain' ] ) && $_SESSION[ 'email_admin_superadmin' ] ) {
$msg .= ''.sprintf(_('Warning: This will permanently delete the alias domain "%s". It cannot be reversed. Are you absolutely sure?'), htmlspecialchars( $_POST[ 'alias_domain' ] ) ).'
';
$msg .= '';
} elseif ( $_POST[ 'action' ] === 'delete_alias' && ! empty( $_POST[ 'alias' ] ) ) {
$msg .= ''.sprintf(_('Warning: This will permanently delete the alias "%s". It cannot be reversed. Are you absolutely sure?'), htmlspecialchars( $_POST[ 'alias' ] ) ).'
';
$msg .= '';
} elseif ( $_POST[ 'action' ] === 'delete_mailbox' && ! empty( $_POST[ 'user' ] ) ) {
$msg .= ''.sprintf(_('Warning: This will permanently delete the mailbox "%s". It cannot be reversed. Are you absolutely sure?'), htmlspecialchars( $_POST[ 'user' ] ) ).'
';
$msg .= '';
} elseif ( $_POST[ 'action' ] === 'delete_admin2' && ! empty( $_POST[ 'admin' ] ) && $_SESSION[ 'email_admin_superadmin' ] ) {
if ( $_SESSION[ 'email_admin_user' ] === $_POST[ 'admin' ] ) {
$msg .= ''._('You can\'t delete your own admin account!').'
';
} else {
$stmt = $db->prepare( 'DELETE FROM admin WHERE username = ?;' );
$stmt->execute( [ $_POST[ 'admin' ] ] );
$msg .= ''._('Successfully deleted admin account.').'
';
}
} elseif ( $_POST[ 'action' ] === 'delete_domain2' && ! empty( $_POST[ 'domain' ] ) && $_SESSION[ 'email_admin_superadmin' ] ) {
$stmt = $db->prepare( 'UPDATE domain SET active = -1 WHERE domain = ?;' );
$stmt->execute( [ $_POST[ 'domain' ] ] );
$msg .= ''._('Successfully deleted domain.').'
';
} elseif ( $_POST[ 'action' ] === 'delete_alias_domain2' && ! empty( $_POST[ 'alias_domain' ] ) && $_SESSION[ 'email_admin_superadmin' ] ) {
$stmt = $db->prepare( 'DELETE FROM alias_domain WHERE alias_domain = ?;' );
$stmt->execute( [ $_POST[ 'alias_domain' ] ] );
$msg .= ''._('Successfully deleted alias domain.').'
';
} elseif ( $_POST[ 'action' ] === 'delete_alias2' && ! empty( $_POST[ 'alias' ] ) ) {
if ( check_domain_access( $_POST[ 'alias' ], $msg ) ) {
$stmt = $db->prepare( 'DELETE FROM alias WHERE address = ?;' );
$stmt->execute( [ $_POST[ 'alias' ] ] );
$msg .= ''._('Successfully deleted alias.').'
';
}
} elseif ( $_POST[ 'action' ] === 'delete_mailbox2' && ! empty( $_POST[ 'user' ] ) ) {
if ( check_domain_access( $_POST[ 'user' ], $msg ) ) {
$stmt = $db->prepare( 'UPDATE mailbox SET active = -2 WHERE username = ?;' );
$stmt->execute( [ $_POST[ 'user' ] ] );
$msg .= ''._('Successfully deleted mailbox.').'
';
}
} elseif ( $_POST[ 'action' ] === 'save_edit_admin' && ! empty( $_POST[ 'admin' ] ) && ( $_SESSION[ 'email_admin_superadmin' ] || $_POST[ 'admin' ] === $_SESSION[ 'email_admin_user' ] ) ) {
$stmt = $db->prepare( 'SELECT null FROM admin WHERE username = ?;' );
$stmt->execute( [ $_POST[ 'admin' ] ] );
if ( ! $stmt->fetch() ) {
$msg .= ''.sprintf(_('Oops, it looks like the admin account "%s" doesn\'t exist.'), htmlspecialchars( $_POST[ 'admin' ] ) ).'
';
} else {
if ( ! empty( $_POST[ 'pass_update' ] ) ) {
if ( empty( $_POST[ 'pass_update2' ] ) || $_POST[ 'pass_update' ] !== $_POST[ 'pass_update2' ] ) {
$msg .= ''._('Passwords don\'t match!').'
';
} else {
$hash = password_hash( $_POST[ 'pass_update' ], PASSWORD_ARGON2ID );
$stmt = $db->prepare( 'UPDATE admin SET password_hash_type = "{ARGON2ID}", password = ?, modified = NOW() WHERE username = ?;' );
$stmt->execute( [ $hash, $_POST[ 'admin' ] ] );
$msg .= ''._('Successfully updated password.').'
';
}
}
if ( $_SESSION[ 'email_admin_superadmin' ] ) {
if ( $_POST[ 'admin' ] !== $_SESSION[ 'email_admin_user' ] ) {
$active = isset( $_POST[ 'active' ] ) ? 1 : 0;
$superadmin = isset( $_POST[ 'superadmin' ] ) ? 1 : 0;
$stmt = $db->prepare( 'UPDATE admin SET superadmin = ?, active = ?, modified = NOW() WHERE username = ?;' );
$stmt->execute( [ $superadmin, $active, $_POST[ 'admin' ] ] );
}
$managed_domains = [];
$stmt = $db->prepare( 'SELECT domain FROM domain_admins WHERE username = ?;' );
$stmt->execute( [ $_POST[ 'admin' ] ] );
while ( $tmp = $stmt->fetch( PDO::FETCH_ASSOC ) ) {
$managed_domains [] = $tmp[ 'domain' ];
}
foreach ( $managed_domains as $domain ) {
if ( ! in_array( $domain, $_POST[ 'domains' ], true ) ) {
$stmt = $db->prepare( 'DELETE FROM domain_admins WHERE username = ? AND domain = ?;' );
$stmt->execute( [ $_POST[ 'admin' ], $domain ] );
}
}
foreach ( $_POST[ 'domains' ] as $domain ) {
if ( ! in_array( $domain, $managed_domains, true ) ) {
$stmt = $db->prepare( 'INSERT INTO domain_admins (username, domain) VALUES (?, ?);' );
$stmt->execute( [ $_POST[ 'admin' ], $domain ] );
}
}
}
$msg .= ''._('Successfully edited admin account.').'
';
}
} elseif ( $_POST[ 'action' ] === 'save_new_admin' && ! empty( $_POST[ 'admin' ] ) && $_SESSION[ 'email_admin_superadmin' ] ) {
$stmt = $db->prepare( 'SELECT null FROM admin WHERE username = ?;' );
$stmt->execute( [ $_POST[ 'admin' ] ] );
if ( $stmt->fetch() ) {
$msg .= ''.sprintf(_('Oops, it looks like the admin account "%s" already exists.'), htmlspecialchars( $_POST[ 'admin' ] ) ).'
';
} else {
if ( empty( $_POST[ 'pass_update2' ] ) || $_POST[ 'pass_update' ] !== $_POST[ 'pass_update2' ] ) {
$msg .= ''._('Passwords empty or don\'t match').'
';
} else {
$hash = password_hash( $_POST[ 'pass_update' ], PASSWORD_ARGON2ID );
$active = isset( $_POST[ 'active' ] ) ? 1 : 0;
$superadmin = isset( $_POST[ 'superadmin' ] ) ? 1 : 0;
$stmt = $db->prepare( 'INSERT INTO admin (password_hash_type, password, superadmin, active, username, created, modified) VALUES ("{ARGON2ID}", ?, ?, ?, ?, NOW(), NOW());' );
$stmt->execute( [ $hash, $superadmin, $active, $_POST[ 'admin' ] ] );
$msg .= ''._('Successfully created admin account.').'
';
}
}
} elseif ( $_POST[ 'action' ] === 'save_edit_domain' && ! empty( $_POST[ 'domain' ] ) && $_SESSION[ 'email_admin_superadmin' ] ) {
$stmt = $db->prepare( 'SELECT null FROM domain WHERE domain = ?;' );
$stmt->execute( [ $_POST[ 'domain' ] ] );
if ( ! $stmt->fetch() ) {
$msg .= ''.sprintf(_('Oops, it looks like the domain "%s" doesn\'t exists.'), htmlspecialchars( $_POST[ 'domain' ] ) ).'
';
} else {
$active = isset( $_POST[ 'active' ] ) ? 1 : 0;
$stmt = $db->prepare( 'UPDATE domain set active = ?, modified = NOW() WHERE domain = ?;' );
$stmt->execute( [ $active, $_POST[ 'domain' ] ] );
$msg .= ''._('Successfully updated domain.').'
';
}
} elseif ( $_POST[ 'action' ] === 'save_edit_alis_domain' && ! empty( $_POST[ 'alias_domain' ] ) && $_SESSION[ 'email_admin_superadmin' ] ) {
$stmt = $db->prepare( 'SELECT null FROM alias_domain WHERE alias_domain = ?;' );
$stmt->execute( [ $_POST[ 'alias_domain' ] ] );
if ( ! $stmt->fetch() ) {
$msg .= ''.sprintf(_('Oops, it looks like the alias domain "%s" doesn\'t exists.'), htmlspecialchars( $_POST[ 'alias_domain' ] ) ).'
';
} else {
$active = isset( $_POST[ 'active' ] ) ? 1 : 0;
$stmt = $db->prepare( 'UPDATE alias_domain set active = ?, modified = NOW() WHERE alias_domain = ?;' );
$stmt->execute( [ $active, $_POST[ 'alias_domain' ] ] );
$msg .= ''._('Successfully updated alias domain.').'
';
}
} elseif ( $_POST[ 'action' ] === 'save_new_domain' && ! empty( $_POST[ 'domain' ] ) && $_SESSION[ 'email_admin_superadmin' ] ) {
$stmt = $db->prepare( 'SELECT null FROM domain WHERE domain = ? UNION SELECT null FROM alias_domain WHERE alias_domain = ?;' );
$stmt->execute( [ $_POST[ 'domain' ], $_POST[ 'domain' ] ] );
if ( $stmt->fetch() ) {
$msg .= ''.sprintf(_('Oops, it looks like the domain "%s" already exists.'), htmlspecialchars( $_POST[ 'domain' ] ) ).'
';
} else {
$ascii_domain = idn_to_ascii($_POST['domain'], IDNA_NONTRANSITIONAL_TO_ASCII);
$utf8_domain = idn_to_utf8($_POST['domain'], IDNA_NONTRANSITIONAL_TO_UNICODE);
$active = isset( $_POST[ 'active' ] ) ? 1 : 0;
$stmt = $db->prepare( 'INSERT INTO domain (active, domain, created, modified) VALUES (?, ?, NOW(), NOW());' );
$stmt->execute( [ $active, $utf8_domain ] );
if($ascii_domain !== $utf8_domain){
$stmt = $db->prepare( 'INSERT INTO alias_domain (active, alias_domain, target_domain, created, modified) VALUES (1, ?, ?, NOW(), NOW());' );
$stmt->execute( [ $ascii_domain, $utf8_domain ] );
}
$msg .= ''._('Successfully created domain.').'
';
}
} elseif ( $_POST[ 'action' ] === 'save_new_alias_domain' && ! empty( $_POST[ 'alias_domain' ] ) && $_SESSION[ 'email_admin_superadmin' ] ) {
$stmt = $db->prepare( 'SELECT null FROM domain WHERE domain = ? UNION SELECT null FROM alias_domain WHERE alias_domain = ?;' );
$stmt->execute( [ $_POST[ 'alias_domain' ], $_POST[ 'alias_domain' ] ] );
if ( $stmt->fetch() ) {
$msg .= ''.sprintf(_('Oops, it looks like the alias domain "%s" already exists.'), htmlspecialchars( $_POST[ 'alias_domain' ] ) ).'
';
} else {
$ascii_domain = idn_to_ascii($_POST['alias_domain'], IDNA_NONTRANSITIONAL_TO_ASCII);
$utf8_domain = idn_to_utf8($_POST['alias_domain'], IDNA_NONTRANSITIONAL_TO_UNICODE);
$active = isset( $_POST[ 'active' ] ) ? 1 : 0;
$stmt = $db->prepare( 'INSERT INTO alias_domain (active, alias_domain, target_domain, created, modified) VALUES (?, ?, ?, NOW(), NOW());' );
$stmt->execute( [ $active, $utf8_domain, $_POST[ 'target_domain' ] ] );
if($ascii_domain !== $utf8_domain){
$stmt = $db->prepare( 'INSERT INTO alias_domain (active, alias_domain, target_domain, created, modified) VALUES (?, ?, ?, NOW(), NOW());' );
$stmt->execute( [ $active, $ascii_domain, $_POST[ 'target_domain' ] ] );
}
$msg .= ''._('Successfully created alias domain.').'
';
}
} elseif ( $_POST[ 'action' ] === 'save_new_alias' && ! empty( $_POST[ 'alias' ] ) && ! empty( $_POST[ 'target' ] ) ) {
$ok = check_email_valid( $_POST[ 'alias' ], $msg );
if ( $ok ) {
$ok = check_domain_access( $_POST[ 'alias' ], $msg );
}
if ( $ok ) {
$targets = preg_split( "/[\s,]+/", $_POST[ 'target' ] );
$alias_goto = validate_email_list( $targets, $msg );
$stmt = $db->prepare( 'SELECT null FROM alias WHERE address = ?;' );
$stmt->execute( [ $_POST[ 'alias' ] ] );
if ( $stmt->fetch() ) {
$msg .= ''.sprintf(_('Oops, it looks like the alias "%s" already exists.'), htmlspecialchars( $_POST[ 'alias' ] ) ).'
';
} else {
$parser = new EmailParser( new EmailLexer() );
$parser->parse( $_POST[ 'alias' ] );
$domain = $parser->getDomainPart();
$active = isset( $_POST[ 'active' ] ) ? 1 : 0;
$enforce_tls_in = isset( $_POST[ 'enforce_tls_in' ] ) ? 1 : 0;
$stmt = $db->prepare( 'INSERT INTO alias (goto, address, domain, active, created, modified, enforce_tls_in) VALUES (?, ?, ?, ?, NOW(), NOW(), ?);' );
$stmt->execute( [ $alias_goto, $_POST[ 'alias' ], $domain, $active, $enforce_tls_in ] );
$msg .= ''._('Successfully added alias.').'
';
}
}
} elseif ( $_POST[ 'action' ] === 'save_edit_alias' && ! empty( $_POST[ 'alias' ] ) && ! empty( $_POST[ 'target' ] ) ) {
$ok = check_email_valid( $_POST[ 'alias' ], $msg );
if ( $ok ) {
$ok = check_domain_access( $_POST[ 'alias' ], $msg );
}
if ( $ok ) {
$targets = preg_split( "/[\s,]+/", $_POST[ 'target' ] );
$alias_goto = validate_email_list( $targets, $msg );
$active = isset( $_POST[ 'active' ] ) ? 1 : 0;
$enforce_tls_in = isset( $_POST[ 'enforce_tls_in' ] ) ? 1 : 0;
$stmt = $db->prepare( 'UPDATE alias SET goto = ?, active = ?, enforce_tls_in = ?, modified = NOW() WHERE address = ?;' );
$stmt->execute( [ $alias_goto, $active, $enforce_tls_in, $_POST[ 'alias' ] ] );
$msg .= ''._('Successfully updated alias.').'
';
}
} elseif ( $_POST[ 'action' ] === 'save_edit_mailbox' && ! empty( $_POST[ 'user' ] ) ) {
$ok = check_email_valid( $_POST[ 'user' ], $msg );
if ( $ok ) {
$ok = check_domain_access( $_POST[ 'user' ], $msg );
}
if ( $ok ) {
$alias_goto = '';
if ( isset( $_POST[ 'alias_keep_copy' ] ) ) {
$alias_goto .= $_POST[ 'user' ] . ',';
}
if ( ! empty( $_POST[ 'alias_to' ] ) ) {
$additional = preg_split( "/[\s,]+/", $_POST[ 'alias_to' ] );
$alias_goto .= validate_email_list( $additional, $msg );
}
$quota = 1024 * 1024 * 1024;
$alias_goto = rtrim( $alias_goto, ',' );
$stmt = $db->prepare( 'UPDATE alias SET goto = ?, enforce_tls_in = ?, active = ? WHERE address = ?;' );
$stmt->execute( [ $alias_goto, ( isset( $_POST[ 'enforce_tls_in' ] ) ? 1 : 0 ), ( isset( $_POST[ 'active' ] ) ? 1 : 0 ), $_POST[ 'user' ] ] );
$stmt = $db->prepare( 'UPDATE mailbox SET enforce_tls_in = ?, enforce_tls_out = ?, active = ?, quota = ?, modified = NOW() WHERE username = ?;' );
$stmt->execute( [ ( isset( $_POST[ 'enforce_tls_in' ] ) ? 1 : 0 ), ( isset( $_POST[ 'enforce_tls_out' ] ) ? 1 : 0 ), ( isset( $_POST[ 'active' ] ) ? 1 : 0 ), $quota, $_POST[ 'user' ] ] );
$msg .= ''._('Successfully updated mailbox.').'
';
}
} elseif ( $_POST[ 'action' ] === 'save_new_mailbox' && ! empty( $_POST[ 'user' ] ) ) {
$email = $_POST[ 'user' ];
$ok = check_email_valid( $email, $msg );
if ( $ok ) {
$ok = check_domain_access( $email, $msg );
}
if ( $ok ) {
$stmt = $db->prepare( 'SELECT null FROM mailbox WHERE username = ? UNION SELECT null FROM alias WHERE address = ?;' );
$stmt->execute( [ $email, $email ] );
if ( $stmt->fetch() ) {
$ok = false;
$msg .= ''._('Sorry, this user already exists').'
';
}
if ( $ok ) {
$parser = new EmailParser( new EmailLexer() );
$parser->parse( $email );
$user = $parser->getLocalPart();
$domain = $parser->getDomainPart();
$hash = password_hash( $_POST[ 'pwd' ], PASSWORD_ARGON2ID );
$quota = 50 * 1024 * 1024;
$alias_goto = '';
if ( isset( $_POST[ 'alias_keep_copy' ] ) ) {
$alias_goto .= $email . ',';
}
if ( ! empty( $_POST[ 'alias_to' ] ) ) {
$additional = preg_split( "/[\s,]+/", $_POST[ 'alias_to' ] );
$alias_goto .= validate_email_list( $additional, $msg );
}
$alias_goto = rtrim( $alias_goto, ',' );
$stmt = $db->prepare( 'INSERT INTO alias (address, goto, domain, created, modified, enforce_tls_in, active) VALUES (?, ?, ?, NOW(), NOW(), ?, ?);' );
$stmt->execute( [ $email, $alias_goto, $domain, ( isset( $_POST[ 'enforce_tls_in' ] ) ? 1 : 0 ), ( isset( $_POST[ 'active' ] ) ? 1 : 0 ) ] );
$stmt = $db->prepare( 'INSERT INTO mailbox (username, password, quota, local_part, domain, created, modified, password_hash_type, openpgpkey_wkd, enforce_tls_in, enforce_tls_out, active) VALUES(?, ?, ?, ?, ?, NOW(), NOW(), ?, ?, ?, ?, ?);' );
$stmt->execute( [ $email, $hash, $quota, $user, $domain, '{ARGON2ID}', z_base32_encode( hash( 'sha1', mb_strtolower( $user ), true ) ), ( isset( $_POST[ 'enforce_tls_in' ] ) ? 1 : 0 ), ( isset( $_POST[ 'enforce_tls_out' ] ) ? 1 : 0 ), ( isset( $_POST[ 'active' ] ) ? 1 : 0 ) ] );
$msg .= ''._('Successfully created new mailbox!').'
';
}
}
} elseif ( $_POST[ 'action' ] === 'save_password_mailbox' && ! empty( $_POST[ 'user' ] ) ) {
$ok = check_email_valid( $_POST[ 'user' ], $msg );
if ( $ok ) {
$ok = check_domain_access( $_POST[ 'user' ], $msg );
}
if ( $ok ) {
if ( empty( $_POST[ 'pass_update' ] ) || empty( $_POST[ 'pass_update2' ] ) || $_POST[ 'pass_update' ] !== $_POST[ 'pass_update2' ] ) {
$msg .= ''._('Passwords empty or don\'t match').'
';
} else {
$hash = password_hash( $_POST[ 'pass_update' ], PASSWORD_ARGON2ID );
$stmt = $db->prepare( 'UPDATE mailbox SET password_hash_type = "{ARGON2ID}", password = ? WHERE username = ?;' );
$stmt->execute( [ $hash, $_POST[ 'user' ] ] );
$msg .= ''._('Successfully updated password').'
';
}
}
} elseif ( $_POST[ 'action' ] === 'disable_tfa_mailbox' && ! empty( $_POST[ 'user' ] ) ) {
$ok = check_email_valid( $_POST[ 'user' ], $msg );
if ( $ok ) {
$ok = check_domain_access( $_POST[ 'user' ], $msg );
}
if ( $ok ) {
$stmt = $db->prepare( 'UPDATE mailbox SET tfa = 0 WHERE username = ?;' );
$stmt->execute( [ $_POST[ 'user' ] ] );
$msg .= ''._('Successfully disabled two-factor authentication').'
';
}
}
}
}
}
?>
$msg";
if ( empty( $_SESSION[ 'email_admin_user' ] ) ) { ?>
query( 'SELECT username, modified, active FROM admin;' );
?>
prepare( 'SELECT username, superadmin, active FROM admin WHERE username = ?;' );
$stmt->execute( [ $admin ] );
if ( $admin = $stmt->fetch( PDO::FETCH_ASSOC ) ) {
?>
'._('Oops, this admin doesn\'t seem to exist.') . '';
}
}
function send_new_admin(): void
{
?>
query( 'SELECT domain, modified, active FROM domain;' );
if ( $_SESSION[ 'email_admin_superadmin' ] ) {
?>
prepare( 'SELECT domain, active FROM domain WHERE domain = ?;' );
$stmt->execute( [ $_POST[ 'domain' ] ] );
if ( $admin = $stmt->fetch( PDO::FETCH_ASSOC ) ) {
?>
'._('Oops, this admin doesn\'t seem to exist.').'';
}
}
function send_manage_alias_domains(): void
{
$db = get_db_instance();
$stmt = $db->query( 'SELECT alias_domain, target_domain, modified, active FROM alias_domain;' );
if ( $_SESSION[ 'email_admin_superadmin' ] ) {
?>
prepare( 'SELECT alias_domain, target_domain, active FROM alias_domain WHERE alias_domain = ?;' );
$stmt->execute( [ $_POST[ 'alias_domain' ] ] );
if ( $alias = $stmt->fetch( PDO::FETCH_ASSOC ) ) {
?>
'._('Oops, this alias domain doesn\'t seem to exist.').'';
}
}
function send_manage_aliases(): void
{
$db = get_db_instance();
$stmt = $db->prepare( 'SELECT a.address, a.goto, a.modified, a.active FROM alias AS a LEFT JOIN mailbox AS m ON (m.username=a.address AND m.active=1) WHERE a.domain IN (SELECT domain FROM domain_admins WHERE username = ?) AND isnull(m.username) limit 200;' );
$stmt->execute( [ $_SESSION[ 'email_admin_user' ] ] );
?>
prepare( 'SELECT a.address, a.goto, a.active, a.enforce_tls_in FROM alias AS a LEFT JOIN mailbox AS m ON (m.username=a.address AND m.active=1) WHERE a.address = ? AND isnull(m.username);' );
$stmt->execute( [ $_POST[ 'alias' ] ] );
if ( $alias = $stmt->fetch( PDO::FETCH_ASSOC ) ) {
?>
'._('Oops, this alias doesn\'t seem to exist.').'';
}
}
function send_manage_mailboxes(): void
{
$db = get_db_instance();
$stmt = $db->prepare( 'SELECT username, modified, active FROM mailbox WHERE domain IN (SELECT domain FROM domain_admins WHERE username = ?) limit 200;' );
$stmt->execute( [ $_SESSION[ 'email_admin_user' ] ] );
?>
fetch( PDO::FETCH_ASSOC ) ) {
$active = 'Disabled';
if ( $tmp[ 'active' ] === 1 ) {
$active = 'Active';
} elseif ( $tmp[ 'active' ] === -1 ) {
$active = 'Disabling';
} elseif ( $tmp[ 'active' ] === -2 ) {
$active = 'Deleting';
}
echo '' . htmlspecialchars( $tmp[ 'username' ] ) . '
' . $active . '
' . $tmp[ 'modified' ] . '
'._('Edit').'
';
}
?>
prepare( 'SELECT a.goto, m.active, m.enforce_tls_in, m.enforce_tls_out FROM alias AS a INNER JOIN mailbox AS m ON (m.username=a.address) WHERE m.username = ?;' );
$stmt->execute( [ $_REQUEST[ 'user' ] ] );
if ( $email = $stmt->fetch( PDO::FETCH_ASSOC ) ) {
$aliases = explode( ',', $email[ 'goto' ] );
$aliases_to = implode( "\n", array_diff( $aliases, [ $_REQUEST[ 'user' ] ] ) );
?>
'._('Oops, this mailbox doesn\'t seem to exist.').'';
}
}