Начало Каталог Помощ
Вход
mirrors
/
mailcow-dockerized
огледало от https://github.com/mailcow/mailcow-dockerized
2
0
Разклонения 0
Файлове Задачи 0 Уики
ИН на ревизия: 4146cec3b9
Клонове Маркери
mailcow-dockeri...
/
data
/
web
/
inc
/
functions.inc.php

functions.inc.php 104 KB
История Директен файл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474 
  1. <?php
    2. 

  2. function hash_password($password) {
    3. 

  3. 	$salt_str = bin2hex(openssl_random_pseudo_bytes(8));
    4. 

  4. 	return "{SSHA256}".base64_encode(hash('sha256', $password . $salt_str, true) . $salt_str);
    5. 

  5. }
    6. 

  6. function hasDomainAccess($username, $role, $domain) {
    7. 

  7. 	global $pdo;
    8. 

  8. 	if (!filter_var($username, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
    9. 

  9. 		return false;
    10. 

  10. 	}
    11. 

  11. 	if (!is_valid_domain_name($domain)) {
    12. 

  12. 		return false;
    13. 

  13. 	}
    14. 

  14. 	if ($role != 'admin' && $role != 'domainadmin' && $role != 'user') {
    15. 

  15. 		return false;
    16. 

  16. 	}
    17. 

  17. 	try {
    18. 

  18. 		$stmt = $pdo->prepare("SELECT `domain` FROM `domain_admins`
    19. 

  19. 			WHERE (
    20. 

  20. 				`active`='1'
    21. 

  21. 				AND `username` = :username
    22. 

  22. 				AND `domain` = :domain
    23. 

  23. 			)
    24. 

  24. 			OR 'admin' = :role");
    25. 

  25. 		$stmt->execute(array(':username' => $username, ':domain' => $domain, ':role' => $role));
    26. 

  26. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    27. 

  27. 	} catch(PDOException $e) {
    28. 

  28. 		error_log($e);
    29. 

  29. 		return false;
    30. 

  30. 	}
    31. 

  31. 	if ($num_results != 0 && !empty($num_results)) {
    32. 

  32. 		return true;
    33. 

  33. 	}
    34. 

  34. 	return false;
    35. 

  35. }
    36. 

  36. function init_db_schema() {
    37. 

  37. 	global $pdo;
    38. 

  38. 	try {
    39. 

  39. 		$stmt = $pdo->prepare("SELECT NULL FROM `admin`, `imapsync`");
    40. 

  40. 		$stmt->execute();
    41. 

  41. 	}
    42. 

  42. 	catch (Exception $e) {
    43. 

  43. 		$lines = file('/web/inc/init.sql');
    44. 

  44. 		$data = '';
    45. 

  45. 		foreach ($lines as $line) {
    46. 

  46. 			if (substr($line, 0, 2) == '--' || $line == '') {
    47. 

  47. 				continue;
    48. 

  48. 			}
    49. 

  49. 			$data .= $line;
    50. 

  50. 			if (substr(trim($line), -1, 1) == ';') {
    51. 

  51. 				$pdo->query($data);
    52. 

  52. 				$data = '';
    53. 

  53. 			}
    54. 

  54. 		}
    55. 

  55.     // Create index if not exists
    56. 

  56. 		$stmt = $pdo->query("SHOW INDEX FROM sogo_acl WHERE KEY_NAME = 'sogo_acl_c_folder_id_idx'");
    57. 

  57. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    58. 

  58. 		if ($num_results == 0) {
    59. 

  59. 			$pdo->query("CREATE INDEX sogo_acl_c_folder_id_idx ON sogo_acl(c_folder_id)");
    60. 

  60. 		}
    61. 

  61. 		$stmt = $pdo->query("SHOW INDEX FROM sogo_acl WHERE KEY_NAME = 'sogo_acl_c_uid_idx'");
    62. 

  62. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    63. 

  63. 		if ($num_results == 0) {
    64. 

  64. 			$pdo->query("CREATE INDEX sogo_acl_c_uid_idx ON sogo_acl(c_uid)");
    65. 

  65. 		}
    66. 

  66. 		$_SESSION['return'] = array(
    67. 

  67. 			'type' => 'success',
    68. 

  68. 			'msg' => 'Database initialization completed.'
    69. 

  69. 		);
    70. 

  70. 	}
    71. 

  71.   // Add newly added columns
    72. 

  72.   $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE 'kind'");
    73. 

  73.   $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    74. 

  74.   if ($num_results == 0) {
    75. 

  75.     $pdo->query("ALTER TABLE `mailbox` ADD `kind` varchar(100) NOT NULL DEFAULT ''");
    76. 

  76.   }
    77. 

  77.   $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE 'multiple_bookings'");
    78. 

  78.   $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    79. 

  79.   if ($num_results == 0) {
    80. 

  80.     $pdo->query("ALTER TABLE `mailbox` ADD `multiple_bookings` tinyint(1) NOT NULL DEFAULT '0'");
    81. 

  81.   }
    82. 

  82.   $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE 'wants_tagged_subject'");
    83. 

  83.   $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    84. 

  84.   if ($num_results == 0) {
    85. 

  85.     $pdo->query("ALTER TABLE `mailbox` ADD `wants_tagged_subject` tinyint(1) NOT NULL DEFAULT '0'");
    86. 

  86.   }
    87. 

  87. }
    88. 

  88. function verify_ssha256($hash, $password) {
    89. 

  89. 	// Remove tag if any
    90. 

  90. 	$hash = ltrim($hash, '{SSHA256}');
    91. 

  91. 	// Decode hash
    92. 

  92. 	$dhash = base64_decode($hash);
    93. 

  93. 	// Get first 32 bytes of binary which equals a SHA256 hash
    94. 

  94. 	$ohash = substr($dhash, 0, 32);
    95. 

  95. 	// Remove SHA256 hash from decoded hash to get original salt string
    96. 

  96. 	$osalt = str_replace($ohash, '', $dhash);
    97. 

  97. 	// Check single salted SHA256 hash against extracted hash
    98. 

  98. 	if (hash('sha256', $password . $osalt, true) == $ohash) {
    99. 

  99. 		return true;
    100. 

  100. 	}
    101. 

  101. 	else {
    102. 

  102. 		return false;
    103. 

  103. 	}
    104. 

  104. }
    105. 

  105. function doveadm_authenticate($hash, $algorithm, $password) {
    106. 

  106. 	$descr = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w'));
    107. 

  107. 	$pipes = array();
    108. 

  108. 	$process = proc_open("/usr/bin/doveadm pw -s ".$algorithm." -t '".$hash."'", $descr, $pipes);
    109. 

  109. 	if (is_resource($process)) {
    110. 

  110. 		fputs($pipes[0], $password);
    111. 

  111. 		fclose($pipes[0]);
    112. 

  112. 		while ($f = fgets($pipes[1])) {
    113. 

  113. 			if (preg_match('/(verified)/', $f)) {
    114. 

  114. 				proc_close($process);
    115. 

  115. 				return true;
    116. 

  116. 			}
    117. 

  117. 			return false;
    118. 

  118. 		}
    119. 

  119. 		fclose($pipes[1]);
    120. 

  120. 		while ($f = fgets($pipes[2])) {
    121. 

  121. 			proc_close($process);
    122. 

  122. 			return false;
    123. 

  123. 		}
    124. 

  124. 		fclose($pipes[2]);
    125. 

  125. 		proc_close($process);
    126. 

  126. 	}
    127. 

  127. 	return false;
    128. 

  128. }
    129. 

  129. function check_login($user, $pass) {
    130. 

  130. 	global $pdo;
    131. 

  131. 	if (!filter_var($user, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $user))) {
    132. 

  132. 		return false;
    133. 

  133. 	}
    134. 

  134. 	$user = strtolower(trim($user));
    135. 

  135. 	$stmt = $pdo->prepare("SELECT `password` FROM `admin`
    136. 

  136. 			WHERE `superadmin` = '1'
    137. 

  137. 			AND `username` = :user");
    138. 

  138. 	$stmt->execute(array(':user' => $user));
    139. 

  139. 	$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    140. 

  140. 	foreach ($rows as $row) {
    141. 

  141. 		if (verify_ssha256($row['password'], $pass) !== false) {
    142. 

  142. 			unset($_SESSION['ldelay']);
    143. 

  143. 			return "admin";
    144. 

  144. 		}
    145. 

  145. 	}
    146. 

  146. 	$stmt = $pdo->prepare("SELECT `password` FROM `admin`
    147. 

  147. 			WHERE `superadmin` = '0'
    148. 

  148. 			AND `active`='1'
    149. 

  149. 			AND `username` = :user");
    150. 

  150. 	$stmt->execute(array(':user' => $user));
    151. 

  151. 	$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    152. 

  152. 	foreach ($rows as $row) {
    153. 

  153. 		if (verify_ssha256($row['password'], $pass) !== false) {
    154. 

  154. 			unset($_SESSION['ldelay']);
    155. 

  155. 			return "domainadmin";
    156. 

  156. 		}
    157. 

  157. 	}
    158. 

  158. 	$stmt = $pdo->prepare("SELECT `password` FROM `mailbox`
    159. 

  159. 			WHERE `active`='1'
    160. 

  160. 			AND `username` = :user");
    161. 

  161. 	$stmt->execute(array(':user' => $user));
    162. 

  162. 	$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    163. 

  163. 	foreach ($rows as $row) {
    164. 

  164. 		if (verify_ssha256($row['password'], $pass) !== false) {
    165. 

  165. 			unset($_SESSION['ldelay']);
    166. 

  166. 			return "user";
    167. 

  167. 		}
    168. 

  168. 	}
    169. 

  169. 	if (!isset($_SESSION['ldelay'])) {
    170. 

  170. 		$_SESSION['ldelay'] = "0";
    171. 

  171. 	}
    172. 

  172. 	elseif (!isset($_SESSION['mailcow_cc_username'])) {
    173. 

  173. 		$_SESSION['ldelay'] = $_SESSION['ldelay']+0.5;
    174. 

  174. 	}
    175. 

  175. 	sleep($_SESSION['ldelay']);
    176. 

  176. }
    177. 

  177. function formatBytes($size, $precision = 2) {
    178. 

  178. 	if(!is_numeric($size)) {
    179. 

  179. 		return "0";
    180. 

  180. 	}
    181. 

  181. 	$base = log($size, 1024);
    182. 

  182. 	$suffixes = array(' Byte', ' KiB', ' MiB', ' GiB', ' TiB');
    183. 

  183. 	if ($size == "0") {
    184. 

  184. 		return "0";
    185. 

  185. 	}
    186. 

  186. 	return round(pow(1024, $base - floor($base)), $precision) . $suffixes[floor($base)];
    187. 

  187. }
    188. 

  188. function dkim_table($action, $item) {
    189. 

  189. 	global $lang;
    190. 

  190. 	switch ($action) {
    191. 

  191. 		case "delete":
    192. 

  192. 			$domain = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['domain']);
    193. 

  193. 			if (!is_valid_domain_name($domain)) {
    194. 

  194. 				$_SESSION['return'] = array(
    195. 

  195. 					'type' => 'danger',
    196. 

  196. 					'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
    197. 

  197. 				);
    198. 

  198. 				break;
    199. 

  199. 			}
    200. 

  200. 			exec('rm ' . escapeshellarg($GLOBALS['MC_DKIM_TXTS'] . '/' . $domain . '.dkim'), $out, $return);
    201. 

  201. 			if ($return != "0") {
    202. 

  202. 				$_SESSION['return'] = array(
    203. 

  203. 					'type' => 'danger',
    204. 

  204. 					'msg' => sprintf($lang['danger']['dkim_remove_failed'])
    205. 

  205. 				);
    206. 

  206. 				break;
    207. 

  207. 			}
    208. 

  208. 			exec('rm ' . escapeshellarg($GLOBALS['MC_DKIM_KEYS'] . '/' . $domain . '.dkim'), $out, $return);
    209. 

  209.             if ($return != "0") {
    210. 

  210.                 $_SESSION['return'] = array(
    211. 

  211.                     'type' => 'danger',
    212. 

  212.                     'msg' => sprintf($lang['danger']['dkim_remove_failed'])
    213. 

  213.                 );
    214. 

  214.                 break;
    215. 

  215.             }
    216. 

  216. 			$_SESSION['return'] = array(
    217. 

  217. 				'type' => 'success',
    218. 

  218. 				'msg' => sprintf($lang['success']['dkim_removed'])
    219. 

  219. 			);
    220. 

  220. 			break;
    221. 

  221. 		case "add":
    222. 

  222. 			$domain = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['domain']);
    223. 

  223. 			$key_length	= intval($item['dkim']['key_size']);
    224. 

  224.             if (!is_valid_domain_name($domain) || !is_numeric($key_length)) {
    225. 

  225.                 $_SESSION['return'] = array(
    226. 

  226.                     'type' => 'danger',
    227. 

  227.                     'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
    228. 

  228.                 );
    229. 

  229.                 break;
    230. 

  230.             }
    231. 

  231. 

  232.             if (!empty(glob($GLOBALS['MC_DKIM_TXTS'] . '/' . $domain . '.dkim'))) {
    233. 

  233.                 $_SESSION['return'] = array(
    234. 

  234.                     'type' => 'danger',
    235. 

  235.                     'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
    236. 

  236.                 );
    237. 

  237.                 break;
    238. 

  238.             }
    239. 

  239. 

  240. 			$config = array(
    241. 

  241. 				"digest_alg" => "sha256",
    242. 

  242. 				"private_key_bits" => $key_length,
    243. 

  243. 				"private_key_type" => OPENSSL_KEYTYPE_RSA,
    244. 

  244. 			);
    245. 

  245. 			$keypair_ressource = openssl_pkey_new($config);
    246. 

  246. 			$key_details = openssl_pkey_get_details($keypair_ressource);
    247. 

  247. 			$pubKey = implode(array_slice(
    248. 

  248. 					array_filter(
    249. 

  249. 						explode(PHP_EOL, $key_details['key'])
    250. 

  250. 					), 1, -1)
    251. 

  251. 				);
    252. 

  252. 			// Save public key to file
    253. 

  253. 			file_put_contents($GLOBALS['MC_DKIM_TXTS'] . '/' . $domain . '.dkim', $pubKey);
    254. 

  254. 			// Save private key to file
    255. 

  255. 			openssl_pkey_export_to_file($keypair_ressource, $GLOBALS['MC_DKIM_KEYS'] . '/' . $domain . '.dkim');
    256. 

  256. 

  257. 			$_SESSION['return'] = array(
    258. 

  258. 				'type' => 'success',
    259. 

  259. 				'msg' => sprintf($lang['success']['dkim_added'])
    260. 

  260. 			);
    261. 

  261. 			break;
    262. 

  262. 	}
    263. 

  263. }
    264. 

  264. function mailbox_add_domain($postarray) {
    265. 

  265.   // Array elements
    266. 

  266.   // domain                 string
    267. 

  267.   // description            string
    268. 

  268.   // aliases                int
    269. 

  269.   // mailboxes              int
    270. 

  270.   // maxquota               int
    271. 

  271.   // quota                  int
    272. 

  272.   // active                 int
    273. 

  273.   // relay_all_recipients   int
    274. 

  274.   // backupmx               int
    275. 

  275. 	global $pdo;
    276. 

  276. 	global $lang;
    277. 

  277. 	if ($_SESSION['mailcow_cc_role'] != "admin") {
    278. 

  278. 		$_SESSION['return'] = array(
    279. 

  279. 			'type' => 'danger',
    280. 

  280. 			'msg' => sprintf($lang['danger']['access_denied'])
    281. 

  281. 		);
    282. 

  282. 		return false;
    283. 

  283. 	}
    284. 

  284. 	$domain				= idn_to_ascii(strtolower(trim($postarray['domain'])));
    285. 

  285. 	$description  = $postarray['description'];
    286. 

  286. 	$aliases			= $postarray['aliases'];
    287. 

  287. 	$mailboxes    = $postarray['mailboxes'];
    288. 

  288. 	$maxquota			= $postarray['maxquota'];
    289. 

  289. 	$quota				= $postarray['quota'];
    290. 

  290. 

  291. 	if ($maxquota > $quota) {
    292. 

  292. 		$_SESSION['return'] = array(
    293. 

  293. 			'type' => 'danger',
    294. 

  294. 			'msg' => sprintf($lang['danger']['mailbox_quota_exceeds_domain_quota'])
    295. 

  295. 		);
    296. 

  296. 		return false;
    297. 

  297. 	}
    298. 

  298. 

  299. 	isset($postarray['active'])               ? $active = '1'                 : $active = '0';
    300. 

  300. 	isset($postarray['relay_all_recipients'])	? $relay_all_recipients = '1'   : $relay_all_recipients = '0';
    301. 

  301. 	isset($postarray['backupmx'])             ? $backupmx = '1'               : $backupmx = '0';
    302. 

  302. 	isset($postarray['relay_all_recipients']) ? $backupmx = '1'               : true;
    303. 

  303. 

  304. 	if (!is_valid_domain_name($domain)) {
    305. 

  305. 		$_SESSION['return'] = array(
    306. 

  306. 			'type' => 'danger',
    307. 

  307. 			'msg' => sprintf($lang['danger']['domain_invalid'])
    308. 

  308. 		);
    309. 

  309. 		return false;
    310. 

  310. 	}
    311. 

  311. 

  312. 	foreach (array($quota, $maxquota, $mailboxes, $aliases) as $data) {
    313. 

  313. 		if (!is_numeric($data)) {
    314. 

  314. 			$_SESSION['return'] = array(
    315. 

  315. 				'type' => 'danger',
    316. 

  316. 				'msg' => sprintf($lang['danger']['object_is_not_numeric'], htmlspecialchars($data))
    317. 

  317. 			);
    318. 

  318. 			return false;
    319. 

  319. 		}
    320. 

  320. 	}
    321. 

  321. 

  322. 	try {
    323. 

  323. 		$stmt = $pdo->prepare("SELECT `domain` FROM `domain`
    324. 

  324. 			WHERE `domain` = :domain");
    325. 

  325. 		$stmt->execute(array(':domain' => $domain));
    326. 

  326. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    327. 

  327. 		$stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain`
    328. 

  328. 			WHERE `alias_domain` = :domain");
    329. 

  329. 		$stmt->execute(array(':domain' => $domain));
    330. 

  330. 		$num_results = $num_results + count($stmt->fetchAll(PDO::FETCH_ASSOC));
    331. 

  331. 	}
    332. 

  332. 	catch(PDOException $e) {
    333. 

  333. 		$_SESSION['return'] = array(
    334. 

  334. 			'type' => 'danger',
    335. 

  335. 			'msg' => 'MySQL: '.$e
    336. 

  336. 		);
    337. 

  337. 		return false;
    338. 

  338. 	}
    339. 

  339. 	if ($num_results != 0) {
    340. 

  340. 		$_SESSION['return'] = array(
    341. 

  341. 			'type' => 'danger',
    342. 

  342. 			'msg' => sprintf($lang['danger']['domain_exists'], htmlspecialchars($domain))
    343. 

  343. 		);
    344. 

  344. 		return false;
    345. 

  345. 	}
    346. 

  346. 

  347. 	try {
    348. 

  348. 		$stmt = $pdo->prepare("INSERT INTO `domain` (`domain`, `description`, `aliases`, `mailboxes`, `maxquota`, `quota`, `transport`, `backupmx`, `created`, `modified`, `active`, `relay_all_recipients`)
    349. 

  349. 			VALUES (:domain, :description, :aliases, :mailboxes, :maxquota, :quota, 'virtual', :backupmx, :created, :modified, :active, :relay_all_recipients)");
    350. 

  350. 		$stmt->execute(array(
    351. 

  351. 			':domain' => $domain,
    352. 

  352. 			':description' => $description,
    353. 

  353. 			':aliases' => $aliases,
    354. 

  354. 			':mailboxes' => $mailboxes,
    355. 

  355. 			':maxquota' => $maxquota,
    356. 

  356. 			':quota' => $quota,
    357. 

  357. 			':backupmx' => $backupmx,
    358. 

  358. 			':active' => $active,
    359. 

  359. 			':created' => date('Y-m-d H:i:s'),
    360. 

  360. 			':modified' => date('Y-m-d H:i:s'),
    361. 

  361. 			':relay_all_recipients' => $relay_all_recipients
    362. 

  362. 		));
    363. 

  363. 		$_SESSION['return'] = array(
    364. 

  364. 			'type' => 'success',
    365. 

  365. 			'msg' => sprintf($lang['success']['domain_added'], htmlspecialchars($domain))
    366. 

  366. 		);
    367. 

  367. 	}
    368. 

  368. 	catch (PDOException $e) {
    369. 

  369. 		$_SESSION['return'] = array(
    370. 

  370. 			'type' => 'danger',
    371. 

  371. 			'msg' => 'MySQL: '.$e
    372. 

  372. 		);
    373. 

  373. 		return false;
    374. 

  374. 	}
    375. 

  375. }
    376. 

  376. function mailbox_add_alias($postarray) {
    377. 

  377.   // Array elements
    378. 

  378.   // address  string  (separated by " ", "," ";" "\n") - email address or domain
    379. 

  379.   // goto     string  (separated by " ", "," ";" "\n")
    380. 

  380.   // active   int
    381. 

  381. 	global $lang;
    382. 

  382. 	global $pdo;
    383. 

  383. 	$addresses  = array_map('trim', preg_split( "/( |,|;|\n)/", $postarray['address']));
    384. 

  384. 	$gotos      = array_map('trim', preg_split( "/( |,|;|\n)/", $postarray['goto']));
    385. 

  385. 	isset($postarray['active']) ? $active = '1' : $active = '0';
    386. 

  386. 	if (empty($addresses[0])) {
    387. 

  387. 		$_SESSION['return'] = array(
    388. 

  388. 			'type' => 'danger',
    389. 

  389. 			'msg' => sprintf($lang['danger']['alias_empty'])
    390. 

  390. 		);
    391. 

  391. 		return false;
    392. 

  392. 	}
    393. 

  393. 

  394. 	if (empty($gotos[0])) {
    395. 

  395. 		$_SESSION['return'] = array(
    396. 

  396. 			'type' => 'danger',
    397. 

  397. 			'msg' => sprintf($lang['danger']['goto_empty'])
    398. 

  398. 		);
    399. 

  399. 		return false;
    400. 

  400. 	}
    401. 

  401. 

  402. 	foreach ($addresses as $address) {
    403. 

  403. 		if (empty($address)) {
    404. 

  404. 			continue;
    405. 

  405. 		}
    406. 

  406. 

  407. 		$domain       = idn_to_ascii(substr(strstr($address, '@'), 1));
    408. 

  408. 		$local_part   = strstr($address, '@', true);
    409. 

  409. 		$address      = $local_part.'@'.$domain;
    410. 

  410. 

  411. 		try {
    412. 

  412. 			$stmt = $pdo->prepare("SELECT `domain` FROM `domain`
    413. 

  413. 				WHERE `domain`= :domain");
    414. 

  414. 			$stmt->execute(array(':domain' => $domain));
    415. 

  415. 			$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    416. 

  416. 		}
    417. 

  417. 		catch(PDOException $e) {
    418. 

  418. 			$_SESSION['return'] = array(
    419. 

  419. 				'type' => 'danger',
    420. 

  420. 				'msg' => 'MySQL: '.$e
    421. 

  421. 			);
    422. 

  422. 			return false;
    423. 

  423. 		}
    424. 

  424. 		if ($num_results == 0) {
    425. 

  425. 			$_SESSION['return'] = array(
    426. 

  426. 				'type' => 'danger',
    427. 

  427. 				'msg' => sprintf($lang['danger']['domain_not_found'], $domain)
    428. 

  428. 			);
    429. 

  429. 			return false;
    430. 

  430. 		}
    431. 

  431. 

  432. 		if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) {
    433. 

  433. 			$_SESSION['return'] = array(
    434. 

  434. 				'type' => 'danger',
    435. 

  435. 				'msg' => sprintf($lang['danger']['alias_invalid'])
    436. 

  436. 			);
    437. 

  437. 			return false;
    438. 

  438. 		}
    439. 

  439. 

  440. 		if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
    441. 

  441. 			$_SESSION['return'] = array(
    442. 

  442. 				'type' => 'danger',
    443. 

  443. 				'msg' => sprintf($lang['danger']['access_denied'])
    444. 

  444. 			);
    445. 

  445. 			return false;
    446. 

  446. 		}
    447. 

  447. 

  448. 		try {
    449. 

  449. 			$stmt = $pdo->prepare("SELECT `address` FROM `alias`
    450. 

  450. 				WHERE `address`= :address");
    451. 

  451. 			$stmt->execute(array(':address' => $address));
    452. 

  452. 			$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    453. 

  453. 		}
    454. 

  454. 		catch(PDOException $e) {
    455. 

  455. 			$_SESSION['return'] = array(
    456. 

  456. 				'type' => 'danger',
    457. 

  457. 				'msg' => 'MySQL: '.$e
    458. 

  458. 			);
    459. 

  459. 			return false;
    460. 

  460. 		}
    461. 

  461. 		if ($num_results != 0) {
    462. 

  462. 			$_SESSION['return'] = array(
    463. 

  463. 				'type' => 'danger',
    464. 

  464. 				'msg' => sprintf($lang['danger']['is_alias_or_mailbox'], htmlspecialchars($address))
    465. 

  465. 			);
    466. 

  466. 			return false;
    467. 

  467. 		}
    468. 

  468. 

  469. 		try {
    470. 

  470. 			$stmt = $pdo->prepare("SELECT `address` FROM `spamalias`
    471. 

  471. 				WHERE `address`= :address");
    472. 

  472. 			$stmt->execute(array(':address' => $address));
    473. 

  473. 			$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    474. 

  474. 		}
    475. 

  475. 		catch(PDOException $e) {
    476. 

  476. 			$_SESSION['return'] = array(
    477. 

  477. 				'type' => 'danger',
    478. 

  478. 				'msg' => 'MySQL: '.$e
    479. 

  479. 			);
    480. 

  480. 			return false;
    481. 

  481. 		}
    482. 

  482. 		if ($num_results != 0) {
    483. 

  483. 			$_SESSION['return'] = array(
    484. 

  484. 				'type' => 'danger',
    485. 

  485. 				'msg' => sprintf($lang['danger']['is_spam_alias'], htmlspecialchars($address))
    486. 

  486. 			);
    487. 

  487. 			return false;
    488. 

  488. 		}
    489. 

  489. 

  490. 		foreach ($gotos as &$goto) {
    491. 

  491. 			if (empty($goto)) {
    492. 

  492. 				continue;
    493. 

  493. 			}
    494. 

  494. 

  495. 			$goto_domain		= idn_to_ascii(substr(strstr($goto, '@'), 1));
    496. 

  496. 			$goto_local_part	= strstr($goto, '@', true);
    497. 

  497. 			$goto				= $goto_local_part.'@'.$goto_domain;
    498. 

  498. 

  499. 			if (!filter_var($goto, FILTER_VALIDATE_EMAIL) === true) {
    500. 

  500. 				$_SESSION['return'] = array(
    501. 

  501. 					'type' => 'danger',
    502. 

  502. 					'msg' => sprintf($lang['danger']['goto_invalid'])
    503. 

  503. 				);
    504. 

  504. 				return false;
    505. 

  505. 			}
    506. 

  506. 			if ($goto == $address) {
    507. 

  507. 				$_SESSION['return'] = array(
    508. 

  508. 					'type' => 'danger',
    509. 

  509. 					'msg' => sprintf($lang['danger']['alias_goto_identical'])
    510. 

  510. 				);
    511. 

  511. 				return false;
    512. 

  512. 			}
    513. 

  513. 		}
    514. 

  514. 

  515. 		$gotos = array_filter($gotos);
    516. 

  516. 		$goto = implode(",", $gotos);
    517. 

  517. 

  518. 		try {
    519. 

  519. 			$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `created`, `modified`, `active`)
    520. 

  520. 				VALUES (:address, :goto, :domain, :created, :modified, :active)");
    521. 

  521. 

  522. 			if (!filter_var($address, FILTER_VALIDATE_EMAIL) === true) {
    523. 

  523. 				$stmt->execute(array(
    524. 

  524. 					':address' => '@'.$domain,
    525. 

  525. 					':goto' => $goto,
    526. 

  526. 					':domain' => $domain,
    527. 

  527. 					':created' => date('Y-m-d H:i:s'),
    528. 

  528. 					':modified' => date('Y-m-d H:i:s'),
    529. 

  529. 					':active' => $active
    530. 

  530. 				));
    531. 

  531. 			}
    532. 

  532. 			else {
    533. 

  533. 				$stmt->execute(array(
    534. 

  534. 					':address' => $address,
    535. 

  535. 					':goto' => $goto,
    536. 

  536. 					':domain' => $domain,
    537. 

  537. 					':created' => date('Y-m-d H:i:s'),
    538. 

  538. 					':modified' => date('Y-m-d H:i:s'),
    539. 

  539. 					':active' => $active
    540. 

  540. 				));
    541. 

  541. 			}
    542. 

  542. 			$_SESSION['return'] = array(
    543. 

  543. 				'type' => 'success',
    544. 

  544. 				'msg' => sprintf($lang['success']['alias_added'])
    545. 

  545. 			);
    546. 

  546. 		}
    547. 

  547. 		catch (PDOException $e) {
    548. 

  548. 			$_SESSION['return'] = array(
    549. 

  549. 				'type' => 'danger',
    550. 

  550. 				'msg' => 'MySQL: '.$e
    551. 

  551. 			);
    552. 

  552. 			return false;
    553. 

  553. 		}
    554. 

  554. 	}
    555. 

  555. 	$_SESSION['return'] = array(
    556. 

  556. 		'type' => 'success',
    557. 

  557. 		'msg' => sprintf($lang['success']['alias_added'])
    558. 

  558. 	);
    559. 

  559. }
    560. 

  560. function mailbox_add_alias_domain($postarray) {
    561. 

  561.   // Array elements
    562. 

  562.   // active         int
    563. 

  563.   // alias_domain   string
    564. 

  564.   // target_domain  string
    565. 

  565. 	global $lang;
    566. 

  566. 	global $pdo;
    567. 

  567. 	isset($postarray['active']) ? $active = '1' : $active = '0';
    568. 

  568. 	$alias_domain     = idn_to_ascii(strtolower(trim($postarray['alias_domain'])));
    569. 

  569. 	$target_domain    = idn_to_ascii(strtolower(trim($postarray['target_domain'])));
    570. 

  570. 

  571. 	if (!is_valid_domain_name($alias_domain)) {
    572. 

  572. 		$_SESSION['return'] = array(
    573. 

  573. 			'type' => 'danger',
    574. 

  574. 			'msg' => sprintf($lang['danger']['alias_domain_invalid'])
    575. 

  575. 		);
    576. 

  576. 		return false;
    577. 

  577. 	}
    578. 

  578. 

  579. 	if (!is_valid_domain_name($target_domain)) {
    580. 

  580. 		$_SESSION['return'] = array(
    581. 

  581. 			'type' => 'danger',
    582. 

  582. 			'msg' => sprintf($lang['danger']['target_domain_invalid'])
    583. 

  583. 		);
    584. 

  584. 		return false;
    585. 

  585. 	}
    586. 

  586. 

  587. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $target_domain)) {
    588. 

  588. 		$_SESSION['return'] = array(
    589. 

  589. 			'type' => 'danger',
    590. 

  590. 			'msg' => sprintf($lang['danger']['access_denied'])
    591. 

  591. 		);
    592. 

  592. 		return false;
    593. 

  593. 	}
    594. 

  594. 

  595. 	if ($alias_domain == $target_domain) {
    596. 

  596. 		$_SESSION['return'] = array(
    597. 

  597. 			'type' => 'danger',
    598. 

  598. 			'msg' => sprintf($lang['danger']['aliasd_targetd_identical'])
    599. 

  599. 		);
    600. 

  600. 		return false;
    601. 

  601. 	}
    602. 

  602. 

  603. 	try {
    604. 

  604. 		$stmt = $pdo->prepare("SELECT `domain` FROM `domain`
    605. 

  605. 			WHERE `domain`= :target_domain");
    606. 

  606. 		$stmt->execute(array(':target_domain' => $target_domain));
    607. 

  607. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    608. 

  608. 	}
    609. 

  609. 	catch(PDOException $e) {
    610. 

  610. 		$_SESSION['return'] = array(
    611. 

  611. 			'type' => 'danger',
    612. 

  612. 			'msg' => 'MySQL: '.$e
    613. 

  613. 		);
    614. 

  614. 		return false;
    615. 

  615. 	}
    616. 

  616. 	if ($num_results == 0) {
    617. 

  617. 		$_SESSION['return'] = array(
    618. 

  618. 			'type' => 'danger',
    619. 

  619. 			'msg' => sprintf($lang['danger']['targetd_not_found'])
    620. 

  620. 		);
    621. 

  621. 		return false;
    622. 

  622. 	}
    623. 

  623. 

  624. 	try {
    625. 

  625. 		$stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `alias_domain`= :alias_domain
    626. 

  626. 			UNION
    627. 

  627. 			SELECT `alias_domain` FROM `alias_domain` WHERE `alias_domain`= :alias_domain_in_domain");
    628. 

  628. 		$stmt->execute(array(':alias_domain' => $alias_domain, ':alias_domain_in_domain' => $alias_domain));
    629. 

  629. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    630. 

  630. 	}
    631. 

  631. 	catch(PDOException $e) {
    632. 

  632. 		$_SESSION['return'] = array(
    633. 

  633. 			'type' => 'danger',
    634. 

  634. 			'msg' => 'MySQL: '.$e
    635. 

  635. 		);
    636. 

  636. 		return false;
    637. 

  637. 	}
    638. 

  638. 	if ($num_results != 0) {
    639. 

  639. 		$_SESSION['return'] = array(
    640. 

  640. 			'type' => 'danger',
    641. 

  641. 			'msg' => sprintf($lang['danger']['aliasd_exists'])
    642. 

  642. 		);
    643. 

  643. 		return false;
    644. 

  644. 	}
    645. 

  645. 

  646. 	try {
    647. 

  647. 		$stmt = $pdo->prepare("INSERT INTO `alias_domain` (`alias_domain`, `target_domain`, `created`, `modified`, `active`)
    648. 

  648. 			VALUES (:alias_domain, :target_domain, :created, :modified, :active)");
    649. 

  649. 		$stmt->execute(array(
    650. 

  650. 			':alias_domain' => $alias_domain,
    651. 

  651. 			':target_domain' => $target_domain,
    652. 

  652. 			':created' => date('Y-m-d H:i:s'),
    653. 

  653. 			':modified' => date('Y-m-d H:i:s'),
    654. 

  654. 			':active' => $active
    655. 

  655. 		));
    656. 

  656. 		$_SESSION['return'] = array(
    657. 

  657. 			'type' => 'success',
    658. 

  658. 			'msg' => sprintf($lang['success']['aliasd_added'], htmlspecialchars($alias_domain))
    659. 

  659. 		);
    660. 

  660. 	}
    661. 

  661. 	catch (PDOException $e) {
    662. 

  662. 		$_SESSION['return'] = array(
    663. 

  663. 			'type' => 'danger',
    664. 

  664. 			'msg' => 'MySQL: '.$e
    665. 

  665. 		);
    666. 

  666. 		return false;
    667. 

  667. 	}
    668. 

  668. 

  669. }
    670. 

  670. function mailbox_edit_alias_domain($postarray) {
    671. 

  671.   // Array elements
    672. 

  672.   // active             int
    673. 

  673.   // alias_domain_now   string
    674. 

  674.   // alias_domain       string
    675. 

  675. 	global $lang;
    676. 

  676. 	global $pdo;
    677. 

  677. 	isset($postarray['active']) ? $active = '1' : $active = '0';
    678. 

  678. 	$alias_domain       = idn_to_ascii(strtolower(trim($postarray['alias_domain'])));
    679. 

  679. 	$alias_domain_now   = strtolower(trim($postarray['alias_domain_now']));
    680. 

  680. 	if (!is_valid_domain_name($alias_domain)) {
    681. 

  681. 		$_SESSION['return'] = array(
    682. 

  682. 			'type' => 'danger',
    683. 

  683. 			'msg' => sprintf($lang['danger']['alias_domain_invalid'])
    684. 

  684. 		);
    685. 

  685. 		return false;
    686. 

  686. 	}
    687. 

  687. 

  688. 	if (!is_valid_domain_name($alias_domain_now)) {
    689. 

  689. 		$_SESSION['return'] = array(
    690. 

  690. 			'type' => 'danger',
    691. 

  691. 			'msg' => sprintf($lang['danger']['alias_domain_invalid'])
    692. 

  692. 		);
    693. 

  693. 		return false;
    694. 

  694. 	}
    695. 

  695. 

  696. 	try {
    697. 

  697. 		$stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain`
    698. 

  698. 				WHERE `alias_domain`= :alias_domain_now");
    699. 

  699. 		$stmt->execute(array(':alias_domain_now' => $alias_domain_now));
    700. 

  700. 		$DomainData = $stmt->fetch(PDO::FETCH_ASSOC);
    701. 

  701. 	}
    702. 

  702. 	catch(PDOException $e) {
    703. 

  703. 		$_SESSION['return'] = array(
    704. 

  704. 			'type' => 'danger',
    705. 

  705. 			'msg' => 'MySQL: '.$e
    706. 

  706. 		);
    707. 

  707. 		return false;
    708. 

  708. 	}
    709. 

  709. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $DomainData['target_domain'])) {
    710. 

  710. 		$_SESSION['return'] = array(
    711. 

  711. 			'type' => 'danger',
    712. 

  712. 			'msg' => sprintf($lang['danger']['access_denied'])
    713. 

  713. 		);
    714. 

  714. 		return false;
    715. 

  715. 	}
    716. 

  716. 

  717. 	try {
    718. 

  718. 		$stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain`
    719. 

  719. 		WHERE `target_domain`= :alias_domain");
    720. 

  720. 		$stmt->execute(array(':alias_domain' => $alias_domain));
    721. 

  721. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    722. 

  722. 	}
    723. 

  723. 	catch(PDOException $e) {
    724. 

  724. 		$_SESSION['return'] = array(
    725. 

  725. 			'type' => 'danger',
    726. 

  726. 			'msg' => 'MySQL: '.$e
    727. 

  727. 		);
    728. 

  728. 		return false;
    729. 

  729. 	}
    730. 

  730. 	if ($num_results != 0) {
    731. 

  731. 		$_SESSION['return'] = array(
    732. 

  732. 			'type' => 'danger',
    733. 

  733. 			'msg' => sprintf($lang['danger']['aliasd_targetd_identical'])
    734. 

  734. 		);
    735. 

  735. 		return false;
    736. 

  736. 	}
    737. 

  737. 

  738. 	try {
    739. 

  739. 		$stmt = $pdo->prepare("UPDATE `alias_domain` SET `alias_domain` = :alias_domain, `active` = :active WHERE `alias_domain` = :alias_domain_now");
    740. 

  740. 		$stmt->execute(array(
    741. 

  741. 			':alias_domain' => $alias_domain,
    742. 

  742. 			':alias_domain_now' => $alias_domain_now,
    743. 

  743. 			':active' => $active
    744. 

  744. 		));
    745. 

  745. 	}
    746. 

  746. 	catch (PDOException $e) {
    747. 

  747. 		$_SESSION['return'] = array(
    748. 

  748. 			'type' => 'danger',
    749. 

  749. 			'msg' => 'MySQL: '.$e
    750. 

  750. 		);
    751. 

  751. 		return false;
    752. 

  752. 	}
    753. 

  753. 

  754. 	$_SESSION['return'] = array(
    755. 

  755. 		'type' => 'success',
    756. 

  756. 		'msg' => sprintf($lang['success']['aliasd_modified'], htmlspecialchars($alias_domain))
    757. 

  757. 	);
    758. 

  758. }
    759. 

  759. function mailbox_add_mailbox($postarray) {
    760. 

  760.   // Array elements
    761. 

  761.   // active             int
    762. 

  762.   // local_part         string
    763. 

  763.   // domain             string
    764. 

  764.   // name               string    (username if empty)
    765. 

  765.   // password           string
    766. 

  766.   // password2          string
    767. 

  767.   // quota              int       (MiB)
    768. 

  768.   // active             int
    769. 

  769. 

  770. 	global $pdo;
    771. 

  771. 	global $lang;
    772. 

  772. 	$local_part   = strtolower(trim($postarray['local_part']));
    773. 

  773. 	$domain       = idn_to_ascii(strtolower(trim($postarray['domain'])));
    774. 

  774.   $username     = $local_part . '@' . $domain;
    775. 

  775. 	if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
    776. 

  776. 		$_SESSION['return'] = array(
    777. 

  777. 			'type' => 'danger',
    778. 

  778. 			'msg' => sprintf($lang['danger']['mailbox_invalid'])
    779. 

  779. 		);
    780. 

  780. 		return false;
    781. 

  781. 	}
    782. 

  782. 	if (empty($postarray['local_part'])) {
    783. 

  783. 		$_SESSION['return'] = array(
    784. 

  784. 			'type' => 'danger',
    785. 

  785. 			'msg' => sprintf($lang['danger']['mailbox_invalid'])
    786. 

  786. 		);
    787. 

  787. 		return false;
    788. 

  788. 	}
    789. 

  789. 	$password     = $postarray['password'];
    790. 

  790. 	$password2    = $postarray['password2'];
    791. 

  791. 	$name         = $postarray['name'];
    792. 

  792.   $quota_m			= filter_var($postarray['quota'], FILTER_SANITIZE_NUMBER_FLOAT);
    793. 

  793. 

  794. 	if (empty($name)) {
    795. 

  795. 		$name = $local_part;
    796. 

  796. 	}
    797. 

  797. 

  798. 	isset($postarray['active']) ? $active = '1' : $active = '0';
    799. 

  799. 

  800. 	$quota_b		= ($quota_m * 1048576);
    801. 

  801. 	$maildir		= $domain."/".$local_part."/";
    802. 

  802. 

  803. 	if (!is_valid_domain_name($domain)) {
    804. 

  804. 		$_SESSION['return'] = array(
    805. 

  805. 			'type' => 'danger',
    806. 

  806. 			'msg' => sprintf($lang['danger']['domain_invalid'])
    807. 

  807. 		);
    808. 

  808. 		return false;
    809. 

  809. 	}
    810. 

  810. 

  811. 	try {
    812. 

  812. 		$stmt = $pdo->prepare("SELECT `mailboxes`, `maxquota`, `quota` FROM `domain`
    813. 

  813. 			WHERE `domain` = :domain");
    814. 

  814. 		$stmt->execute(array(':domain' => $domain));
    815. 

  815. 		$DomainData = $stmt->fetch(PDO::FETCH_ASSOC);
    816. 

  816. 	}
    817. 

  817. 	catch(PDOException $e) {
    818. 

  818. 		$_SESSION['return'] = array(
    819. 

  819. 			'type' => 'danger',
    820. 

  820. 			'msg' => 'MySQL: '.$e
    821. 

  821. 		);
    822. 

  822. 		return false;
    823. 

  823. 	}
    824. 

  824. 

  825. 	try {
    826. 

  826. 		$stmt = $pdo->prepare("SELECT 
    827. 

  827. 			COUNT(*) as count,
    828. 

  828. 			COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota`
    829. 

  829. 				FROM `mailbox`
    830. 

  830. 					WHERE `domain` = :domain");
    831. 

  831. 		$stmt->execute(array(':domain' => $domain));
    832. 

  832. 		$MailboxData = $stmt->fetch(PDO::FETCH_ASSOC);
    833. 

  833. 	}
    834. 

  834. 	catch(PDOException $e) {
    835. 

  835. 		$_SESSION['return'] = array(
    836. 

  836. 			'type' => 'danger',
    837. 

  837. 			'msg' => 'MySQL: '.$e
    838. 

  838. 		);
    839. 

  839. 		return false;
    840. 

  840. 	}
    841. 

  841. 

  842. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
    843. 

  843. 		$_SESSION['return'] = array(
    844. 

  844. 			'type' => 'danger',
    845. 

  845. 			'msg' => sprintf($lang['danger']['access_denied'])
    846. 

  846. 		);
    847. 

  847. 		return false;
    848. 

  848. 	}
    849. 

  849. 

  850. 	try {
    851. 

  851. 		$stmt = $pdo->prepare("SELECT `local_part` FROM `mailbox` WHERE `local_part` = :local_part and `domain`= :domain");
    852. 

  852. 		$stmt->execute(array(':local_part' => $local_part, ':domain' => $domain));
    853. 

  853. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    854. 

  854. 	}
    855. 

  855. 	catch(PDOException $e) {
    856. 

  856. 		$_SESSION['return'] = array(
    857. 

  857. 			'type' => 'danger',
    858. 

  858. 			'msg' => 'MySQL: '.$e
    859. 

  859. 		);
    860. 

  860. 		return false;
    861. 

  861. 	}
    862. 

  862. 	if ($num_results != 0) {
    863. 

  863. 		$_SESSION['return'] = array(
    864. 

  864. 			'type' => 'danger',
    865. 

  865. 			'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($username))
    866. 

  866. 		);
    867. 

  867. 		return false;
    868. 

  868. 	}
    869. 

  869. 

  870. 	try {
    871. 

  871. 		$stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE address= :username");
    872. 

  872. 		$stmt->execute(array(':username' => $username));
    873. 

  873. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    874. 

  874. 	}
    875. 

  875. 	catch(PDOException $e) {
    876. 

  876. 		$_SESSION['return'] = array(
    877. 

  877. 			'type' => 'danger',
    878. 

  878. 			'msg' => 'MySQL: '.$e
    879. 

  879. 		);
    880. 

  880. 		return false;
    881. 

  881. 	}
    882. 

  882. 	if ($num_results != 0) {
    883. 

  883. 		$_SESSION['return'] = array(
    884. 

  884. 			'type' => 'danger',
    885. 

  885. 			'msg' => sprintf($lang['danger']['is_alias'], htmlspecialchars($username))
    886. 

  886. 		);
    887. 

  887. 		return false;
    888. 

  888. 	}
    889. 

  889. 

  890. 	try {
    891. 

  891. 		$stmt = $pdo->prepare("SELECT `address` FROM `spamalias` WHERE `address`= :username");
    892. 

  892. 		$stmt->execute(array(':username' => $username));
    893. 

  893. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    894. 

  894. 	}
    895. 

  895. 	catch(PDOException $e) {
    896. 

  896. 		$_SESSION['return'] = array(
    897. 

  897. 			'type' => 'danger',
    898. 

  898. 			'msg' => 'MySQL: '.$e
    899. 

  899. 		);
    900. 

  900. 		return false;
    901. 

  901. 	}
    902. 

  902. 	if ($num_results != 0) {
    903. 

  903. 		$_SESSION['return'] = array(
    904. 

  904. 			'type' => 'danger',
    905. 

  905. 			'msg' => sprintf($lang['danger']['is_spam_alias'], htmlspecialchars($username))
    906. 

  906. 		);
    907. 

  907. 		return false;
    908. 

  908. 	}
    909. 

  909. 

  910. 	if (!is_numeric($quota_m) || $quota_m == "0") {
    911. 

  911. 		$_SESSION['return'] = array(
    912. 

  912. 			'type' => 'danger',
    913. 

  913. 			'msg' => sprintf($lang['danger']['quota_not_0_not_numeric'])
    914. 

  914. 		);
    915. 

  915. 		return false;
    916. 

  916. 	}
    917. 

  917. 

  918. 	if (!empty($password) && !empty($password2)) {
    919. 

  919. 		if ($password != $password2) {
    920. 

  920. 			$_SESSION['return'] = array(
    921. 

  921. 				'type' => 'danger',
    922. 

  922. 				'msg' => sprintf($lang['danger']['password_mismatch'])
    923. 

  923. 			);
    924. 

  924. 			return false;
    925. 

  925. 		}
    926. 

  926. 		$password_hashed = hash_password($password);
    927. 

  927. 	}
    928. 

  928. 	else {
    929. 

  929. 		$_SESSION['return'] = array(
    930. 

  930. 			'type' => 'danger',
    931. 

  931. 			'msg' => sprintf($lang['danger']['password_empty'])
    932. 

  932. 		);
    933. 

  933. 		return false;
    934. 

  934. 	}
    935. 

  935. 

  936. 	if ($MailboxData['count'] >= $DomainData['mailboxes']) {
    937. 

  937. 		$_SESSION['return'] = array(
    938. 

  938. 			'type' => 'danger',
    939. 

  939. 			'msg' => sprintf($lang['danger']['max_mailbox_exceeded'], $MailboxData['count'], $DomainData['mailboxes'])
    940. 

  940. 		);
    941. 

  941. 		return false;
    942. 

  942. 	}
    943. 

  943. 

  944. 	try {
    945. 

  945. 		$stmt = $pdo->prepare("SELECT `domain` FROM `domain` WHERE `domain`= :domain");
    946. 

  946. 		$stmt->execute(array(':domain' => $domain));
    947. 

  947. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    948. 

  948. 	}
    949. 

  949. 	catch(PDOException $e) {
    950. 

  950. 		$_SESSION['return'] = array(
    951. 

  951. 			'type' => 'danger',
    952. 

  952. 			'msg' => 'MySQL: '.$e
    953. 

  953. 		);
    954. 

  954. 		return false;
    955. 

  955. 	}
    956. 

  956. 	if ($num_results == 0) {
    957. 

  957. 		$_SESSION['return'] = array(
    958. 

  958. 			'type' => 'danger',
    959. 

  959.       'msg' => sprintf($lang['danger']['domain_not_found'], $domain)
    960. 

  960. 		);
    961. 

  961. 		return false;
    962. 

  962. 	}
    963. 

  963. 

  964. 	if ($quota_m > $DomainData['maxquota']) {
    965. 

  965. 		$_SESSION['return'] = array(
    966. 

  966. 			'type' => 'danger',
    967. 

  967. 			'msg' => sprintf($lang['danger']['mailbox_quota_exceeded'], $DomainData['maxquota'])
    968. 

  968. 		);
    969. 

  969. 		return false;
    970. 

  970. 	}
    971. 

  971. 

  972. 	if (($MailboxData['quota'] + $quota_m) > $DomainData['quota']) {
    973. 

  973. 		$quota_left_m = ($DomainData['quota'] - $MailboxData['quota']);
    974. 

  974. 		$_SESSION['return'] = array(
    975. 

  975. 			'type' => 'danger',
    976. 

  976. 			'msg' => sprintf($lang['danger']['mailbox_quota_left_exceeded'], $quota_left_m)
    977. 

  977. 		);
    978. 

  978. 		return false;
    979. 

  979. 	}
    980. 

  980. 

  981. 	try {
    982. 

  982. 		$stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `created`, `modified`, `active`) 
    983. 

  983. 			VALUES (:username, :password_hashed, :name, :maildir, :quota_b, :local_part, :domain, :created, :modified, :active)");
    984. 

  984. 		$stmt->execute(array(
    985. 

  985. 			':username' => $username,
    986. 

  986. 			':password_hashed' => $password_hashed,
    987. 

  987. 			':name' => $name,
    988. 

  988. 			':maildir' => $maildir,
    989. 

  989. 			':quota_b' => $quota_b,
    990. 

  990. 			':local_part' => $local_part,
    991. 

  991. 			':domain' => $domain,
    992. 

  992. 			':created' => date('Y-m-d H:i:s'),
    993. 

  993. 			':modified' => date('Y-m-d H:i:s'),
    994. 

  994. 			':active' => $active
    995. 

  995. 		));
    996. 

  996. 

  997. 		$stmt = $pdo->prepare("INSERT INTO `quota2` (`username`, `bytes`, `messages`)
    998. 

  998. 			VALUES (:username, '0', '0')");
    999. 

  999. 		$stmt->execute(array(':username' => $username));
    1000. 

  1000. 

  1001. 		$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `created`, `modified`, `active`)
    1002. 

  1002. 			VALUES (:username1, :username2, :domain, :created, :modified, :active)");
    1003. 

  1003. 		$stmt->execute(array(
    1004. 

  1004. 			':username1' => $username,
    1005. 

  1005. 			':username2' => $username,
    1006. 

  1006. 			':domain' => $domain,
    1007. 

  1007. 			':created' => date('Y-m-d H:i:s'),
    1008. 

  1008. 			':modified' => date('Y-m-d H:i:s'),
    1009. 

  1009. 			':active' => $active
    1010. 

  1010. 		));
    1011. 

  1011. 

  1012. 		$_SESSION['return'] = array(
    1013. 

  1013. 			'type' => 'success',
    1014. 

  1014. 			'msg' => sprintf($lang['success']['mailbox_added'], htmlspecialchars($username))
    1015. 

  1015. 		);
    1016. 

  1016. 	}
    1017. 

  1017. 	catch (PDOException $e) {
    1018. 

  1018. 		$_SESSION['return'] = array(
    1019. 

  1019. 			'type' => 'danger',
    1020. 

  1020. 			'msg' => 'MySQL: '.$e
    1021. 

  1021. 		);
    1022. 

  1022. 		return false;
    1023. 

  1023. 	}
    1024. 

  1024. }
    1025. 

  1025. function mailbox_edit_alias($postarray) {
    1026. 

  1026.   // Array elements
    1027. 

  1027.   // address            string
    1028. 

  1028.   // goto               string    (separated by " ", "," ";" "\n") - email address or domain
    1029. 

  1029.   // active             int
    1030. 

  1030. 	global $lang;
    1031. 

  1031. 	global $pdo;
    1032. 

  1032. 	$address      = $postarray['address'];
    1033. 

  1033. 	$domain       = idn_to_ascii(substr(strstr($address, '@'), 1));
    1034. 

  1034. 	$local_part   = strstr($address, '@', true);
    1035. 

  1035. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
    1036. 

  1036. 		$_SESSION['return'] = array(
    1037. 

  1037. 			'type' => 'danger',
    1038. 

  1038. 			'msg' => sprintf($lang['danger']['access_denied'])
    1039. 

  1039. 		);
    1040. 

  1040. 		return false;
    1041. 

  1041. 	}
    1042. 

  1042. 	if (empty($postarray['goto'])) {
    1043. 

  1043. 		$_SESSION['return'] = array(
    1044. 

  1044. 			'type' => 'danger',
    1045. 

  1045. 			'msg' => sprintf($lang['danger']['goto_empty'])
    1046. 

  1046. 		);
    1047. 

  1047. 		return false;
    1048. 

  1048. 	}
    1049. 

  1049. 	$gotos = array_map('trim', preg_split( "/( |,|;|\n)/", $postarray['goto']));
    1050. 

  1050. 	foreach ($gotos as &$goto) {
    1051. 

  1051. 		if (empty($goto)) {
    1052. 

  1052. 			continue;
    1053. 

  1053. 		}
    1054. 

  1054. 		if (!filter_var($goto, FILTER_VALIDATE_EMAIL)) {
    1055. 

  1055. 			$_SESSION['return'] = array(
    1056. 

  1056. 				'type' => 'danger',
    1057. 

  1057. 				'msg' =>sprintf($lang['danger']['goto_invalid'])
    1058. 

  1058. 			);
    1059. 

  1059. 			return false;
    1060. 

  1060. 		}
    1061. 

  1061. 		if ($goto == $address) {
    1062. 

  1062. 			$_SESSION['return'] = array(
    1063. 

  1063. 				'type' => 'danger',
    1064. 

  1064. 				'msg' => sprintf($lang['danger']['alias_goto_identical'])
    1065. 

  1065. 			);
    1066. 

  1066. 			return false;
    1067. 

  1067. 		}
    1068. 

  1068. 	}
    1069. 

  1069. 	$gotos = array_filter($gotos);
    1070. 

  1070. 	$goto = implode(",", $gotos);
    1071. 

  1071. 	isset($postarray['active']) ? $active = '1' : $active = '0';
    1072. 

  1072. 	if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) {
    1073. 

  1073. 		$_SESSION['return'] = array(
    1074. 

  1074. 			'type' => 'danger',
    1075. 

  1075. 			'msg' => sprintf($lang['danger']['alias_invalid'])
    1076. 

  1076. 		);
    1077. 

  1077. 		return false;
    1078. 

  1078. 	}
    1079. 

  1079. 

  1080. 	try {
    1081. 

  1081. 		$stmt = $pdo->prepare("UPDATE `alias` SET `goto` = :goto, `active`= :active WHERE `address` = :address");
    1082. 

  1082. 		$stmt->execute(array(
    1083. 

  1083. 			':goto' => $goto,
    1084. 

  1084. 			':active' => $active,
    1085. 

  1085. 			':address' => $address
    1086. 

  1086. 		));
    1087. 

  1087. 		$_SESSION['return'] = array(
    1088. 

  1088. 			'type' => 'success',
    1089. 

  1089. 		'msg' => sprintf($lang['success']['alias_modified'], htmlspecialchars($address))
    1090. 

  1090. 		);
    1091. 

  1091. 	}
    1092. 

  1092. 	catch (PDOException $e) {
    1093. 

  1093. 		$_SESSION['return'] = array(
    1094. 

  1094. 			'type' => 'danger',
    1095. 

  1095. 			'msg' => 'MySQL: '.$e
    1096. 

  1096. 		);
    1097. 

  1097. 		return false;
    1098. 

  1098. 	}
    1099. 

  1099. }
    1100. 

  1100. function mailbox_edit_domain($postarray) {
    1101. 

  1101.   // Array elements
    1102. 

  1102.   // domain                 string
    1103. 

  1103.   // description            string
    1104. 

  1104.   // active                 int
    1105. 

  1105.   // relay_all_recipients   int
    1106. 

  1106.   // backupmx               int
    1107. 

  1107.   // aliases                float
    1108. 

  1108.   // mailboxes              float
    1109. 

  1109.   // maxquota               float
    1110. 

  1110.   // quota                  float     (Byte)
    1111. 

  1111.   // active                 int
    1112. 

  1112. 

  1113. 	global $lang;
    1114. 

  1114. 	global $pdo;
    1115. 

  1115. 	$domain       = idn_to_ascii($postarray['domain']);
    1116. 

  1116. 	$description  = $postarray['description'];
    1117. 

  1117. 

  1118. 	$aliases		= filter_var($postarray['aliases'], FILTER_SANITIZE_NUMBER_FLOAT);
    1119. 

  1119. 	$mailboxes  = filter_var($postarray['mailboxes'], FILTER_SANITIZE_NUMBER_FLOAT);
    1120. 

  1120. 	$maxquota		= filter_var($postarray['maxquota'], FILTER_SANITIZE_NUMBER_FLOAT);
    1121. 

  1121. 	$quota			= filter_var($postarray['quota'], FILTER_SANITIZE_NUMBER_FLOAT);
    1122. 

  1122. 

  1123. 	isset($postarray['relay_all_recipients']) ? $relay_all_recipients = '1' : $relay_all_recipients = '0';
    1124. 

  1124. 	isset($postarray['backupmx']) ? $backupmx = '1' : $backupmx = '0';
    1125. 

  1125. 	isset($postarray['relay_all_recipients']) ? $backupmx = '1' : true;
    1126. 

  1126. 	isset($postarray['active']) ? $active = '1' : $active = '0';
    1127. 

  1127. 

  1128. 	try {
    1129. 

  1129. 		$stmt = $pdo->prepare("SELECT 
    1130. 

  1130. 				COUNT(*) AS count,
    1131. 

  1131. 				MAX(COALESCE(ROUND(`quota`/1048576), 0)) AS `maxquota`,
    1132. 

  1132. 				COALESCE(ROUND(SUM(`quota`)/1048576), 0) AS `quota`
    1133. 

  1133. 					FROM `mailbox`
    1134. 

  1134. 						WHERE domain= :domain");
    1135. 

  1135. 		$stmt->execute(array(':domain' => $domain));
    1136. 

  1136. 		$MailboxData = $stmt->fetch(PDO::FETCH_ASSOC);
    1137. 

  1137. 	}
    1138. 

  1138. 	catch(PDOException $e) {
    1139. 

  1139. 		$_SESSION['return'] = array(
    1140. 

  1140. 			'type' => 'danger',
    1141. 

  1141. 			'msg' => 'MySQL: '.$e
    1142. 

  1142. 		);
    1143. 

  1143. 		return false;
    1144. 

  1144. 	}
    1145. 

  1145. 

  1146. 

  1147. 	try {
    1148. 

  1148. 		$stmt = $pdo->prepare("SELECT COUNT(*) AS `count` FROM `alias`
    1149. 

  1149. 				WHERE domain = :domain
    1150. 

  1150. 				AND address NOT IN (
    1151. 

  1151. 					SELECT `username` FROM `mailbox`
    1152. 

  1152. 				)");
    1153. 

  1153. 		$stmt->execute(array(':domain' => $domain));
    1154. 

  1154. 		$AliasData = $stmt->fetch(PDO::FETCH_ASSOC);
    1155. 

  1155. 	}
    1156. 

  1156. 	catch(PDOException $e) {
    1157. 

  1157. 		$_SESSION['return'] = array(
    1158. 

  1158. 			'type' => 'danger',
    1159. 

  1159. 			'msg' => 'MySQL: '.$e
    1160. 

  1160. 		);
    1161. 

  1161. 		return false;
    1162. 

  1162. 	}
    1163. 

  1163. 

  1164. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
    1165. 

  1165. 		$_SESSION['return'] = array(
    1166. 

  1166. 			'type' => 'danger',
    1167. 

  1167. 			'msg' => sprintf($lang['danger']['access_denied'])
    1168. 

  1168. 		);
    1169. 

  1169. 		return false;
    1170. 

  1170. 	}
    1171. 

  1171. 	
    1172. 

  1172. 	if ($maxquota > $quota) {
    1173. 

  1173. 		$_SESSION['return'] = array(
    1174. 

  1174. 			'type' => 'danger',
    1175. 

  1175. 			'msg' => sprintf($lang['danger']['mailbox_quota_exceeds_domain_quota'])
    1176. 

  1176. 		);
    1177. 

  1177. 		return false;
    1178. 

  1178. 	}
    1179. 

  1179. 	
    1180. 

  1180. 	if ($MailboxData['maxquota'] > $maxquota) {
    1181. 

  1181. 		$_SESSION['return'] = array(
    1182. 

  1182. 			'type' => 'danger',
    1183. 

  1183. 			'msg' => sprintf($lang['danger']['max_quota_in_use'], $MailboxData['maxquota'])
    1184. 

  1184. 		);
    1185. 

  1185. 		return false;
    1186. 

  1186. 	}
    1187. 

  1187. 	
    1188. 

  1188. 	if ($MailboxData['quota'] > $quota) {
    1189. 

  1189. 		$_SESSION['return'] = array(
    1190. 

  1190. 			'type' => 'danger',
    1191. 

  1191. 			'msg' => sprintf($lang['danger']['domain_quota_m_in_use'], $MailboxData['quota'])
    1192. 

  1192. 		);
    1193. 

  1193. 		return false;
    1194. 

  1194. 	}
    1195. 

  1195. 	
    1196. 

  1196. 	if ($MailboxData['count'] > $mailboxes) {
    1197. 

  1197. 		$_SESSION['return'] = array(
    1198. 

  1198. 			'type' => 'danger',
    1199. 

  1199. 			'msg' => sprintf($lang['danger']['mailboxes_in_use'], $MailboxData['count'])
    1200. 

  1200. 		);
    1201. 

  1201. 		return false;
    1202. 

  1202. 	}
    1203. 

  1203. 	
    1204. 

  1204. 	if ($AliasData['count'] > $aliases) {
    1205. 

  1205. 		$_SESSION['return'] = array(
    1206. 

  1206. 			'type' => 'danger',
    1207. 

  1207. 			'msg' => sprintf($lang['danger']['aliases_in_use'], $AliasData['count'])
    1208. 

  1208. 		);
    1209. 

  1209. 		return false;
    1210. 

  1210. 	}
    1211. 

  1211. 

  1212. 	if (!is_valid_domain_name($domain)) {
    1213. 

  1213. 		$_SESSION['return'] = array(
    1214. 

  1214. 			'type' => 'danger',
    1215. 

  1215. 			'msg' => sprintf($lang['danger']['domain_invalid'])
    1216. 

  1216. 		);
    1217. 

  1217. 		return false;
    1218. 

  1218. 	}
    1219. 

  1219. 	try {
    1220. 

  1220. 		$stmt = $pdo->prepare("UPDATE `domain` SET 
    1221. 

  1221. 		`modified`= :modified,
    1222. 

  1222. 		`relay_all_recipients` = :relay_all_recipients,
    1223. 

  1223. 		`backupmx` = :backupmx,
    1224. 

  1224. 		`active` = :active,
    1225. 

  1225. 		`quota` = :quota,
    1226. 

  1226. 		`maxquota` = :maxquota,
    1227. 

  1227. 		`mailboxes` = :mailboxes,
    1228. 

  1228. 		`aliases` = :aliases,
    1229. 

  1229. 		`description` = :description
    1230. 

  1230. 			WHERE `domain` = :domain");
    1231. 

  1231. 		$stmt->execute(array(
    1232. 

  1232. 			':relay_all_recipients' => $relay_all_recipients,
    1233. 

  1233. 			':backupmx' => $backupmx,
    1234. 

  1234. 			':active' => $active,
    1235. 

  1235. 			':quota' => $quota,
    1236. 

  1236. 			':maxquota' => $maxquota,
    1237. 

  1237. 			':mailboxes' => $mailboxes,
    1238. 

  1238. 			':aliases' => $aliases,
    1239. 

  1239. 			':modified' => date('Y-m-d H:i:s'),
    1240. 

  1240. 			':description' => $description,
    1241. 

  1241. 			':domain' => $domain
    1242. 

  1242. 		));
    1243. 

  1243. 		$_SESSION['return'] = array(
    1244. 

  1244. 			'type' => 'success',
    1245. 

  1245. 			'msg' => sprintf($lang['success']['domain_modified'], htmlspecialchars($domain))
    1246. 

  1246. 		);
    1247. 

  1247. 	}
    1248. 

  1248. 	catch (PDOException $e) {
    1249. 

  1249. 		$_SESSION['return'] = array(
    1250. 

  1250. 			'type' => 'danger',
    1251. 

  1251. 			'msg' => 'MySQL: '.$e
    1252. 

  1252. 		);
    1253. 

  1253. 		return false;
    1254. 

  1254. 	}
    1255. 

  1255. 

  1256. }
    1257. 

  1257. function mailbox_get_mailboxes($domain) {
    1258. 

  1258. 	global $lang;
    1259. 

  1259. 	global $pdo;
    1260. 

  1260.   $mailboxes = array();
    1261. 

  1261. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
    1262. 

  1262. 		$_SESSION['return'] = array(
    1263. 

  1263. 			'type' => 'danger',
    1264. 

  1264. 			'msg' => sprintf($lang['danger']['access_denied'])
    1265. 

  1265. 		);
    1266. 

  1266. 		return false;
    1267. 

  1267. 	}
    1268. 

  1268.   try {
    1269. 

  1269.     $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `domain` != 'ALL' AND `domain` = :domain");
    1270. 

  1270.     $stmt->execute(array(
    1271. 

  1271.       ':domain' => $domain,
    1272. 

  1272.     ));
    1273. 

  1273.     $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    1274. 

  1274.     while($row = array_shift($rows)) {
    1275. 

  1275.       $mailboxes[] = $row['username'];
    1276. 

  1276.     }
    1277. 

  1277.   }
    1278. 

  1278.   catch (PDOException $e) {
    1279. 

  1279.     $_SESSION['return'] = array(
    1280. 

  1280.       'type' => 'danger',
    1281. 

  1281.       'msg' => 'MySQL: '.$e
    1282. 

  1282.     );
    1283. 

  1283.     return false;
    1284. 

  1284.   }
    1285. 

  1285.   return $mailboxes;
    1286. 

  1286. }
    1287. 

  1287. function mailbox_get_alias_domains($domain) {
    1288. 

  1288. 	global $lang;
    1289. 

  1289. 	global $pdo;
    1290. 

  1290.   $aliasdomains = array();
    1291. 

  1291. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
    1292. 

  1292. 		$_SESSION['return'] = array(
    1293. 

  1293. 			'type' => 'danger',
    1294. 

  1294. 			'msg' => sprintf($lang['danger']['access_denied'])
    1295. 

  1295. 		);
    1296. 

  1296. 		return false;
    1297. 

  1297. 	}
    1298. 

  1298. 

  1299.   try {
    1300. 

  1300.     $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = :domain");
    1301. 

  1301.     $stmt->execute(array(
    1302. 

  1302.       ':domain' => $domain,
    1303. 

  1303.     ));
    1304. 

  1304.     $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    1305. 

  1305.     while($row = array_shift($rows)) {
    1306. 

  1306.       $aliasdomains[] = $row['alias_domain'];
    1307. 

  1307.     }
    1308. 

  1308.   }
    1309. 

  1309.   catch (PDOException $e) {
    1310. 

  1310.     $_SESSION['return'] = array(
    1311. 

  1311.       'type' => 'danger',
    1312. 

  1312.       'msg' => 'MySQL: '.$e
    1313. 

  1313.     );
    1314. 

  1314.     return false;
    1315. 

  1315.   }
    1316. 

  1316.   return $aliasdomains;
    1317. 

  1317. }
    1318. 

  1318. function mailbox_get_aliases($domain) {
    1319. 

  1319. 	global $lang;
    1320. 

  1320. 	global $pdo;
    1321. 

  1321.   $aliases = array();
    1322. 

  1322. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
    1323. 

  1323. 		$_SESSION['return'] = array(
    1324. 

  1324. 			'type' => 'danger',
    1325. 

  1325. 			'msg' => sprintf($lang['danger']['access_denied'])
    1326. 

  1326. 		);
    1327. 

  1327. 		return false;
    1328. 

  1328. 	}
    1329. 

  1329. 

  1330.   try {
    1331. 

  1331.     $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `address` != `goto` AND `domain` = :domain");
    1332. 

  1332.     $stmt->execute(array(
    1333. 

  1333.       ':domain' => $domain,
    1334. 

  1334.     ));
    1335. 

  1335.     $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    1336. 

  1336.     while($row = array_shift($rows)) {
    1337. 

  1337.       $aliases[] = $row['address'];
    1338. 

  1338.     }
    1339. 

  1339.   }
    1340. 

  1340.   catch (PDOException $e) {
    1341. 

  1341.     $_SESSION['return'] = array(
    1342. 

  1342.       'type' => 'danger',
    1343. 

  1343.       'msg' => 'MySQL: '.$e
    1344. 

  1344.     );
    1345. 

  1345.     return false;
    1346. 

  1346.   }
    1347. 

  1347.   return $aliases;
    1348. 

  1348. }
    1349. 

  1349. function mailbox_get_alias_details($address) {
    1350. 

  1350. 	global $lang;
    1351. 

  1351. 	global $pdo;
    1352. 

  1352.   $aliasdata = array();
    1353. 

  1353.   try {
    1354. 

  1354.     $stmt = $pdo->prepare("SELECT
    1355. 

  1355.       `domain`,
    1356. 

  1356.       `goto`,
    1357. 

  1357.       `address`,
    1358. 

  1358.       CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
    1359. 

  1359.       `created`,
    1360. 

  1360.       `modified`
    1361. 

  1361.         FROM `alias`
    1362. 

  1362.             WHERE `address` = :address AND `address` != `goto`");
    1363. 

  1363.     $stmt->execute(array(
    1364. 

  1364.       ':address' => $address,
    1365. 

  1365.     ));
    1366. 

  1366.     $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    1367. 

  1367.     while($row = array_shift($rows)) {
    1368. 

  1368.       $aliasdata['domain'] = $row['domain'];
    1369. 

  1369.       $aliasdata['goto'] = $row['goto'];
    1370. 

  1370.       $aliasdata['address'] = $row['address'];
    1371. 

  1371.       (!filter_var($aliasdata['address'], FILTER_VALIDATE_EMAIL)) ? $aliasdata['is_catch_all'] = 1 : $aliasdata['is_catch_all'] = 0;
    1372. 

  1372.       $aliasdata['active'] = $row['active'];
    1373. 

  1373.       $aliasdata['created'] = $row['created'];
    1374. 

  1374.       $aliasdata['modified'] = $row['modified'];
    1375. 

  1375.     }
    1376. 

  1376.   }
    1377. 

  1377.   catch (PDOException $e) {
    1378. 

  1378.     $_SESSION['return'] = array(
    1379. 

  1379.       'type' => 'danger',
    1380. 

  1380.       'msg' => 'MySQL: '.$e
    1381. 

  1381.     );
    1382. 

  1382.     return false;
    1383. 

  1383.   }
    1384. 

  1384.   if (isset($aliasdata['domain']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $aliasdata['domain'])) {
    1385. 

  1385.     $_SESSION['return'] = array(
    1386. 

  1386.       'type' => 'danger',
    1387. 

  1387.       'msg' => sprintf($lang['danger']['access_denied'])
    1388. 

  1388.     );
    1389. 

  1389.     return false;
    1390. 

  1390.   }
    1391. 

  1391.   return $aliasdata;
    1392. 

  1392. }
    1393. 

  1393. function mailbox_get_alias_domain_details($aliasdomain) {
    1394. 

  1394. 	global $lang;
    1395. 

  1395. 	global $pdo;
    1396. 

  1396.   $aliasdomaindata = array();
    1397. 

  1397.   try {
    1398. 

  1398.     $stmt = $pdo->prepare("SELECT
    1399. 

  1399.       `alias_domain`,
    1400. 

  1400.       `target_domain`,
    1401. 

  1401.       CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
    1402. 

  1402.       `created`,
    1403. 

  1403.       `modified`
    1404. 

  1404.         FROM `alias_domain`
    1405. 

  1405.             WHERE `alias_domain` = :aliasdomain");
    1406. 

  1406.     $stmt->execute(array(
    1407. 

  1407.       ':aliasdomain' => $aliasdomain,
    1408. 

  1408.     ));
    1409. 

  1409.     $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    1410. 

  1410.     while($row = array_shift($rows)) {
    1411. 

  1411.       $aliasdomaindata['alias_domain'] = $row['alias_domain'];
    1412. 

  1412.       $aliasdomaindata['target_domain'] = $row['target_domain'];
    1413. 

  1413.       $aliasdomaindata['active'] = $row['active'];
    1414. 

  1414.       $aliasdomaindata['created'] = $row['created'];
    1415. 

  1415.       $aliasdomaindata['modified'] = $row['modified'];
    1416. 

  1416.     }
    1417. 

  1417.   }
    1418. 

  1418.   catch (PDOException $e) {
    1419. 

  1419.     $_SESSION['return'] = array(
    1420. 

  1420.       'type' => 'danger',
    1421. 

  1421.       'msg' => 'MySQL: '.$e
    1422. 

  1422.     );
    1423. 

  1423.     return false;
    1424. 

  1424.   }
    1425. 

  1425.   if (isset($aliasdomaindata['target_domain']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $aliasdomaindata['target_domain'])) {
    1426. 

  1426.     $_SESSION['return'] = array(
    1427. 

  1427.       'type' => 'danger',
    1428. 

  1428.       'msg' => sprintf($lang['danger']['access_denied'])
    1429. 

  1429.     );
    1430. 

  1430.     return false;
    1431. 

  1431.   }
    1432. 

  1432.   return $aliasdomaindata;
    1433. 

  1433. }
    1434. 

  1434. function mailbox_get_domains() {
    1435. 

  1435. 	global $lang;
    1436. 

  1436. 	global $pdo;
    1437. 

  1437. 

  1438.   try {
    1439. 

  1439.     $domains = array();
    1440. 

  1440.     $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
    1441. 

  1441.       WHERE (`domain` IN (
    1442. 

  1442.         SELECT `domain` from `domain_admins`
    1443. 

  1443.           WHERE (`active`='1' AND `username` = :username))
    1444. 

  1444.         )
    1445. 

  1445.         OR ('admin'= :role)
    1446. 

  1446.         AND `domain` != 'ALL'");
    1447. 

  1447.     $stmt->execute(array(
    1448. 

  1448.       ':username' => $_SESSION['mailcow_cc_username'],
    1449. 

  1449.       ':role' => $_SESSION['mailcow_cc_role'],
    1450. 

  1450.     ));
    1451. 

  1451.     $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    1452. 

  1452.     while($row = array_shift($rows)) {
    1453. 

  1453.       $domains[] = $row['domain'];
    1454. 

  1454.     }
    1455. 

  1455.   }
    1456. 

  1456.   catch (PDOException $e) {
    1457. 

  1457.     $_SESSION['return'] = array(
    1458. 

  1458.       'type' => 'danger',
    1459. 

  1459.       'msg' => 'MySQL: '.$e
    1460. 

  1460.     );
    1461. 

  1461.     return false;
    1462. 

  1462.   }
    1463. 

  1463.   return $domains;
    1464. 

  1464. }
    1465. 

  1465. function mailbox_get_domain_details($domain) {
    1466. 

  1466. 	global $lang;
    1467. 

  1467. 	global $pdo;
    1468. 

  1468. 

  1469. 	$domain = idn_to_ascii(strtolower(trim($domain)));
    1470. 

  1470. 

  1471. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
    1472. 

  1472. 		$_SESSION['return'] = array(
    1473. 

  1473. 			'type' => 'danger',
    1474. 

  1474. 			'msg' => sprintf($lang['danger']['access_denied'])
    1475. 

  1475. 		);
    1476. 

  1476. 		return false;
    1477. 

  1477. 	}
    1478. 

  1478. 

  1479.   try {
    1480. 

  1480.     $stmt = $pdo->prepare("SELECT 
    1481. 

  1481.         `domain`,
    1482. 

  1482.         `aliases`,
    1483. 

  1483.         `mailboxes`, 
    1484. 

  1484.         `maxquota`,
    1485. 

  1485.         `quota`,
    1486. 

  1486.         CASE `backupmx` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `backupmx`,
    1487. 

  1487.         CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
    1488. 

  1488.           FROM `domain` WHERE `domain`= :domain");
    1489. 

  1489.     $stmt->execute(array(
    1490. 

  1490.       ':domain' => $domain,
    1491. 

  1491.     ));
    1492. 

  1492.     $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    1493. 

  1493.     while($row = array_shift($rows)) {
    1494. 

  1494.       $domaindata['domain_name'] = $row['domain'];
    1495. 

  1495.       $domaindata['max_num_aliases_for_domain'] = $row['aliases'];
    1496. 

  1496.       $domaindata['max_num_mboxes_for_domain'] = $row['mailboxes'];
    1497. 

  1497.       $domaindata['max_quota_for_mbox'] = formatBytes(intval($row['maxquota'] * 1048576), 2);
    1498. 

  1498.       $domaindata['max_quota_for_domain'] = formatBytes(intval($row['quota'] * 1048576), 2);
    1499. 

  1499.       $domaindata['backupmx'] = $row['backupmx'];
    1500. 

  1500.       $domaindata['active'] = $row['active'];
    1501. 

  1501.     }
    1502. 

  1502. 

  1503.     $stmt = $pdo->prepare("SELECT COUNT(*) AS `alias_count` FROM `alias`
    1504. 

  1504.       WHERE `domain`= :domain
    1505. 

  1505.         AND `address` NOT IN (
    1506. 

  1506.           SELECT `username` FROM `mailbox`
    1507. 

  1507.         )");
    1508. 

  1508.     $stmt->execute(array(
    1509. 

  1509.       ':domain' => $domain,
    1510. 

  1510.     ));
    1511. 

  1511.     $row = $stmt->fetchAll();
    1512. 

  1512.     $domaindata['aliases_in_domain'] = $row[0]['alias_count'];
    1513. 

  1513. 

  1514.     $stmt = $pdo->prepare("SELECT COUNT(`username`) AS `mailbox_count`, SUM(`quota`) AS `quota` FROM `mailbox`
    1515. 

  1515.         WHERE `domain` = :domain");
    1516. 

  1516.     $stmt->execute(array(
    1517. 

  1517.       ':domain' => $domain,
    1518. 

  1518.     ));
    1519. 

  1519.     $row = $stmt->fetchAll();
    1520. 

  1520.     $domaindata['mboxes_in_domain'] = $row[0]['mailbox_count'];
    1521. 

  1521.     $domaindata['quota_used_in_domain'] = formatBytes(intval($row[0]['quota']), 2);
    1522. 

  1522.   }
    1523. 

  1523.   catch (PDOException $e) {
    1524. 

  1524.     $_SESSION['return'] = array(
    1525. 

  1525.       'type' => 'danger',
    1526. 

  1526.       'msg' => 'MySQL: '.$e
    1527. 

  1527.     );
    1528. 

  1528.     return false;
    1529. 

  1529.   }
    1530. 

  1530. 

  1531.   return $domaindata;
    1532. 

  1532. }
    1533. 

  1533. function mailbox_get_mailbox_details($mailbox) {
    1534. 

  1534. 	global $lang;
    1535. 

  1535. 	global $pdo;
    1536. 

  1536.   try {
    1537. 

  1537.     $stmt = $pdo->prepare("SELECT
    1538. 

  1538.         `domain`.`backupmx`,
    1539. 

  1539.         `mailbox`.`username`,
    1540. 

  1540.         `mailbox`.`name`,
    1541. 

  1541.         CASE `mailbox`.`active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
    1542. 

  1542.         `mailbox`.`domain`,
    1543. 

  1543.         `mailbox`.`quota`,
    1544. 

  1544.         `quota2`.`bytes`,
    1545. 

  1545.         `quota2`.`messages`
    1546. 

  1546.           FROM `mailbox`, `quota2`, `domain`
    1547. 

  1547.             WHERE `mailbox`.`username` = `quota2`.`username` AND `domain`.`domain` = `mailbox`.`domain` AND `mailbox`.`username` = :mailbox");
    1548. 

  1548.     $stmt->execute(array(
    1549. 

  1549.       ':mailbox' => $mailbox,
    1550. 

  1550.     ));
    1551. 

  1551.     $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    1552. 

  1552.     while($row = array_shift($rows)) {
    1553. 

  1553.       $mailboxdata['username'] = $row['username'];
    1554. 

  1554.       $mailboxdata['is_relayed'] = $row['backupmx'];
    1555. 

  1555.       $mailboxdata['name'] = $row['name'];
    1556. 

  1556.       $mailboxdata['active'] = $row['active'];
    1557. 

  1557.       $mailboxdata['domain'] = $row['domain'];
    1558. 

  1558.       $mailboxdata['quota'] = formatBytes(intval($row['quota']), 2);
    1559. 

  1559.       $mailboxdata['quota_used'] = formatBytes(intval($row['bytes']), 2);
    1560. 

  1560.       $mailboxdata['percent_in_use'] = round((intval($row['bytes']) / intval($row['quota'])) * 100);
    1561. 

  1561.       $mailboxdata['messages'] = $row['messages'];
    1562. 

  1562.       if ($mailboxdata['percent_in_use'] >= 90) {
    1563. 

  1563.         $mailboxdata['percent_class'] = "danger";
    1564. 

  1564.       }
    1565. 

  1565.       elseif ($mailboxdata['percent_in_use'] >= 75) {
    1566. 

  1566.         $mailboxdata['percent_class'] = "warning";
    1567. 

  1567.       }
    1568. 

  1568.       else {
    1569. 

  1569.         $mailboxdata['percent_class'] = "success";
    1570. 

  1570.       }
    1571. 

  1571.     }
    1572. 

  1572.   }
    1573. 

  1573.   catch (PDOException $e) {
    1574. 

  1574.     $_SESSION['return'] = array(
    1575. 

  1575.       'type' => 'danger',
    1576. 

  1576.       'msg' => 'MySQL: '.$e
    1577. 

  1577.     );
    1578. 

  1578.     return false;
    1579. 

  1579.   }
    1580. 

  1580.   if (isset($mailboxdata['domain']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $mailboxdata['domain'])) {
    1581. 

  1581.     $_SESSION['return'] = array(
    1582. 

  1582.       'type' => 'danger',
    1583. 

  1583.       'msg' => sprintf($lang['danger']['access_denied'])
    1584. 

  1584.     );
    1585. 

  1585.     return false;
    1586. 

  1586.   }
    1587. 

  1587.   return $mailboxdata;
    1588. 

  1588. }
    1589. 

  1589. function mailbox_edit_mailbox($postarray) {
    1590. 

  1590. 	global $lang;
    1591. 

  1591. 	global $pdo;
    1592. 

  1592. 	isset($postarray['active']) ? $active = '1' : $active = '0';
    1593. 

  1593. 	if (!filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) {
    1594. 

  1594. 		$_SESSION['return'] = array(
    1595. 

  1595. 			'type' => 'danger',
    1596. 

  1596. 			'msg' => sprintf($lang['danger']['username_invalid'])
    1597. 

  1597. 		);
    1598. 

  1598. 		return false;
    1599. 

  1599. 	}
    1600. 

  1600. 	$quota_m		= $postarray['quota'];
    1601. 

  1601. 	$quota_b		= $quota_m*1048576;
    1602. 

  1602. 	$username		= $postarray['username'];
    1603. 

  1603. 	$name			= $postarray['name'];
    1604. 

  1604. 	$password		= $postarray['password'];
    1605. 

  1605. 	$password2		= $postarray['password2'];
    1606. 

  1606. 

  1607. 	try {
    1608. 

  1608. 		$stmt = $pdo->prepare("SELECT `domain`
    1609. 

  1609. 			FROM `mailbox`
    1610. 

  1610. 				WHERE username = :username");
    1611. 

  1611. 		$stmt->execute(array(':username' => $username));
    1612. 

  1612. 		$MailboxData1 = $stmt->fetch(PDO::FETCH_ASSOC);
    1613. 

  1613. 

  1614. 		$stmt = $pdo->prepare("SELECT 
    1615. 

  1615. 			COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota_m_now`
    1616. 

  1616. 				FROM `mailbox`
    1617. 

  1617. 					WHERE `username` = :username");
    1618. 

  1618. 		$stmt->execute(array(':username' => $username));
    1619. 

  1619. 		$MailboxData2 = $stmt->fetch(PDO::FETCH_ASSOC);
    1620. 

  1620. 

  1621. 		$stmt = $pdo->prepare("SELECT 
    1622. 

  1622. 			COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota_m_in_use`
    1623. 

  1623. 				FROM `mailbox`
    1624. 

  1624. 					WHERE `domain` = :domain");
    1625. 

  1625. 		$stmt->execute(array(':domain' => $MailboxData1['domain']));
    1626. 

  1626. 		$MailboxData3 = $stmt->fetch(PDO::FETCH_ASSOC);
    1627. 

  1627. 

  1628. 		$stmt = $pdo->prepare("SELECT `quota`, `maxquota`
    1629. 

  1629. 			FROM `domain`
    1630. 

  1630. 				WHERE `domain` = :domain");
    1631. 

  1631. 		$stmt->execute(array(':domain' => $MailboxData1['domain']));
    1632. 

  1632. 		$DomainData = $stmt->fetch(PDO::FETCH_ASSOC);
    1633. 

  1633. 	}
    1634. 

  1634. 	catch(PDOException $e) {
    1635. 

  1635. 		$_SESSION['return'] = array(
    1636. 

  1636. 			'type' => 'danger',
    1637. 

  1637. 			'msg' => 'MySQL: '.$e
    1638. 

  1638. 		);
    1639. 

  1639. 		return false;
    1640. 

  1640. 	}
    1641. 

  1641. 

  1642. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $MailboxData1['domain'])) {
    1643. 

  1643. 		$_SESSION['return'] = array(
    1644. 

  1644. 			'type' => 'danger',
    1645. 

  1645. 			'msg' => sprintf($lang['danger']['access_denied'])
    1646. 

  1646. 		);
    1647. 

  1647. 		return false;
    1648. 

  1648. 	}
    1649. 

  1649. 	if (!is_numeric($quota_m) || $quota_m == "0") {
    1650. 

  1650. 		$_SESSION['return'] = array(
    1651. 

  1651. 			'type' => 'danger',
    1652. 

  1652. 			'msg' => sprintf($lang['danger']['quota_not_0_not_numeric'], htmlspecialchars($quota_m))
    1653. 

  1653. 		);
    1654. 

  1654. 		return false;
    1655. 

  1655. 	}
    1656. 

  1656. 	if ($quota_m > $DomainData['maxquota']) {
    1657. 

  1657. 		$_SESSION['return'] = array(
    1658. 

  1658. 			'type' => 'danger',
    1659. 

  1659. 			'msg' => sprintf($lang['danger']['mailbox_quota_exceeded'], $DomainData['maxquota'])
    1660. 

  1660. 		);
    1661. 

  1661. 		return false;
    1662. 

  1662. 	}
    1663. 

  1663. 	if (($MailboxData3['quota_m_in_use'] - $MailboxData2['quota_m_now'] + $quota_m) > $DomainData['quota']) {
    1664. 

  1664. 		$quota_left_m = ($DomainData['quota'] - $MailboxData3['quota_m_in_use'] + $MailboxData2['quota_m_now']);
    1665. 

  1665. 		$_SESSION['return'] = array(
    1666. 

  1666. 			'type' => 'danger',
    1667. 

  1667. 			'msg' => sprintf($lang['danger']['mailbox_quota_left_exceeded'], $quota_left_m)
    1668. 

  1668. 		);
    1669. 

  1669. 		return false;
    1670. 

  1670. 	}
    1671. 

  1671. 

  1672. 	try {
    1673. 

  1673. 		$stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username");
    1674. 

  1674. 		$stmt->execute(array(
    1675. 

  1675. 			':username' => $username
    1676. 

  1676. 		));
    1677. 

  1677. 	}
    1678. 

  1678. 	catch (PDOException $e) {
    1679. 

  1679. 		$_SESSION['return'] = array(
    1680. 

  1680. 			'type' => 'danger',
    1681. 

  1681. 			'msg' => 'MySQL: '.$e
    1682. 

  1682. 		);
    1683. 

  1683. 		return false;
    1684. 

  1684. 	}
    1685. 

  1685. 	if (isset($postarray['sender_acl']) && is_array($postarray['sender_acl'])) {
    1686. 

  1686. 		foreach ($postarray['sender_acl'] as $sender_acl) {
    1687. 

  1687. 			if (!filter_var($sender_acl, FILTER_VALIDATE_EMAIL) && 
    1688. 

  1688. 				!is_valid_domain_name(str_replace('@', '', $sender_acl))) {
    1689. 

  1689. 					$_SESSION['return'] = array(
    1690. 

  1690. 						'type' => 'danger',
    1691. 

  1691. 						'msg' => sprintf($lang['danger']['sender_acl_invalid'])
    1692. 

  1692. 					);
    1693. 

  1693. 					return false;
    1694. 

  1694. 			}
    1695. 

  1695. 		}
    1696. 

  1696. 		foreach ($postarray['sender_acl'] as $sender_acl) {
    1697. 

  1697. 			try {
    1698. 

  1698. 				$stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`)
    1699. 

  1699. 					VALUES (:sender_acl, :username)");
    1700. 

  1700. 				$stmt->execute(array(
    1701. 

  1701. 					':sender_acl' => $sender_acl,
    1702. 

  1702. 					':username' => $username
    1703. 

  1703. 				));
    1704. 

  1704. 			}
    1705. 

  1705. 			catch (PDOException $e) {
    1706. 

  1706. 				$_SESSION['return'] = array(
    1707. 

  1707. 					'type' => 'danger',
    1708. 

  1708. 					'msg' => 'MySQL: '.$e
    1709. 

  1709. 				);
    1710. 

  1710. 				return false;
    1711. 

  1711. 			}
    1712. 

  1712. 		}
    1713. 

  1713. 	}
    1714. 

  1714. 	if (!empty($password) && !empty($password2)) {
    1715. 

  1715. 		if ($password != $password2) {
    1716. 

  1716. 			$_SESSION['return'] = array(
    1717. 

  1717. 				'type' => 'danger',
    1718. 

  1718. 				'msg' => sprintf($lang['danger']['password_mismatch'])
    1719. 

  1719. 			);
    1720. 

  1720. 			return false;
    1721. 

  1721. 		}
    1722. 

  1722. 		$password_hashed = hash_password($password);
    1723. 

  1723. 		try {
    1724. 

  1724. 			$stmt = $pdo->prepare("UPDATE `alias` SET
    1725. 

  1725. 					`modified` = :modified,
    1726. 

  1726. 					`active` = :active
    1727. 

  1727. 						WHERE `address` = :address");
    1728. 

  1728. 			$stmt->execute(array(
    1729. 

  1729. 				':address' => $username,
    1730. 

  1730. 				':modified' => date('Y-m-d H:i:s'),
    1731. 

  1731. 				':active' => $active
    1732. 

  1732. 			));
    1733. 

  1733. 			$stmt = $pdo->prepare("UPDATE `mailbox` SET
    1734. 

  1734. 					`modified` = :modified,
    1735. 

  1735. 					`active` = :active,
    1736. 

  1736. 					`password` = :password_hashed,
    1737. 

  1737. 					`name`= :name,
    1738. 

  1738. 					`quota` = :quota_b
    1739. 

  1739. 						WHERE `username` = :username");
    1740. 

  1740. 			$stmt->execute(array(
    1741. 

  1741. 				':modified' => date('Y-m-d H:i:s'),
    1742. 

  1742. 				':password_hashed' => $password_hashed,
    1743. 

  1743. 				':active' => $active,
    1744. 

  1744. 				':name' => $name,
    1745. 

  1745. 				':quota_b' => $quota_b,
    1746. 

  1746. 				':username' => $username
    1747. 

  1747. 			));
    1748. 

  1748. 			$_SESSION['return'] = array(
    1749. 

  1749. 				'type' => 'success',
    1750. 

  1750. 				'msg' => sprintf($lang['success']['mailbox_modified'], $username)
    1751. 

  1751. 			);
    1752. 

  1752. 			return true;
    1753. 

  1753. 		}
    1754. 

  1754. 		catch (PDOException $e) {
    1755. 

  1755. 			$_SESSION['return'] = array(
    1756. 

  1756. 				'type' => 'danger',
    1757. 

  1757. 				'msg' => 'MySQL: '.$e
    1758. 

  1758. 			);
    1759. 

  1759. 			return false;
    1760. 

  1760. 		}
    1761. 

  1761. 	}
    1762. 

  1762. 	try {
    1763. 

  1763. 		$stmt = $pdo->prepare("UPDATE `alias` SET
    1764. 

  1764. 				`modified` = :modified,
    1765. 

  1765. 				`active` = :active
    1766. 

  1766. 					WHERE `address` = :address");
    1767. 

  1767. 		$stmt->execute(array(
    1768. 

  1768. 			':address' => $username,
    1769. 

  1769. 			':modified' => date('Y-m-d H:i:s'),
    1770. 

  1770. 			':active' => $active
    1771. 

  1771. 		));
    1772. 

  1772. 		$stmt = $pdo->prepare("UPDATE `mailbox` SET
    1773. 

  1773. 				`modified` = :modified,
    1774. 

  1774. 				`active` = :active,
    1775. 

  1775. 				`name`= :name,
    1776. 

  1776. 				`quota` = :quota_b
    1777. 

  1777. 					WHERE `username` = :username");
    1778. 

  1778. 		$stmt->execute(array(
    1779. 

  1779. 			':active' => $active,
    1780. 

  1780. 			':modified' => date('Y-m-d H:i:s'),
    1781. 

  1781. 			':name' => $name,
    1782. 

  1782. 			':quota_b' => $quota_b,
    1783. 

  1783. 			':username' => $username
    1784. 

  1784. 		));
    1785. 

  1785. 		$_SESSION['return'] = array(
    1786. 

  1786. 			'type' => 'success',
    1787. 

  1787. 			'msg' => sprintf($lang['success']['mailbox_modified'], $username)
    1788. 

  1788. 		);
    1789. 

  1789. 		return true;
    1790. 

  1790. 	}
    1791. 

  1791. 	catch (PDOException $e) {
    1792. 

  1792. 		$_SESSION['return'] = array(
    1793. 

  1793. 			'type' => 'danger',
    1794. 

  1794. 			'msg' => 'MySQL: '.$e
    1795. 

  1795. 		);
    1796. 

  1796. 		return false;
    1797. 

  1797. 	}
    1798. 

  1798. }
    1799. 

  1799. function mailbox_delete_domain($postarray) {
    1800. 

  1800. 	global $lang;
    1801. 

  1801. 	global $pdo;
    1802. 

  1802. 	$domain = $postarray['domain'];
    1803. 

  1803. 	if ($_SESSION['mailcow_cc_role'] != "admin") {
    1804. 

  1804. 		$_SESSION['return'] = array(
    1805. 

  1805. 			'type' => 'danger',
    1806. 

  1806. 			'msg' => sprintf($lang['danger']['access_denied'])
    1807. 

  1807. 		);
    1808. 

  1808. 		return false;
    1809. 

  1809. 	}
    1810. 

  1810. 	if (!is_valid_domain_name($domain)) {
    1811. 

  1811. 		$_SESSION['return'] = array(
    1812. 

  1812. 			'type' => 'danger',
    1813. 

  1813. 			'msg' => sprintf($lang['danger']['domain_invalid'])
    1814. 

  1814. 		);
    1815. 

  1815. 		return false;
    1816. 

  1816. 	}
    1817. 

  1817. 	$domain	= strtolower(trim($domain));
    1818. 

  1818. 

  1819. 

  1820. 	try {
    1821. 

  1821. 		$stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
    1822. 

  1822. 			WHERE `domain` = :domain");
    1823. 

  1823. 		$stmt->execute(array(':domain' => $domain));
    1824. 

  1824. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    1825. 

  1825. 	}
    1826. 

  1826. 	catch(PDOException $e) {
    1827. 

  1827. 		$_SESSION['return'] = array(
    1828. 

  1828. 			'type' => 'danger',
    1829. 

  1829. 			'msg' => 'MySQL: '.$e
    1830. 

  1830. 		);
    1831. 

  1831. 		return false;
    1832. 

  1832. 	}
    1833. 

  1833. 	if ($num_results != 0 || !empty($num_results)) {
    1834. 

  1834. 		$_SESSION['return'] = array(
    1835. 

  1835. 			'type' => 'danger',
    1836. 

  1836. 			'msg' => sprintf($lang['danger']['domain_not_empty'])
    1837. 

  1837. 		);
    1838. 

  1838. 		return false;
    1839. 

  1839. 	}
    1840. 

  1840. 

  1841. 	try {
    1842. 

  1842. 		$stmt = $pdo->prepare("DELETE FROM `domain` WHERE `domain` = :domain");
    1843. 

  1843. 		$stmt->execute(array(
    1844. 

  1844. 			':domain' => $domain,
    1845. 

  1845. 		));
    1846. 

  1846. 		$stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `domain` = :domain");
    1847. 

  1847. 		$stmt->execute(array(
    1848. 

  1848. 			':domain' => $domain,
    1849. 

  1849. 		));
    1850. 

  1850. 		$stmt = $pdo->prepare("DELETE FROM `alias` WHERE `domain` = :domain");
    1851. 

  1851. 		$stmt->execute(array(
    1852. 

  1852. 			':domain' => $domain,
    1853. 

  1853. 		));
    1854. 

  1854. 		$stmt = $pdo->prepare("DELETE FROM `alias_domain` WHERE `target_domain` = :domain");
    1855. 

  1855. 		$stmt->execute(array(
    1856. 

  1856. 			':domain' => $domain,
    1857. 

  1857. 		));
    1858. 

  1858. 		$stmt = $pdo->prepare("DELETE FROM `mailbox` WHERE `domain` = :domain");
    1859. 

  1859. 		$stmt->execute(array(
    1860. 

  1860. 			':domain' => $domain,
    1861. 

  1861. 		));
    1862. 

  1862. 		$stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` LIKE :domain");
    1863. 

  1863. 		$stmt->execute(array(
    1864. 

  1864. 			':domain' => '%@'.$domain,
    1865. 

  1865. 		));
    1866. 

  1866. 		$stmt = $pdo->prepare("DELETE FROM `quota2` WHERE `username` = :domain");
    1867. 

  1867. 		$stmt->execute(array(
    1868. 

  1868. 			':domain' => '%@'.$domain,
    1869. 

  1869. 		));
    1870. 

  1870. 		$stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `address` = :domain");
    1871. 

  1871. 		$stmt->execute(array(
    1872. 

  1872. 			':domain' => '%@'.$domain,
    1873. 

  1873. 		));
    1874. 

  1874. 		$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :domain");
    1875. 

  1875. 		$stmt->execute(array(
    1876. 

  1876. 			':domain' => '%@'.$domain,
    1877. 

  1877. 		));
    1878. 

  1878. 	}
    1879. 

  1879. 	catch (PDOException $e) {
    1880. 

  1880. 		$_SESSION['return'] = array(
    1881. 

  1881. 			'type' => 'danger',
    1882. 

  1882. 			'msg' => 'MySQL: '.$e
    1883. 

  1883. 		);
    1884. 

  1884. 		return false;
    1885. 

  1885. 	}
    1886. 

  1886. 	$_SESSION['return'] = array(
    1887. 

  1887. 		'type' => 'success',
    1888. 

  1888. 		'msg' => sprintf($lang['success']['domain_removed'], htmlspecialchars($domain))
    1889. 

  1889. 	);
    1890. 

  1890. 	return true;
    1891. 

  1891. }
    1892. 

  1892. function mailbox_delete_alias($postarray) {
    1893. 

  1893. 	global $lang;
    1894. 

  1894. 	global $pdo;
    1895. 

  1895. 	$address		= $postarray['address'];
    1896. 

  1896. 	$local_part		= strstr($address, '@', true);
    1897. 

  1897. 	$domain			= substr(strrchr($address, "@"), 1);
    1898. 

  1898. 	try {
    1899. 

  1899. 		$stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :address");
    1900. 

  1900. 		$stmt->execute(array(':address' => $address));
    1901. 

  1901. 		$gotos = $stmt->fetch(PDO::FETCH_ASSOC);
    1902. 

  1902. 	}
    1903. 

  1903. 	catch(PDOException $e) {
    1904. 

  1904. 		$_SESSION['return'] = array(
    1905. 

  1905. 			'type' => 'danger',
    1906. 

  1906. 			'msg' => 'MySQL: '.$e
    1907. 

  1907. 		);
    1908. 

  1908. 		return false;
    1909. 

  1909. 	}
    1910. 

  1910. 	$goto_array = explode(',', $gotos['goto']);
    1911. 

  1911. 

  1912. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
    1913. 

  1913. 		$_SESSION['return'] = array(
    1914. 

  1914. 			'type' => 'danger',
    1915. 

  1915. 			'msg' => sprintf($lang['danger']['access_denied'])
    1916. 

  1916. 		);
    1917. 

  1917. 		return false;
    1918. 

  1918. 	}
    1919. 

  1919. 	try {
    1920. 

  1920. 		$stmt = $pdo->prepare("DELETE FROM `alias` WHERE `address` = :address AND `address` NOT IN (SELECT `username` FROM `mailbox`)");
    1921. 

  1921. 		$stmt->execute(array(
    1922. 

  1922. 			':address' => $address
    1923. 

  1923. 		));
    1924. 

  1924. 	}
    1925. 

  1925. 	catch (PDOException $e) {
    1926. 

  1926. 		$_SESSION['return'] = array(
    1927. 

  1927. 			'type' => 'danger',
    1928. 

  1928. 			'msg' => 'MySQL: '.$e
    1929. 

  1929. 		);
    1930. 

  1930. 		return false;
    1931. 

  1931. 	}
    1932. 

  1932. 	$_SESSION['return'] = array(
    1933. 

  1933. 		'type' => 'success',
    1934. 

  1934. 		'msg' => sprintf($lang['success']['alias_removed'], htmlspecialchars($address))
    1935. 

  1935. 	);
    1936. 

  1936. 

  1937. }
    1938. 

  1938. function mailbox_delete_alias_domain($postarray) {
    1939. 

  1939. 	global $lang;
    1940. 

  1940. 	global $pdo;
    1941. 

  1941. 	if (!is_valid_domain_name($postarray['alias_domain'])) {
    1942. 

  1942. 		$_SESSION['return'] = array(
    1943. 

  1943. 			'type' => 'danger',
    1944. 

  1944. 			'msg' => sprintf($lang['danger']['domain_invalid'])
    1945. 

  1945. 		);
    1946. 

  1946. 		return false;
    1947. 

  1947. 	}
    1948. 

  1948. 	$alias_domain = $postarray['alias_domain'];
    1949. 

  1949. 	try {
    1950. 

  1950. 		$stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain`
    1951. 

  1951. 				WHERE `alias_domain`= :alias_domain");
    1952. 

  1952. 		$stmt->execute(array(':alias_domain' => $alias_domain));
    1953. 

  1953. 		$DomainData = $stmt->fetch(PDO::FETCH_ASSOC);
    1954. 

  1954. 	}
    1955. 

  1955. 	catch(PDOException $e) {
    1956. 

  1956. 		$_SESSION['return'] = array(
    1957. 

  1957. 			'type' => 'danger',
    1958. 

  1958. 			'msg' => 'MySQL: '.$e
    1959. 

  1959. 		);
    1960. 

  1960. 		return false;
    1961. 

  1961. 	}
    1962. 

  1962. 

  1963. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $DomainData['target_domain'])) {
    1964. 

  1964. 		$_SESSION['return'] = array(
    1965. 

  1965. 			'type' => 'danger',
    1966. 

  1966. 			'msg' => sprintf($lang['danger']['access_denied'])
    1967. 

  1967. 		);
    1968. 

  1968. 		return false;
    1969. 

  1969. 	}
    1970. 

  1970. 

  1971. 	try {
    1972. 

  1972. 		$stmt = $pdo->prepare("DELETE FROM `alias_domain` WHERE `alias_domain` = :alias_domain");
    1973. 

  1973. 		$stmt->execute(array(
    1974. 

  1974. 			':alias_domain' => $alias_domain,
    1975. 

  1975. 		));
    1976. 

  1976. 	}
    1977. 

  1977. 	catch (PDOException $e) {
    1978. 

  1978. 		$_SESSION['return'] = array(
    1979. 

  1979. 			'type' => 'danger',
    1980. 

  1980. 			'msg' => 'MySQL: '.$e
    1981. 

  1981. 		);
    1982. 

  1982. 		return false;
    1983. 

  1983. 	}
    1984. 

  1984. 	$_SESSION['return'] = array(
    1985. 

  1985. 		'type' => 'success',
    1986. 

  1986. 		'msg' => sprintf($lang['success']['alias_domain_removed'], htmlspecialchars($alias_domain))
    1987. 

  1987. 	);
    1988. 

  1988. }
    1989. 

  1989. function mailbox_delete_mailbox($postarray) {
    1990. 

  1990. 	global $lang;
    1991. 

  1991. 	global $pdo;
    1992. 

  1992. 	$domain		= substr(strrchr($postarray['username'], "@"), 1);
    1993. 

  1993. 	$username	= $postarray['username'];
    1994. 

  1994. 	if (!filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) {
    1995. 

  1995. 		$_SESSION['return'] = array(
    1996. 

  1996. 			'type' => 'danger',
    1997. 

  1997. 			'msg' => sprintf($lang['danger']['access_denied'])
    1998. 

  1998. 		);
    1999. 

  1999. 		return false;
    2000. 

  2000. 	}
    2001. 

  2001. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
    2002. 

  2002. 		$_SESSION['return'] = array(
    2003. 

  2003. 			'type' => 'danger',
    2004. 

  2004. 			'msg' => sprintf($lang['danger']['access_denied'])
    2005. 

  2005. 		);
    2006. 

  2006. 		return false;
    2007. 

  2007. 	}
    2008. 

  2008. 

  2009. 	try {
    2010. 

  2010. 		$stmt = $pdo->prepare("DELETE FROM `alias` WHERE `goto` = :username");
    2011. 

  2011. 		$stmt->execute(array(
    2012. 

  2012. 			':username' => $username
    2013. 

  2013. 		));
    2014. 

  2014. 		$stmt = $pdo->prepare("DELETE FROM `quota2` WHERE `username` = :username");
    2015. 

  2015. 		$stmt->execute(array(
    2016. 

  2016. 			':username' => $username
    2017. 

  2017. 		));
    2018. 

  2018. 		$stmt = $pdo->prepare("DELETE FROM `mailbox` WHERE `username` = :username");
    2019. 

  2019. 		$stmt->execute(array(
    2020. 

  2020. 			':username' => $username
    2021. 

  2021. 		));
    2022. 

  2022. 		$stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username");
    2023. 

  2023. 		$stmt->execute(array(
    2024. 

  2024. 			':username' => $username
    2025. 

  2025. 		));
    2026. 

  2026. 		$stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `goto` = :username");
    2027. 

  2027. 		$stmt->execute(array(
    2028. 

  2028. 			':username' => $username
    2029. 

  2029. 		));
    2030. 

  2030. 		$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username");
    2031. 

  2031. 		$stmt->execute(array(
    2032. 

  2032. 			':username' => $username
    2033. 

  2033. 		));
    2034. 

  2034. 		$stmt = $pdo->prepare("SELECT `address`, `goto` FROM `alias`
    2035. 

  2035. 				WHERE `goto` LIKE :username");
    2036. 

  2036. 		$stmt->execute(array(':username' => '%'.$username.'%'));
    2037. 

  2037. 		$GotoData = $stmt->fetchAll(PDO::FETCH_ASSOC);
    2038. 

  2038. 		foreach ($GotoData as $gotos) {
    2039. 

  2039. 			$goto_exploded = explode(',', $gotos['goto']);
    2040. 

  2040. 			if (($key = array_search($username, $goto_exploded)) !== false) {
    2041. 

  2041. 				unset($goto_exploded[$key]);
    2042. 

  2042. 			}
    2043. 

  2043. 			$gotos_rebuild = implode(',', $goto_exploded);
    2044. 

  2044. 			$stmt = $pdo->prepare("UPDATE `alias` SET `goto` = :goto WHERE `address` = :address");
    2045. 

  2045. 			$stmt->execute(array(
    2046. 

  2046. 				':goto' => $gotos_rebuild,
    2047. 

  2047. 				':address' => $gotos['address']
    2048. 

  2048. 			));
    2049. 

  2049. 		}
    2050. 

  2050. 	}
    2051. 

  2051. 	catch (PDOException $e) {
    2052. 

  2052. 		$_SESSION['return'] = array(
    2053. 

  2053. 			'type' => 'danger',
    2054. 

  2054. 			'msg' => 'MySQL: '.$e
    2055. 

  2055. 		);
    2056. 

  2056. 		return false;
    2057. 

  2057. 	}
    2058. 

  2058. 	$_SESSION['return'] = array(
    2059. 

  2059. 		'type' => 'success',
    2060. 

  2060. 		'msg' => sprintf($lang['success']['mailbox_removed'], htmlspecialchars($username))
    2061. 

  2061. 	);
    2062. 

  2062. }
    2063. 

  2063. function edit_domain_admin($postarray) {
    2064. 

  2064. 	global $lang;
    2065. 

  2065. 	global $pdo;
    2066. 

  2066. 	$username     = $postarray['username'];
    2067. 

  2067. 	$password     = $postarray['password'];
    2068. 

  2068. 	$password2    = $postarray['password2'];
    2069. 

  2069. 	isset($postarray['active']) ? $active = '1' : $active = '0';
    2070. 

  2070. 

  2071. 	if ($_SESSION['mailcow_cc_role'] != "admin") {
    2072. 

  2072. 		$_SESSION['return'] = array(
    2073. 

  2073. 			'type' => 'danger',
    2074. 

  2074. 			'msg' => sprintf($lang['danger']['access_denied'])
    2075. 

  2075. 		);
    2076. 

  2076. 		return false;
    2077. 

  2077. 	}
    2078. 

  2078. 	
    2079. 

  2079. 	foreach ($postarray['domain'] as $domain) {
    2080. 

  2080. 		if (!is_valid_domain_name($domain)) {
    2081. 

  2081. 			$_SESSION['return'] = array(
    2082. 

  2082. 				'type' => 'danger',
    2083. 

  2083. 				'msg' => sprintf($lang['danger']['domain_invalid'])
    2084. 

  2084. 			);
    2085. 

  2085. 			return false;
    2086. 

  2086. 		}
    2087. 

  2087. 	}
    2088. 

  2088. 

  2089. 	if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
    2090. 

  2090. 		$_SESSION['return'] = array(
    2091. 

  2091. 			'type' => 'danger',
    2092. 

  2092. 			'msg' => sprintf($lang['danger']['username_invalid'])
    2093. 

  2093. 		);
    2094. 

  2094. 		return false;
    2095. 

  2095. 	}
    2096. 

  2096. 

  2097. 	try {
    2098. 

  2098. 		$stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
    2099. 

  2099. 		$stmt->execute(array(
    2100. 

  2100. 			':username' => $username,
    2101. 

  2101. 		));
    2102. 

  2102. 	}
    2103. 

  2103. 	catch (PDOException $e) {
    2104. 

  2104. 		$_SESSION['return'] = array(
    2105. 

  2105. 			'type' => 'danger',
    2106. 

  2106. 			'msg' => 'MySQL: '.$e
    2107. 

  2107. 		);
    2108. 

  2108. 		return false;
    2109. 

  2109. 	}
    2110. 

  2110. 

  2111. 	foreach ($postarray['domain'] as $domain) {
    2112. 

  2112. 		try {
    2113. 

  2113. 			$stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
    2114. 

  2114. 				VALUES (:username, :domain, :created, :active)");
    2115. 

  2115. 			$stmt->execute(array(
    2116. 

  2116. 				':username' => $username,
    2117. 

  2117. 				':domain' => $domain,
    2118. 

  2118. 				':created' => date('Y-m-d H:i:s'),
    2119. 

  2119. 				':active' => $active
    2120. 

  2120. 			));
    2121. 

  2121. 		}
    2122. 

  2122. 		catch (PDOException $e) {
    2123. 

  2123. 			$_SESSION['return'] = array(
    2124. 

  2124. 				'type' => 'danger',
    2125. 

  2125. 				'msg' => 'MySQL: '.$e
    2126. 

  2126. 			);
    2127. 

  2127. 			return false;
    2128. 

  2128. 		}
    2129. 

  2129. 	}
    2130. 

  2130. 

  2131. 	if (!empty($password) && !empty($password2)) {
    2132. 

  2132. 		if ($password != $password2) {
    2133. 

  2133. 			$_SESSION['return'] = array(
    2134. 

  2134. 				'type' => 'danger',
    2135. 

  2135. 				'msg' => sprintf($lang['danger']['password_mismatch'])
    2136. 

  2136. 			);
    2137. 

  2137. 			return false;
    2138. 

  2138. 		}
    2139. 

  2139. 		$password_hashed = hash_password($password);
    2140. 

  2140. 		try {
    2141. 

  2141. 			$stmt = $pdo->prepare("UPDATE `admin` SET `modified` = :modified, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
    2142. 

  2142. 			$stmt->execute(array(
    2143. 

  2143. 				':password_hashed' => $password_hashed,
    2144. 

  2144. 				':username' => $username,
    2145. 

  2145. 				':modified' => date('Y-m-d H:i:s'),
    2146. 

  2146. 				':active' => $active
    2147. 

  2147. 			));
    2148. 

  2148. 		}
    2149. 

  2149. 		catch (PDOException $e) {
    2150. 

  2150. 			$_SESSION['return'] = array(
    2151. 

  2151. 				'type' => 'danger',
    2152. 

  2152. 				'msg' => 'MySQL: '.$e
    2153. 

  2153. 			);
    2154. 

  2154. 			return false;
    2155. 

  2155. 		}
    2156. 

  2156. 	}
    2157. 

  2157. 	else {
    2158. 

  2158. 		try {
    2159. 

  2159. 			$stmt = $pdo->prepare("UPDATE `admin` SET `modified` = :modified, `active` = :active WHERE `username` = :username");
    2160. 

  2160. 			$stmt->execute(array(
    2161. 

  2161. 				':username' => $username,
    2162. 

  2162. 				':modified' => date('Y-m-d H:i:s'),
    2163. 

  2163. 				':active' => $active
    2164. 

  2164. 			));
    2165. 

  2165. 		}
    2166. 

  2166. 		catch (PDOException $e) {
    2167. 

  2167. 			$_SESSION['return'] = array(
    2168. 

  2168. 				'type' => 'danger',
    2169. 

  2169. 				'msg' => 'MySQL: '.$e
    2170. 

  2170. 			);
    2171. 

  2171. 			return false;
    2172. 

  2172. 		}
    2173. 

  2173. 	}
    2174. 

  2174. 	$_SESSION['return'] = array(
    2175. 

  2175. 		'type' => 'success',
    2176. 

  2176. 		'msg' => sprintf($lang['success']['domain_admin_modified'], htmlspecialchars($username))
    2177. 

  2177. 	);
    2178. 

  2178. }
    2179. 

  2179. function set_admin_account($postarray) {
    2180. 

  2180. 	global $lang;
    2181. 

  2181. 	global $pdo;
    2182. 

  2182. 	if ($_SESSION['mailcow_cc_role'] != "admin") {
    2183. 

  2183. 		$_SESSION['return'] = array(
    2184. 

  2184. 			'type' => 'danger',
    2185. 

  2185. 			'msg' => sprintf($lang['danger']['access_denied'])
    2186. 

  2186. 		);
    2187. 

  2187. 		return false;
    2188. 

  2188. 	}
    2189. 

  2189. 	$name		= $postarray['admin_user'];
    2190. 

  2190. 	$name_now	= $postarray['admin_user_now'];
    2191. 

  2191. 

  2192. 	if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $name)) || empty ($name)) {
    2193. 

  2193. 		$_SESSION['return'] = array(
    2194. 

  2194. 			'type' => 'danger',
    2195. 

  2195. 			'msg' => sprintf($lang['danger']['username_invalid'])
    2196. 

  2196. 		);
    2197. 

  2197. 		return false;
    2198. 

  2198. 	}
    2199. 

  2199. 	if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $name_now)) || empty ($name_now)) {
    2200. 

  2200. 		$_SESSION['return'] = array(
    2201. 

  2201. 			'type' => 'danger',
    2202. 

  2202. 			'msg' => sprintf($lang['danger']['username_invalid'])
    2203. 

  2203. 		);
    2204. 

  2204. 		return false;
    2205. 

  2205. 	}
    2206. 

  2206. 	if (!empty($postarray['admin_pass']) && !empty($postarray['admin_pass2'])) {
    2207. 

  2207. 		if ($postarray['admin_pass'] != $postarray['admin_pass2']) {
    2208. 

  2208. 			$_SESSION['return'] = array(
    2209. 

  2209. 				'type' => 'danger',
    2210. 

  2210. 				'msg' => sprintf($lang['danger']['password_mismatch'])
    2211. 

  2211. 			);
    2212. 

  2212. 			return false;
    2213. 

  2213. 		}
    2214. 

  2214. 		$password_hashed = hash_password($postarray['admin_pass']);
    2215. 

  2215. 		try {
    2216. 

  2216. 			$stmt = $pdo->prepare("UPDATE `admin` SET 
    2217. 

  2217. 				`modified` = :modified,
    2218. 

  2218. 				`password` = :password_hashed,
    2219. 

  2219. 				`username` = :name
    2220. 

  2220. 					WHERE `username` = :username");
    2221. 

  2221. 			$stmt->execute(array(
    2222. 

  2222. 				':password_hashed' => $password_hashed,
    2223. 

  2223. 				':modified' => date('Y-m-d H:i:s'),
    2224. 

  2224. 				':name' => $name,
    2225. 

  2225. 				':username' => $name_now
    2226. 

  2226. 			));
    2227. 

  2227. 		}
    2228. 

  2228. 		catch (PDOException $e) {
    2229. 

  2229. 			$_SESSION['return'] = array(
    2230. 

  2230. 				'type' => 'danger',
    2231. 

  2231. 				'msg' => 'MySQL: '.$e
    2232. 

  2232. 			);
    2233. 

  2233. 			return false;
    2234. 

  2234. 		}
    2235. 

  2235. 	}
    2236. 

  2236. 	else {
    2237. 

  2237. 		try {
    2238. 

  2238. 			$stmt = $pdo->prepare("UPDATE `admin` SET 
    2239. 

  2239. 				`modified` = :modified,
    2240. 

  2240. 				`username` = :name
    2241. 

  2241. 					WHERE `username` = :name_now");
    2242. 

  2242. 			$stmt->execute(array(
    2243. 

  2243. 				':name' => $name,
    2244. 

  2244. 				':modified' => date('Y-m-d H:i:s'),
    2245. 

  2245. 				':name_now' => $name_now
    2246. 

  2246. 			));
    2247. 

  2247. 		}
    2248. 

  2248. 		catch (PDOException $e) {
    2249. 

  2249. 			$_SESSION['return'] = array(
    2250. 

  2250. 				'type' => 'danger',
    2251. 

  2251. 				'msg' => 'MySQL: '.$e
    2252. 

  2252. 			);
    2253. 

  2253. 			return false;
    2254. 

  2254. 		}
    2255. 

  2255. 	}
    2256. 

  2256. 	try {
    2257. 

  2257. 		$stmt = $pdo->prepare("UPDATE `domain_admins` SET 
    2258. 

  2258. 			`domain` = :domain,
    2259. 

  2259. 			`username` = :name
    2260. 

  2260. 				WHERE `username` = :name_now");
    2261. 

  2261. 		$stmt->execute(array(
    2262. 

  2262. 			':domain' => 'ALL',
    2263. 

  2263. 			':name' => $name,
    2264. 

  2264. 			':name_now' => $name_now
    2265. 

  2265. 		));
    2266. 

  2266. 	}
    2267. 

  2267. 	catch (PDOException $e) {
    2268. 

  2268. 		$_SESSION['return'] = array(
    2269. 

  2269. 			'type' => 'danger',
    2270. 

  2270. 			'msg' => 'MySQL: '.$e
    2271. 

  2271. 		);
    2272. 

  2272. 		return false;
    2273. 

  2273. 	}
    2274. 

  2274. 	$_SESSION['return'] = array(
    2275. 

  2275. 		'type' => 'success',
    2276. 

  2276. 		'msg' => sprintf($lang['success']['admin_modified'])
    2277. 

  2277. 	);
    2278. 

  2278. }
    2279. 

  2279. function set_time_limited_aliases($postarray) {
    2280. 

  2280. 	global $lang;
    2281. 

  2281. 	global $pdo;
    2282. 

  2282. 	$username	= $_SESSION['mailcow_cc_username'];
    2283. 

  2283. 	try {
    2284. 

  2284.     $stmt = $pdo->prepare("SELECT `domain` FROM `mailbox` WHERE `username` = :username");
    2285. 

  2285.     $stmt->execute(array(':username' => $username));
    2286. 

  2286.     $domain = $stmt->fetch(PDO::FETCH_ASSOC)['domain'];
    2287. 

  2287.   }
    2288. 

  2288.   catch (PDOException $e) {
    2289. 

  2289.     $_SESSION['return'] = array(
    2290. 

  2290.       'type' => 'danger',
    2291. 

  2291.       'msg' => 'MySQL: '.$e
    2292. 

  2292.     );
    2293. 

  2293.     return false;
    2294. 

  2294.   }
    2295. 

  2295. 	if ($_SESSION['mailcow_cc_role'] != "user" || empty($username) || empty($domain)) {
    2296. 

  2296. 				$_SESSION['return'] = array(
    2297. 

  2297. 					'type' => 'danger',
    2298. 

  2298. 					'msg' => sprintf($lang['danger']['access_denied'])
    2299. 

  2299. 				);
    2300. 

  2300. 				return false;
    2301. 

  2301. 	}
    2302. 

  2302. 	switch ($postarray["trigger_set_time_limited_aliases"]) {
    2303. 

  2303. 		case "generate":
    2304. 

  2304. 			if (!is_numeric($postarray["validity"]) || $postarray["validity"] > 672) {
    2305. 

  2305. 				$_SESSION['return'] = array(
    2306. 

  2306. 					'type' => 'danger',
    2307. 

  2307. 					'msg' => sprintf($lang['danger']['validity_missing'])
    2308. 

  2308. 				);
    2309. 

  2309. 				return false;
    2310. 

  2310. 			}
    2311. 

  2311. 			$validity = strtotime("+".$postarray["validity"]." hour"); 
    2312. 

  2312. 			$letters = 'abcefghijklmnopqrstuvwxyz1234567890';
    2313. 

  2313. 			$random_name = substr(str_shuffle($letters), 0, 24);
    2314. 

  2314. 			try {
    2315. 

  2315. 				$stmt = $pdo->prepare("INSERT INTO `spamalias` (`address`, `goto`, `validity`) VALUES
    2316. 

  2316. 					(:address, :goto, :validity)");
    2317. 

  2317. 				$stmt->execute(array(
    2318. 

  2318. 					':address' => $random_name . '@' . $domain,
    2319. 

  2319. 					':goto' => $username,
    2320. 

  2320. 					':validity' => $validity
    2321. 

  2321. 				));
    2322. 

  2322. 			}
    2323. 

  2323. 			catch (PDOException $e) {
    2324. 

  2324. 				$_SESSION['return'] = array(
    2325. 

  2325. 					'type' => 'danger',
    2326. 

  2326. 					'msg' => 'MySQL: '.$e
    2327. 

  2327. 				);
    2328. 

  2328. 				return false;
    2329. 

  2329. 			}
    2330. 

  2330. 			$_SESSION['return'] = array(
    2331. 

  2331. 				'type' => 'success',
    2332. 

  2332. 				'msg' => sprintf($lang['success']['mailbox_modified'], htmlspecialchars($username))
    2333. 

  2333. 			);
    2334. 

  2334. 		break;
    2335. 

  2335. 		case "deleteall":
    2336. 

  2336. 			try {
    2337. 

  2337. 				$stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `goto` = :username");
    2338. 

  2338. 				$stmt->execute(array(
    2339. 

  2339. 					':username' => $username
    2340. 

  2340. 				));
    2341. 

  2341. 			}
    2342. 

  2342. 			catch (PDOException $e) {
    2343. 

  2343. 				$_SESSION['return'] = array(
    2344. 

  2344. 					'type' => 'danger',
    2345. 

  2345. 					'msg' => 'MySQL: '.$e
    2346. 

  2346. 				);
    2347. 

  2347. 				return false;
    2348. 

  2348. 			}	
    2349. 

  2349. 			$_SESSION['return'] = array(
    2350. 

  2350. 				'type' => 'success',
    2351. 

  2351. 				'msg' => sprintf($lang['success']['mailbox_modified'], htmlspecialchars($username))
    2352. 

  2352. 			);
    2353. 

  2353. 		break;
    2354. 

  2354. 		case "delete":
    2355. 

  2355. 			if (empty($postarray['item']) || !filter_var($postarray['item'], FILTER_VALIDATE_EMAIL)) {
    2356. 

  2356. 				$_SESSION['return'] = array(
    2357. 

  2357. 					'type' => 'danger',
    2358. 

  2358. 					'msg' => sprintf($lang['danger']['access_denied'])
    2359. 

  2359. 				);
    2360. 

  2360. 				return false;
    2361. 

  2361. 			}
    2362. 

  2362.       $item	= $postarray['item'];
    2363. 

  2363. 			try {
    2364. 

  2364. 				$stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `goto` = :username AND `address` = :item");
    2365. 

  2365. 				$stmt->execute(array(
    2366. 

  2366. 					':username' => $username,
    2367. 

  2367. 					':item' => $item
    2368. 

  2368. 				));
    2369. 

  2369. 			}
    2370. 

  2370. 			catch (PDOException $e) {
    2371. 

  2371. 				$_SESSION['return'] = array(
    2372. 

  2372. 					'type' => 'danger',
    2373. 

  2373. 					'msg' => 'MySQL: '.$e
    2374. 

  2374. 				);
    2375. 

  2375. 				return false;
    2376. 

  2376. 			}	
    2377. 

  2377. 			$_SESSION['return'] = array(
    2378. 

  2378. 				'type' => 'success',
    2379. 

  2379. 				'msg' => sprintf($lang['success']['mailbox_modified'], htmlspecialchars($username))
    2380. 

  2380. 			);
    2381. 

  2381. 		break;
    2382. 

  2382. 		case "extend":
    2383. 

  2383. 			try {
    2384. 

  2384. 				$stmt = $pdo->prepare("UPDATE `spamalias` SET `validity` = (`validity` + 3600)
    2385. 

  2385. 					WHERE `goto` = :username 
    2386. 

  2386. 						AND `validity` >= :validity");
    2387. 

  2387. 				$stmt->execute(array(
    2388. 

  2388. 					':username' => $username,
    2389. 

  2389. 					':validity' => time(),
    2390. 

  2390. 				));
    2391. 

  2391. 			}
    2392. 

  2392. 			catch (PDOException $e) {
    2393. 

  2393. 				$_SESSION['return'] = array(
    2394. 

  2394. 					'type' => 'danger',
    2395. 

  2395. 					'msg' => 'MySQL: '.$e
    2396. 

  2396. 				);
    2397. 

  2397. 				return false;
    2398. 

  2398. 			}
    2399. 

  2399. 			$_SESSION['return'] = array(
    2400. 

  2400. 				'type' => 'success',
    2401. 

  2401. 				'msg' => sprintf($lang['success']['mailbox_modified'], htmlspecialchars($username))
    2402. 

  2402. 			);
    2403. 

  2403. 		break;
    2404. 

  2404. 	}
    2405. 

  2405. }
    2406. 

  2406. function set_user_account($postarray) {
    2407. 

  2407. 	global $lang;
    2408. 

  2408. 	global $pdo;
    2409. 

  2409. 	$username			= $_SESSION['mailcow_cc_username'];
    2410. 

  2410. 	$password_old		= $postarray['user_old_pass'];
    2411. 

  2411. 	isset($postarray['togglePwNew']) ? $pwnew_active = '1' : $pwnew_active = '0';
    2412. 

  2412. 

  2413. 	if (isset($pwnew_active) && $pwnew_active == "1") {
    2414. 

  2414. 		$password_new	= $postarray['user_new_pass'];
    2415. 

  2415. 		$password_new2	= $postarray['user_new_pass2'];
    2416. 

  2416. 	}
    2417. 

  2417. 

  2418. 	if (!check_login($username, $password_old) == "user") {
    2419. 

  2419. 		$_SESSION['return'] = array(
    2420. 

  2420. 			'type' => 'danger',
    2421. 

  2421. 			'msg' => sprintf($lang['danger']['access_denied'])
    2422. 

  2422. 		);
    2423. 

  2423. 		return false;
    2424. 

  2424. 	}
    2425. 

  2425. 

  2426. 	if ($_SESSION['mailcow_cc_role'] != "user" &&
    2427. 

  2427. 		$_SESSION['mailcow_cc_role'] != "domainadmin") {
    2428. 

  2428. 			$_SESSION['return'] = array(
    2429. 

  2429. 				'type' => 'danger',
    2430. 

  2430. 				'msg' => sprintf($lang['danger']['access_denied'])
    2431. 

  2431. 			);
    2432. 

  2432. 			return false;
    2433. 

  2433. 	}
    2434. 

  2434. 

  2435. 	if (isset($password_new) && isset($password_new2)) {
    2436. 

  2436. 		if (!empty($password_new2) && !empty($password_new)) {
    2437. 

  2437. 			if ($password_new2 != $password_new) {
    2438. 

  2438. 				$_SESSION['return'] = array(
    2439. 

  2439. 					'type' => 'danger',
    2440. 

  2440. 					'msg' => sprintf($lang['danger']['password_mismatch'])
    2441. 

  2441. 				);
    2442. 

  2442. 				return false;
    2443. 

  2443. 			}
    2444. 

  2444. 			if (strlen($password_new) < "6" ||
    2445. 

  2445. 				!preg_match('/[A-Za-z]/', $password_new) ||
    2446. 

  2446. 				!preg_match('/[0-9]/', $password_new)) {
    2447. 

  2447. 					$_SESSION['return'] = array(
    2448. 

  2448. 						'type' => 'danger',
    2449. 

  2449. 						'msg' => sprintf($lang['danger']['password_complexity'])
    2450. 

  2450. 					);
    2451. 

  2451. 					return false;
    2452. 

  2452. 			}
    2453. 

  2453. 			$password_hashed = hash_password($password_new);
    2454. 

  2454. 			try {
    2455. 

  2455. 				$stmt = $pdo->prepare("UPDATE `mailbox` SET `modified` = :modified, `password` = :password_hashed WHERE `username` = :username");
    2456. 

  2456. 				$stmt->execute(array(
    2457. 

  2457. 					':password_hashed' => $password_hashed,
    2458. 

  2458. 					':modified' => date('Y-m-d H:i:s'),
    2459. 

  2459. 					':username' => $username
    2460. 

  2460. 				));
    2461. 

  2461. 			}
    2462. 

  2462. 			catch (PDOException $e) {
    2463. 

  2463. 				$_SESSION['return'] = array(
    2464. 

  2464. 					'type' => 'danger',
    2465. 

  2465. 					'msg' => 'MySQL: '.$e
    2466. 

  2466. 				);
    2467. 

  2467. 				return false;
    2468. 

  2468. 			}
    2469. 

  2469. 		}
    2470. 

  2470. 	}
    2471. 

  2471. 	$_SESSION['return'] = array(
    2472. 

  2472. 		'type' => 'success',
    2473. 

  2473. 		'msg' => sprintf($lang['success']['mailbox_modified'], $username)
    2474. 

  2474. 	);
    2475. 

  2475. }
    2476. 

  2476. function add_domain_admin($postarray) {
    2477. 

  2477. 	global $lang;
    2478. 

  2478. 	global $pdo;
    2479. 

  2479. 	$username		= strtolower(trim($postarray['username']));
    2480. 

  2480. 	$password		= $postarray['password'];
    2481. 

  2481. 	$password2		= $postarray['password2'];
    2482. 

  2482. 	isset($postarray['active']) ? $active = '1' : $active = '0';
    2483. 

  2483. 	if ($_SESSION['mailcow_cc_role'] != "admin") {
    2484. 

  2484. 		$_SESSION['return'] = array(
    2485. 

  2485. 			'type' => 'danger',
    2486. 

  2486. 			'msg' => sprintf($lang['danger']['access_denied'])
    2487. 

  2487. 		);
    2488. 

  2488. 		return false;
    2489. 

  2489. 	}
    2490. 

  2490. 	if (empty($postarray['domain'])) {
    2491. 

  2491. 		$_SESSION['return'] = array(
    2492. 

  2492. 			'type' => 'danger',
    2493. 

  2493. 			'msg' => sprintf($lang['danger']['domain_invalid'])
    2494. 

  2494. 		);
    2495. 

  2495. 		return false;
    2496. 

  2496. 	}
    2497. 

  2497. 	if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username)) {
    2498. 

  2498. 		$_SESSION['return'] = array(
    2499. 

  2499. 			'type' => 'danger',
    2500. 

  2500. 			'msg' => sprintf($lang['danger']['username_invalid'])
    2501. 

  2501. 		);
    2502. 

  2502. 		return false;
    2503. 

  2503. 	}
    2504. 

  2504. 	try {
    2505. 

  2505. 		$stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
    2506. 

  2506. 			WHERE `username` = :username");
    2507. 

  2507. 		$stmt->execute(array(':username' => $username));
    2508. 

  2508. 		$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    2509. 

  2509. 		
    2510. 

  2510. 		$stmt = $pdo->prepare("SELECT `username` FROM `admin`
    2511. 

  2511. 			WHERE `username` = :username");
    2512. 

  2512. 		$stmt->execute(array(':username' => $username));
    2513. 

  2513. 		$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    2514. 

  2514. 		
    2515. 

  2515. 		$stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
    2516. 

  2516. 			WHERE `username` = :username");
    2517. 

  2517. 		$stmt->execute(array(':username' => $username));
    2518. 

  2518. 		$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    2519. 

  2519. 	}
    2520. 

  2520. 	catch(PDOException $e) {
    2521. 

  2521. 		$_SESSION['return'] = array(
    2522. 

  2522. 			'type' => 'danger',
    2523. 

  2523. 			'msg' => 'MySQL: '.$e
    2524. 

  2524. 		);
    2525. 

  2525. 		return false;
    2526. 

  2526. 	}
    2527. 

  2527. 	foreach ($num_results as $num_results_each) {
    2528. 

  2528. 		if ($num_results_each != 0) {
    2529. 

  2529. 			$_SESSION['return'] = array(
    2530. 

  2530. 				'type' => 'danger',
    2531. 

  2531. 				'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($username))
    2532. 

  2532. 			);
    2533. 

  2533. 			return false;
    2534. 

  2534. 		}
    2535. 

  2535. 	}
    2536. 

  2536. 	if (!empty($password) && !empty($password2)) {
    2537. 

  2537. 		if ($password != $password2) {
    2538. 

  2538. 			$_SESSION['return'] = array(
    2539. 

  2539. 				'type' => 'danger',
    2540. 

  2540. 				'msg' => sprintf($lang['danger']['password_mismatch'])
    2541. 

  2541. 			);
    2542. 

  2542. 			return false;
    2543. 

  2543. 		}
    2544. 

  2544. 		$password_hashed = hash_password($password);
    2545. 

  2545. 		foreach ($postarray['domain'] as $domain) {
    2546. 

  2546. 			if (!is_valid_domain_name($domain)) {
    2547. 

  2547. 				$_SESSION['return'] = array(
    2548. 

  2548. 					'type' => 'danger',
    2549. 

  2549. 					'msg' => sprintf($lang['danger']['domain_invalid'])
    2550. 

  2550. 				);
    2551. 

  2551. 				return false;
    2552. 

  2552. 			}
    2553. 

  2553. 			try {
    2554. 

  2554. 				$stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
    2555. 

  2555. 						VALUES (:username, :domain, :created, :active)");
    2556. 

  2556. 				$stmt->execute(array(
    2557. 

  2557. 					':username' => $username,
    2558. 

  2558. 					':domain' => $domain,
    2559. 

  2559. 					':created' => date('Y-m-d H:i:s'),
    2560. 

  2560. 					':active' => $active
    2561. 

  2561. 				));
    2562. 

  2562. 			}
    2563. 

  2563. 			catch (PDOException $e) {
    2564. 

  2564. 				$_SESSION['return'] = array(
    2565. 

  2565. 					'type' => 'danger',
    2566. 

  2566. 					'msg' => 'MySQL: '.$e
    2567. 

  2567. 				);
    2568. 

  2568. 				return false;
    2569. 

  2569. 			}
    2570. 

  2570. 		}
    2571. 

  2571. 		try {
    2572. 

  2572. 			$stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
    2573. 

  2573. 				VALUES (:username, :password_hashed, '0', :created, :modified, :active)");
    2574. 

  2574. 			$stmt->execute(array(
    2575. 

  2575. 				':username' => $username,
    2576. 

  2576. 				':password_hashed' => $password_hashed,
    2577. 

  2577. 				':created' => date('Y-m-d H:i:s'),
    2578. 

  2578. 				':modified' => date('Y-m-d H:i:s'),
    2579. 

  2579. 				':active' => $active
    2580. 

  2580. 			));
    2581. 

  2581. 		}
    2582. 

  2582. 		catch (PDOException $e) {
    2583. 

  2583. 			$_SESSION['return'] = array(
    2584. 

  2584. 				'type' => 'danger',
    2585. 

  2585. 				'msg' => 'MySQL: '.$e
    2586. 

  2586. 			);
    2587. 

  2587. 			return false;
    2588. 

  2588. 		}
    2589. 

  2589. 	}
    2590. 

  2590. 	else {
    2591. 

  2591. 		$_SESSION['return'] = array(
    2592. 

  2592. 			'type' => 'danger',
    2593. 

  2593. 			'msg' => sprintf($lang['danger']['password_empty'])
    2594. 

  2594. 		);
    2595. 

  2595. 		return false;
    2596. 

  2596. 	}
    2597. 

  2597. 	$_SESSION['return'] = array(
    2598. 

  2598. 		'type' => 'success',
    2599. 

  2599. 		'msg' => sprintf($lang['success']['domain_admin_added'], htmlspecialchars($username))
    2600. 

  2600. 	);
    2601. 

  2601. }
    2602. 

  2602. function delete_domain_admin($postarray) {
    2603. 

  2603. 	global $pdo;
    2604. 

  2604. 	global $lang;
    2605. 

  2605. 	if ($_SESSION['mailcow_cc_role'] != "admin") {
    2606. 

  2606. 		$_SESSION['return'] = array(
    2607. 

  2607. 			'type' => 'danger',
    2608. 

  2608. 			'msg' => sprintf($lang['danger']['access_denied'])
    2609. 

  2609. 		);
    2610. 

  2610. 		return false;
    2611. 

  2611. 	}
    2612. 

  2612. 	$username = $postarray['username'];
    2613. 

  2613. 	if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
    2614. 

  2614. 		$_SESSION['return'] = array(
    2615. 

  2615. 			'type' => 'danger',
    2616. 

  2616. 			'msg' => sprintf($lang['danger']['username_invalid'])
    2617. 

  2617. 		);
    2618. 

  2618. 		return false;
    2619. 

  2619. 	}
    2620. 

  2620. 	try {
    2621. 

  2621. 		$stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
    2622. 

  2622. 		$stmt->execute(array(
    2623. 

  2623. 			':username' => $username,
    2624. 

  2624. 		));
    2625. 

  2625. 		$stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
    2626. 

  2626. 		$stmt->execute(array(
    2627. 

  2627. 			':username' => $username,
    2628. 

  2628. 		));
    2629. 

  2629. 	}
    2630. 

  2630. 	catch (PDOException $e) {
    2631. 

  2631. 		$_SESSION['return'] = array(
    2632. 

  2632. 			'type' => 'danger',
    2633. 

  2633. 			'msg' => 'MySQL: '.$e
    2634. 

  2634. 		);
    2635. 

  2635. 		return false;
    2636. 

  2636. 	}
    2637. 

  2637. 	$_SESSION['return'] = array(
    2638. 

  2638. 		'type' => 'success',
    2639. 

  2639. 		'msg' => sprintf($lang['success']['domain_admin_removed'], htmlspecialchars($username))
    2640. 

  2640. 	);
    2641. 

  2641. }
    2642. 

  2642. function get_spam_score($username) {
    2643. 

  2643. 	global $pdo;
    2644. 

  2644. 	$default = "5, 15";
    2645. 

  2645. 	if ($_SESSION['mailcow_cc_role'] != "user") {
    2646. 

  2646. 		return false;
    2647. 

  2647. 	}
    2648. 

  2648. 	if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
    2649. 

  2649. 		return $default;
    2650. 

  2650. 	}
    2651. 

  2651. 	try {
    2652. 

  2652. 		$stmt = $pdo->prepare("SELECT `value` FROM `filterconf` WHERE `object` = :username AND
    2653. 

  2653. 			(`option` = 'lowspamlevel' OR `option` = 'highspamlevel')");
    2654. 

  2654. 		$stmt->execute(array(':username' => $username));
    2655. 

  2655. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    2656. 

  2656. 	}
    2657. 

  2657. 	catch(PDOException $e) {
    2658. 

  2658. 		$_SESSION['return'] = array(
    2659. 

  2659. 			'type' => 'danger',
    2660. 

  2660. 			'msg' => 'MySQL: '.$e
    2661. 

  2661. 		);
    2662. 

  2662. 		return false;
    2663. 

  2663. 	}
    2664. 

  2664. 	if ($num_results == 0 || empty ($num_results)) {
    2665. 

  2665. 		return $default;
    2666. 

  2666. 	}
    2667. 

  2667. 	else {
    2668. 

  2668. 		try {
    2669. 

  2669. 			$stmt = $pdo->prepare("SELECT `value` FROM `filterconf` WHERE `option` = 'highspamlevel' AND `object` = :username");
    2670. 

  2670. 			$stmt->execute(array(':username' => $username));
    2671. 

  2671. 			$highspamlevel = $stmt->fetch(PDO::FETCH_ASSOC);
    2672. 

  2672. 

  2673. 			$stmt = $pdo->prepare("SELECT `value` FROM `filterconf` WHERE `option` = 'lowspamlevel' AND `object` = :username");
    2674. 

  2674. 			$stmt->execute(array(':username' => $username));
    2675. 

  2675. 			$lowspamlevel = $stmt->fetch(PDO::FETCH_ASSOC);
    2676. 

  2676. 

  2677. 			return $lowspamlevel['value'].', '.$highspamlevel['value'];
    2678. 

  2678. 		}
    2679. 

  2679. 		catch(PDOException $e) {
    2680. 

  2680. 			$_SESSION['return'] = array(
    2681. 

  2681. 				'type' => 'danger',
    2682. 

  2682. 				'msg' => 'MySQL: '.$e
    2683. 

  2683. 			);
    2684. 

  2684. 			return false;
    2685. 

  2685. 		}
    2686. 

  2686. 	}
    2687. 

  2687. }
    2688. 

  2688. function set_spam_score($postarray) {
    2689. 

  2689. 	global $lang;
    2690. 

  2690. 	global $pdo;
    2691. 

  2691. 	if ($_SESSION['mailcow_cc_role'] != "user") {
    2692. 

  2692. 		$_SESSION['return'] = array(
    2693. 

  2693. 			'type' => 'danger',
    2694. 

  2694. 			'msg' => sprintf($lang['danger']['access_denied'])
    2695. 

  2695. 		);
    2696. 

  2696. 		return false;
    2697. 

  2697. 	}
    2698. 

  2698. 	$username		= $_SESSION['mailcow_cc_username'];
    2699. 

  2699. 	$lowspamlevel	= explode(',', $postarray['score'])[0];
    2700. 

  2700. 	$highspamlevel	= explode(',', $postarray['score'])[1];
    2701. 

  2701. 	if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
    2702. 

  2702. 		$_SESSION['return'] = array(
    2703. 

  2703. 			'type' => 'danger',
    2704. 

  2704. 			'msg' => sprintf($lang['danger']['username_invalid'])
    2705. 

  2705. 		);
    2706. 

  2706. 		return false;
    2707. 

  2707. 	}
    2708. 

  2708. 	if (!is_numeric($lowspamlevel) || !is_numeric($highspamlevel)) {
    2709. 

  2709. 		$_SESSION['return'] = array(
    2710. 

  2710. 			'type' => 'danger',
    2711. 

  2711. 			'msg' => sprintf($lang['danger']['access_denied'])
    2712. 

  2712. 		);
    2713. 

  2713. 		return false;
    2714. 

  2714. 	}
    2715. 

  2715. 	try {
    2716. 

  2716. 		$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username
    2717. 

  2717. 			AND (`option` = 'lowspamlevel' OR `option` = 'highspamlevel')");
    2718. 

  2718. 		$stmt->execute(array(
    2719. 

  2719. 			':username' => $username
    2720. 

  2720. 		));
    2721. 

  2721. 

  2722. 		$stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option`, `value`)
    2723. 

  2723. 			VALUES (:username, 'highspamlevel', :highspamlevel)");
    2724. 

  2724. 		$stmt->execute(array(
    2725. 

  2725. 			':username' => $username,
    2726. 

  2726. 			':highspamlevel' => $highspamlevel
    2727. 

  2727. 		));
    2728. 

  2728. 

  2729. 		$stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option`, `value`)
    2730. 

  2730. 			VALUES (:username, 'lowspamlevel', :lowspamlevel)");
    2731. 

  2731. 		$stmt->execute(array(
    2732. 

  2732. 			':username' => $username,
    2733. 

  2733. 			':lowspamlevel' => $lowspamlevel
    2734. 

  2734. 		));
    2735. 

  2735. 	}
    2736. 

  2736. 	catch (PDOException $e) {
    2737. 

  2737. 		$_SESSION['return'] = array(
    2738. 

  2738. 			'type' => 'danger',
    2739. 

  2739. 			'msg' => 'MySQL: '.$e
    2740. 

  2740. 		);
    2741. 

  2741. 		return false;
    2742. 

  2742. 	}
    2743. 

  2743. 	$_SESSION['return'] = array(
    2744. 

  2744. 		'type' => 'success',
    2745. 

  2745. 		'msg' => sprintf($lang['success']['mailbox_modified'], $username)
    2746. 

  2746. 	);
    2747. 

  2747. }
    2748. 

  2748. function set_policy_list($postarray) {
    2749. 

  2749. 	global $lang;
    2750. 

  2750. 	global $pdo;
    2751. 

  2751. 	if ($_SESSION['mailcow_cc_role'] != "admin" &&
    2752. 

  2752. 		$_SESSION['mailcow_cc_role'] != "domainadmin" &&
    2753. 

  2753. 		$_SESSION['mailcow_cc_role'] != "user") {
    2754. 

  2754. 		$_SESSION['return'] = array(
    2755. 

  2755. 			'type' => 'danger',
    2756. 

  2756. 			'msg' => sprintf($lang['danger']['access_denied'])
    2757. 

  2757. 		);
    2758. 

  2758. 		return false;
    2759. 

  2759. 	}
    2760. 

  2760. 	(isset($postarray['domain'])) ? $object = $postarray['domain'] : $object = $_SESSION['mailcow_cc_username'];
    2761. 

  2761. 	($postarray['object_list'] == "bl") ? $object_list = "blacklist_from" : $object_list = "whitelist_from";
    2762. 

  2762. 	$object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($postarray['object_from']))), '.'));
    2763. 

  2763. 	if (!filter_var($object, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($object)) {
    2764. 

  2764. 		$_SESSION['return'] = array(
    2765. 

  2765. 			'type' => 'danger',
    2766. 

  2766. 			'msg' => sprintf($lang['danger']['username_invalid'])
    2767. 

  2767. 		);
    2768. 

  2768. 		return false;
    2769. 

  2769. 	}
    2770. 

  2770. 	if (is_valid_domain_name($object)) {
    2771. 

  2771. 		if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
    2772. 

  2772. 			$_SESSION['return'] = array(
    2773. 

  2773. 				'type' => 'danger',
    2774. 

  2774. 				'msg' => sprintf($lang['danger']['access_denied'])
    2775. 

  2775. 			);
    2776. 

  2776. 			return false;
    2777. 

  2777. 		}
    2778. 

  2778. 	}
    2779. 

  2779. 	if (isset($postarray['prefid'])) {
    2780. 

  2780. 		if (!is_numeric($postarray['prefid'])) {
    2781. 

  2781. 			$_SESSION['return'] = array(
    2782. 

  2782. 				'type' => 'danger',
    2783. 

  2783. 				'msg' => sprintf($lang['danger']['access_denied'])
    2784. 

  2784. 			);
    2785. 

  2785. 			return false;
    2786. 

  2786. 		}
    2787. 

  2787. 		try {
    2788. 

  2788. 			$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid");
    2789. 

  2789. 			$stmt->execute(array(
    2790. 

  2790. 				':object' => $object,
    2791. 

  2791. 				':prefid' => $postarray['prefid']
    2792. 

  2792. 			));
    2793. 

  2793. 		}
    2794. 

  2794. 		catch (PDOException $e) {
    2795. 

  2795. 			$_SESSION['return'] = array(
    2796. 

  2796. 				'type' => 'danger',
    2797. 

  2797. 				'msg' => 'MySQL: '.$e
    2798. 

  2798. 			);
    2799. 

  2799. 			return false;
    2800. 

  2800. 		}
    2801. 

  2801. 		$_SESSION['return'] = array(
    2802. 

  2802. 			'type' => 'success',
    2803. 

  2803. 			'msg' => sprintf($lang['success']['mailbox_modified'], $object)
    2804. 

  2804. 		);
    2805. 

  2805. 		return true;
    2806. 

  2806. 	}
    2807. 

  2807. 	if (!ctype_alnum(str_replace(array('@', '.', '-', '*'), '', $object_from))) {
    2808. 

  2808. 		$_SESSION['return'] = array(
    2809. 

  2809. 			'type' => 'danger',
    2810. 

  2810. 			'msg' => sprintf($lang['danger']['policy_list_from_invalid'])
    2811. 

  2811. 		);
    2812. 

  2812. 		return false;
    2813. 

  2813. 	}
    2814. 

  2814. 	try {
    2815. 

  2815. 		$stmt = $pdo->prepare("SELECT `object` FROM `filterconf`
    2816. 

  2816. 			WHERE (`option` = 'whitelist_from'  OR `option` = 'blacklist_from')
    2817. 

  2817. 				AND `object` = :object
    2818. 

  2818. 				AND `value` = :object_from");
    2819. 

  2819. 		$stmt->execute(array(':object' => $object, ':object_from' => $object_from));
    2820. 

  2820. 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    2821. 

  2821. 	}
    2822. 

  2822. 	catch(PDOException $e) {
    2823. 

  2823. 		$_SESSION['return'] = array(
    2824. 

  2824. 			'type' => 'danger',
    2825. 

  2825. 			'msg' => 'MySQL: '.$e
    2826. 

  2826. 		);
    2827. 

  2827. 		return false;
    2828. 

  2828. 	}
    2829. 

  2829. 	if ($num_results != 0) {
    2830. 

  2830. 		$_SESSION['return'] = array(
    2831. 

  2831. 			'type' => 'danger',
    2832. 

  2832. 			'msg' => sprintf($lang['danger']['policy_list_from_exists'])
    2833. 

  2833. 		);
    2834. 

  2834. 		return false;
    2835. 

  2835. 	}
    2836. 

  2836. 	try {
    2837. 

  2837. 		$stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)
    2838. 

  2838. 			VALUES (:object, :object_list, :object_from)");
    2839. 

  2839. 		$stmt->execute(array(
    2840. 

  2840. 			':object' => $object,
    2841. 

  2841. 			':object_list' => $object_list,
    2842. 

  2842. 			':object_from' => $object_from
    2843. 

  2843. 		));
    2844. 

  2844. 	}
    2845. 

  2845. 	catch (PDOException $e) {
    2846. 

  2846. 		$_SESSION['return'] = array(
    2847. 

  2847. 			'type' => 'danger',
    2848. 

  2848. 			'msg' => 'MySQL: '.$e
    2849. 

  2849. 		);
    2850. 

  2850. 		return false;
    2851. 

  2851. 	}
    2852. 

  2852. 	$_SESSION['return'] = array(
    2853. 

  2853. 		'type' => 'success',
    2854. 

  2854. 		'msg' => sprintf($lang['success']['mailbox_modified'], $object)
    2855. 

  2855. 	);
    2856. 

  2856. }
    2857. 

  2857. function set_tls_policy($postarray) {
    2858. 

  2858. 	global $lang;
    2859. 

  2859. 	global $pdo;
    2860. 

  2860. 	if ($_SESSION['mailcow_cc_role'] != "user") {
    2861. 

  2861. 		$_SESSION['return'] = array(
    2862. 

  2862. 			'type' => 'danger',
    2863. 

  2863. 			'msg' => sprintf($lang['danger']['access_denied'])
    2864. 

  2864. 		);
    2865. 

  2865. 		return false;
    2866. 

  2866. 	}
    2867. 

  2867. 	isset($postarray['tls_in']) ? $tls_in = '1' : $tls_in = '0';
    2868. 

  2868. 	isset($postarray['tls_out']) ? $tls_out = '1' : $tls_out = '0';
    2869. 

  2869. 	$username = $_SESSION['mailcow_cc_username'];
    2870. 

  2870. 	if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
    2871. 

  2871. 		$_SESSION['return'] = array(
    2872. 

  2872. 			'type' => 'danger',
    2873. 

  2873. 			'msg' => sprintf($lang['danger']['username_invalid'])
    2874. 

  2874. 		);
    2875. 

  2875. 		return false;
    2876. 

  2876. 	}
    2877. 

  2877. 	try {
    2878. 

  2878. 		$stmt = $pdo->prepare("UPDATE `mailbox` SET `tls_enforce_out` = :tls_out, `tls_enforce_in` = :tls_in WHERE `username` = :username");
    2879. 

  2879. 		$stmt->execute(array(
    2880. 

  2880. 			':tls_out' => $tls_out,
    2881. 

  2881. 			':tls_in' => $tls_in,
    2882. 

  2882. 			':username' => $username
    2883. 

  2883. 		));
    2884. 

  2884. 	}
    2885. 

  2885. 	catch (PDOException $e) {
    2886. 

  2886. 		$_SESSION['return'] = array(
    2887. 

  2887. 			'type' => 'danger',
    2888. 

  2888. 			'msg' => 'MySQL: '.$e
    2889. 

  2889. 		);
    2890. 

  2890. 		return false;
    2891. 

  2891. 	}
    2892. 

  2892. 	$_SESSION['return'] = array(
    2893. 

  2893. 		'type' => 'success',
    2894. 

  2894. 		'msg' => sprintf($lang['success']['mailbox_modified'], $username)
    2895. 

  2895. 	);
    2896. 

  2896. }
    2897. 

  2897. function set_syncjob($postarray, $action) {
    2898. 

  2898. 	global $lang;
    2899. 

  2899. 	global $pdo;
    2900. 

  2900.   $username = $_SESSION['mailcow_cc_username'];
    2901. 

  2901.   if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
    2902. 

  2902.     $_SESSION['return'] = array(
    2903. 

  2903.       'type' => 'danger',
    2904. 

  2904.       'msg' => sprintf($lang['danger']['access_denied'])
    2905. 

  2905.     );
    2906. 

  2906.     return false;
    2907. 

  2907.   }
    2908. 

  2908.   if ($_SESSION['mailcow_cc_role'] != "user") {
    2909. 

  2909.     $_SESSION['return'] = array(
    2910. 

  2910.       'type' => 'danger',
    2911. 

  2911.       'msg' => sprintf($lang['danger']['access_denied'])
    2912. 

  2912.     );
    2913. 

  2913.     return false;
    2914. 

  2914.   }
    2915. 

  2915.   // DELETE
    2916. 

  2916.   if ($action == "delete") {
    2917. 

  2917.     $id = $postarray['id'];
    2918. 

  2918.     if (!is_numeric($id)) {
    2919. 

  2919.       $_SESSION['return'] = array(
    2920. 

  2920.         'type' => 'danger',
    2921. 

  2921.         'msg' => sprintf($lang['danger']['access_denied'])
    2922. 

  2922.       );
    2923. 

  2923.       return false;
    2924. 

  2924.     }
    2925. 

  2925.     try {
    2926. 

  2926.       $stmt = $pdo->prepare("DELETE FROM `imapsync` WHERE `user2` = :username AND `id`= :id");
    2927. 

  2927.       $stmt->execute(array(
    2928. 

  2928.         ':username' => $username,
    2929. 

  2929.         ':id' => $id,
    2930. 

  2930.       ));
    2931. 

  2931.     }
    2932. 

  2932.     catch (PDOException $e) {
    2933. 

  2933.       $_SESSION['return'] = array(
    2934. 

  2934.         'type' => 'danger',
    2935. 

  2935.         'msg' => 'MySQL: '.$e
    2936. 

  2936.       );
    2937. 

  2937.       return false;
    2938. 

  2938.     }
    2939. 

  2939.     $_SESSION['return'] = array(
    2940. 

  2940.       'type' => 'success',
    2941. 

  2941.       'msg' => sprintf($lang['success']['mailbox_modified'], htmlspecialchars($username))
    2942. 

  2942.     );
    2943. 

  2943.     return true;
    2944. 

  2944.   }
    2945. 

  2945.   // ADD
    2946. 

  2946.   elseif ($action == "add") {
    2947. 

  2947.     isset($postarray['active']) ? $active = '1' : $active = '0';
    2948. 

  2948.     isset($postarray['delete2duplicates']) ? $delete2duplicates = '1' : $delete2duplicates = '0';
    2949. 

  2949.     $port1            = $postarray['port1'];
    2950. 

  2950.     $host1            = $postarray['host1'];
    2951. 

  2951.     $password1        = $postarray['password1'];
    2952. 

  2952.     $exclude          = $postarray['exclude'];
    2953. 

  2953.     $maxage           = $postarray['maxage'];
    2954. 

  2954.     $subfolder2       = $postarray['subfolder2'];
    2955. 

  2955.     $user1            = $postarray['user1'];
    2956. 

  2956.     $mins_interval    = $postarray['mins_interval'];
    2957. 

  2957.     $enc1             = $postarray['enc1'];
    2958. 

  2958. 

  2959.     if (empty($subfolder2)) {
    2960. 

  2960.       $subfolder2 = "";
    2961. 

  2961.     }
    2962. 

  2962.     if (empty($maxage)) {
    2963. 

  2963.       $maxage = 0;
    2964. 

  2964.     }
    2965. 

  2965. 

  2966.     if (!filter_var($maxage, FILTER_VALIDATE_INT, array('options' => array('min_range' => 0, 'max_range' => 32767)))) {
    2967. 

  2967.       $_SESSION['return'] = array(
    2968. 

  2968.         'type' => 'danger',
    2969. 

  2969.         'msg' => sprintf($lang['danger']['access_denied'])
    2970. 

  2970.       );
    2971. 

  2971.       return false;
    2972. 

  2972.     }
    2973. 

  2973.     if (!filter_var($port1, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 65535)))) {
    2974. 

  2974.       $_SESSION['return'] = array(
    2975. 

  2975.         'type' => 'danger',
    2976. 

  2976.         'msg' => sprintf($lang['danger']['access_denied'])
    2977. 

  2977.       );
    2978. 

  2978.       return false;
    2979. 

  2979.     }
    2980. 

  2980.     if (!filter_var($mins_interval, FILTER_VALIDATE_INT, array('options' => array('min_range' => 10, 'max_range' => 3600)))) {
    2981. 

  2981.       $_SESSION['return'] = array(
    2982. 

  2982.         'type' => 'danger',
    2983. 

  2983.         'msg' => sprintf($lang['danger']['access_denied'])
    2984. 

  2984.       );
    2985. 

  2985.       return false;
    2986. 

  2986.     }
    2987. 

  2987.     if (!is_valid_domain_name($host1)) {
    2988. 

  2988.       $_SESSION['return'] = array(
    2989. 

  2989.         'type' => 'danger',
    2990. 

  2990.         'msg' => sprintf($lang['danger']['access_denied'])
    2991. 

  2991.       );
    2992. 

  2992.       return false;
    2993. 

  2993.     }
    2994. 

  2994.     if ($enc1 != "TLS" && $enc1 != "SSL" && $enc1 != "PLAIN") {
    2995. 

  2995.       $_SESSION['return'] = array(
    2996. 

  2996.         'type' => 'danger',
    2997. 

  2997.         'msg' => sprintf($lang['danger']['access_denied'])
    2998. 

  2998.       );
    2999. 

  2999.       return false;
    3000. 

  3000.     }
    3001. 

  3001.     if (@preg_match("/" . $exclude . "/", null) === false) {
    3002. 

  3002.       $_SESSION['return'] = array(
    3003. 

  3003.         'type' => 'danger',
    3004. 

  3004.         'msg' => sprintf($lang['danger']['access_denied'])
    3005. 

  3005.       );
    3006. 

  3006.       return false;
    3007. 

  3007.     }
    3008. 

  3008.     try {
    3009. 

  3009.       $stmt = $pdo->prepare("SELECT `user2`, `user1` FROM `imapsync`
    3010. 

  3010.         WHERE `user2` = :user2 AND `user1` = :user1");
    3011. 

  3011.       $stmt->execute(array(':user1' => $user1, ':user2' => $username));
    3012. 

  3012.       $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    3013. 

  3013.     }
    3014. 

  3014.     catch(PDOException $e) {
    3015. 

  3015.       $_SESSION['return'] = array(
    3016. 

  3016.         'type' => 'danger',
    3017. 

  3017.         'msg' => 'MySQL: '.$e
    3018. 

  3018.       );
    3019. 

  3019.       return false;
    3020. 

  3020.     }
    3021. 

  3021.     if ($num_results != 0) {
    3022. 

  3022.       $_SESSION['return'] = array(
    3023. 

  3023.         'type' => 'danger',
    3024. 

  3024.         'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($host1 . ' / ' . $user1))
    3025. 

  3025.       );
    3026. 

  3026.       return false;
    3027. 

  3027.     }
    3028. 

  3028.     try {
    3029. 

  3029.       $stmt = $pdo->prepare("INSERT INTO `imapsync` (`user2`, `exclude`, `maxage`, `subfolder2`, `host1`, `authmech1`, `user1`, `password1`, `mins_interval`, `port1`, `enc1`, `delete2duplicates`, `active`)
    3030. 

  3030.         VALUES (:user2, :exclude, :maxage, :subfolder2, :host1, :authmech1, :user1, :password1, :mins_interval, :port1, :enc1, :delete2duplicates, :active)");
    3031. 

  3031.       $stmt->execute(array(
    3032. 

  3032.         ':user2' => $username,
    3033. 

  3033.         ':exclude' => $exclude,
    3034. 

  3034.         ':maxage' => $maxage,
    3035. 

  3035.         ':subfolder2' => $subfolder2,
    3036. 

  3036.         ':host1' => $host1,
    3037. 

  3037.         ':authmech1' => 'PLAIN',
    3038. 

  3038.         ':user1' => $user1,
    3039. 

  3039.         ':password1' => $password1,
    3040. 

  3040.         ':mins_interval' => $mins_interval,
    3041. 

  3041.         ':port1' => $port1,
    3042. 

  3042.         ':enc1' => $enc1,
    3043. 

  3043.         ':delete2duplicates' => $delete2duplicates,
    3044. 

  3044.         ':active' => $active,
    3045. 

  3045.       ));
    3046. 

  3046.     }
    3047. 

  3047.     catch(PDOException $e) {
    3048. 

  3048.       $_SESSION['return'] = array(
    3049. 

  3049.         'type' => 'danger',
    3050. 

  3050.         'msg' => 'MySQL: '.$e
    3051. 

  3051.       );
    3052. 

  3052.       return false;
    3053. 

  3053.     }
    3054. 

  3054.     $_SESSION['return'] = array(
    3055. 

  3055.       'type' => 'success',
    3056. 

  3056.       'msg' => sprintf($lang['success']['mailbox_modified'], $username)
    3057. 

  3057.     );
    3058. 

  3058.     return true;
    3059. 

  3059.   }
    3060. 

  3060.   // EDIT
    3061. 

  3061.   elseif ($action == "edit") {
    3062. 

  3062.     isset($postarray['active']) ? $active = '1' : $active = '0';
    3063. 

  3063.     isset($postarray['delete2duplicates']) ? $delete2duplicates = '1' : $delete2duplicates = '0';
    3064. 

  3064.     $id               = $postarray['id'];
    3065. 

  3065.     $port1            = $postarray['port1'];
    3066. 

  3066.     $host1            = $postarray['host1'];
    3067. 

  3067.     $password1        = $postarray['password1'];
    3068. 

  3068.     $exclude          = $postarray['exclude'];
    3069. 

  3069.     $maxage           = $postarray['maxage'];
    3070. 

  3070.     $subfolder2       = $postarray['subfolder2'];
    3071. 

  3071.     $user1            = $postarray['user1'];
    3072. 

  3072.     $mins_interval    = $postarray['mins_interval'];
    3073. 

  3073.     $enc1             = $postarray['enc1'];
    3074. 

  3074. 

  3075.     if (empty($subfolder2)) {
    3076. 

  3076.       $subfolder2 = "";
    3077. 

  3077.     }
    3078. 

  3078.     if (empty($maxage)) {
    3079. 

  3079.       $maxage = 0;
    3080. 

  3080.     }
    3081. 

  3081. 

  3082.     if (!filter_var($maxage, FILTER_VALIDATE_INT, array('options' => array('min_range' => 0, 'max_range' => 32767)))) {
    3083. 

  3083.       $_SESSION['return'] = array(
    3084. 

  3084.         'type' => 'danger',
    3085. 

  3085.         'msg' => sprintf($lang['danger']['access_denied'])
    3086. 

  3086.       );
    3087. 

  3087.       return false;
    3088. 

  3088.     }
    3089. 

  3089.     if (!filter_var($port1, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 65535)))) {
    3090. 

  3090.       $_SESSION['return'] = array(
    3091. 

  3091.         'type' => 'danger',
    3092. 

  3092.         'msg' => sprintf($lang['danger']['access_denied'])
    3093. 

  3093.       );
    3094. 

  3094.       return false;
    3095. 

  3095.     }
    3096. 

  3096.     if (!filter_var($mins_interval, FILTER_VALIDATE_INT, array('options' => array('min_range' => 10, 'max_range' => 3600)))) {
    3097. 

  3097.       $_SESSION['return'] = array(
    3098. 

  3098.         'type' => 'danger',
    3099. 

  3099.         'msg' => sprintf($lang['danger']['access_denied'])
    3100. 

  3100.       );
    3101. 

  3101.       return false;
    3102. 

  3102.     }
    3103. 

  3103.     if (!is_valid_domain_name($host1)) {
    3104. 

  3104.       $_SESSION['return'] = array(
    3105. 

  3105.         'type' => 'danger',
    3106. 

  3106.         'msg' => sprintf($lang['danger']['access_denied'])
    3107. 

  3107.       );
    3108. 

  3108.       return false;
    3109. 

  3109.     }
    3110. 

  3110.     if ($enc1 != "TLS" && $enc1 != "SSL" && $enc1 != "PLAIN") {
    3111. 

  3111.       $_SESSION['return'] = array(
    3112. 

  3112.         'type' => 'danger',
    3113. 

  3113.         'msg' => sprintf($lang['danger']['access_denied'])
    3114. 

  3114.       );
    3115. 

  3115.       return false;
    3116. 

  3116.     }
    3117. 

  3117.     if (@preg_match("/" . $exclude . "/", null) === false) {
    3118. 

  3118.       $_SESSION['return'] = array(
    3119. 

  3119.         'type' => 'danger',
    3120. 

  3120.         'msg' => sprintf($lang['danger']['access_denied'])
    3121. 

  3121.       );
    3122. 

  3122.       return false;
    3123. 

  3123.     }
    3124. 

  3124.     try {
    3125. 

  3125.       $stmt = $pdo->prepare("SELECT `user2` FROM `imapsync`
    3126. 

  3126.         WHERE `user2` = :user2 AND `id` = :id");
    3127. 

  3127.       $stmt->execute(array(':user2' => $username, ':id' => $id));
    3128. 

  3128.       $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
    3129. 

  3129.     }
    3130. 

  3130.     catch(PDOException $e) {
    3131. 

  3131.       $_SESSION['return'] = array(
    3132. 

  3132.         'type' => 'danger',
    3133. 

  3133.         'msg' => 'MySQL: '.$e
    3134. 

  3134.       );
    3135. 

  3135.       return false;
    3136. 

  3136.     }
    3137. 

  3137.     if (empty($num_results)) {
    3138. 

  3138.       $_SESSION['return'] = array(
    3139. 

  3139.         'type' => 'danger',
    3140. 

  3140.         'msg' => sprintf($lang['danger']['access_denied'])
    3141. 

  3141.       );
    3142. 

  3142.       return false;
    3143. 

  3143.     }
    3144. 

  3144.     try {
    3145. 

  3145.       $stmt = $pdo->prepare("UPDATE `imapsync` set `maxage` = :maxage, `subfolder2` = :subfolder2, `exclude` = :exclude, `host1` = :host1, `user1` = :user1, `password1` = :password1, `mins_interval` = :mins_interval, `port1` = :port1, `enc1` = :enc1, `delete2duplicates` = :delete2duplicates, `active` = :active
    3146. 

  3146.         WHERE `user2` = :user2 AND `id` = :id");
    3147. 

  3147.       $stmt->execute(array(
    3148. 

  3148.         ':user2' => $username,
    3149. 

  3149.         ':id' => $id,
    3150. 

  3150.         ':exclude' => $exclude,
    3151. 

  3151.         ':maxage' => $maxage,
    3152. 

  3152.         ':subfolder2' => $subfolder2,
    3153. 

  3153.         ':host1' => $host1,
    3154. 

  3154.         ':user1' => $user1,
    3155. 

  3155.         ':password1' => $password1,
    3156. 

  3156.         ':mins_interval' => $mins_interval,
    3157. 

  3157.         ':port1' => $port1,
    3158. 

  3158.         ':enc1' => $enc1,
    3159. 

  3159.         ':delete2duplicates' => $delete2duplicates,
    3160. 

  3160.         ':active' => $active,
    3161. 

  3161.       ));
    3162. 

  3162.     }
    3163. 

  3163.     catch(PDOException $e) {
    3164. 

  3164.       $_SESSION['return'] = array(
    3165. 

  3165.         'type' => 'danger',
    3166. 

  3166.         'msg' => 'MySQL: '.$e
    3167. 

  3167.       );
    3168. 

  3168.       return false;
    3169. 

  3169.     }
    3170. 

  3170.     $_SESSION['return'] = array(
    3171. 

  3171.       'type' => 'success',
    3172. 

  3172.       'msg' => sprintf($lang['success']['mailbox_modified'], $username)
    3173. 

  3173.     );
    3174. 

  3174.     return true;
    3175. 

  3175.   }
    3176. 

  3176. }
    3177. 

  3177. function get_tls_policy($username) {
    3178. 

  3178. 	global $lang;
    3179. 

  3179. 	global $pdo;
    3180. 

  3180. 	if ($_SESSION['mailcow_cc_role'] != "user") {
    3181. 

  3181. 		return false;
    3182. 

  3182. 	}
    3183. 

  3183. 	if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
    3184. 

  3184. 		$_SESSION['return'] = array(
    3185. 

  3185. 			'type' => 'danger',
    3186. 

  3186. 			'msg' => sprintf($lang['danger']['username_invalid'])
    3187. 

  3187. 		);
    3188. 

  3188. 		return false;
    3189. 

  3189. 	}
    3190. 

  3190. 	try {
    3191. 

  3191. 		$stmt = $pdo->prepare("SELECT `tls_enforce_out`, `tls_enforce_in` FROM `mailbox` WHERE `username` = :username");
    3192. 

  3192. 		$stmt->execute(array(':username' => $username));
    3193. 

  3193. 		$TLSData = $stmt->fetch(PDO::FETCH_ASSOC);
    3194. 

  3194. 	}
    3195. 

  3195. 	catch(PDOException $e) {
    3196. 

  3196. 		$_SESSION['return'] = array(
    3197. 

  3197. 			'type' => 'danger',
    3198. 

  3198. 			'msg' => 'MySQL: '.$e
    3199. 

  3199. 		);
    3200. 

  3200. 		return false;
    3201. 

  3201. 	}
    3202. 

  3202. 	return $TLSData;
    3203. 

  3203. }
    3204. 

  3204. function remaining_specs($domain, $object = null, $js = null) {
    3205. 

  3205. 	// left_m	without object given	= MiB left in domain
    3206. 

  3206. 	// left_m	with object given		= Max. MiB we can assign to given object
    3207. 

  3207. 	// limit_m							= Domain limit in MiB
    3208. 

  3208. 	// left_c							= Mailboxes we can create depending on domain quota
    3209. 

  3209. 	global $pdo;
    3210. 

  3210. 	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
    3211. 

  3211. 		return false;
    3212. 

  3212. 	}
    3213. 

  3213. 	try {
    3214. 

  3214. 		$stmt = $pdo->prepare("SELECT `mailboxes`, `maxquota`, `quota` FROM `domain` WHERE `domain` = :domain");
    3215. 

  3215. 		$stmt->execute(array(':domain' => $domain));
    3216. 

  3216. 		$DomainData			= $stmt->fetch(PDO::FETCH_ASSOC);
    3217. 

  3217. 

  3218. 		$stmt = $pdo->prepare("SELECT COUNT(*) AS `count`, COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `in_use_m` FROM `mailbox` WHERE `domain` = :domain AND `username` != :object");
    3219. 

  3219. 		$stmt->execute(array(':domain' => $domain, ':object' => $object));
    3220. 

  3220. 		$MailboxDataDomain	= $stmt->fetch(PDO::FETCH_ASSOC);
    3221. 

  3221. 

  3222. 		$quota_left_m	= $DomainData['quota']		- $MailboxDataDomain['in_use_m'];
    3223. 

  3223. 		$mboxs_left		= $DomainData['mailboxes']	- $MailboxDataDomain['count'];
    3224. 

  3224. 

  3225. 		if ($quota_left_m > $DomainData['maxquota']) {
    3226. 

  3226. 			$quota_left_m = $DomainData['maxquota'];
    3227. 

  3227. 		}
    3228. 

  3228. 

  3229. 	}
    3230. 

  3230. 	catch (PDOException $e) {
    3231. 

  3231. 		return false;
    3232. 

  3232. 	}
    3233. 

  3233. 	if (is_numeric($quota_left_m)) {
    3234. 

  3234. 		$spec['left_m']		= $quota_left_m;
    3235. 

  3235. 		$spec['limit_m']	= $DomainData['maxquota'];
    3236. 

  3236. 	}
    3237. 

  3237. 	if (is_numeric($mboxs_left)) {
    3238. 

  3238. 		$spec['left_c']		= $mboxs_left;
    3239. 

  3239. 	}
    3240. 

  3240. 	if (!empty($js)) {
    3241. 

  3241. 		echo $quota_left_m;
    3242. 

  3242. 		exit;
    3243. 

  3243. 	}
    3244. 

  3244. 	return $spec;
    3245. 

  3245. }
    3246. 

  3246. function get_sender_acl_handles($mailbox, $which) {
    3247. 

  3247. 	global $pdo;
    3248. 

  3248. 	if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
    3249. 

  3249. 		return false;
    3250. 

  3250. 	}
    3251. 

  3251. 	switch ($which) {
    3252. 

  3252. 		case "preselected":
    3253. 

  3253. 			try {
    3254. 

  3254. 				$stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` = :goto AND `address` NOT LIKE '@%'");
    3255. 

  3255. 				$stmt->execute(array(':goto' => $mailbox));
    3256. 

  3256. 				$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    3257. 

  3257. 				return $rows;
    3258. 

  3258. 			}
    3259. 

  3259. 			catch(PDOException $e) {
    3260. 

  3260. 				$_SESSION['return'] = array(
    3261. 

  3261. 					'type' => 'danger',
    3262. 

  3262. 					'msg' => 'MySQL: '.$e
    3263. 

  3263. 				);
    3264. 

  3264. 				return false;
    3265. 

  3265. 			}
    3266. 

  3266. 			break;
    3267. 

  3267. 		case "selected":
    3268. 

  3268. 			try {
    3269. 

  3269. 				$stmt = $pdo->prepare("SELECT `send_as` FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as");
    3270. 

  3270. 				$stmt->execute(array(':logged_in_as' => $mailbox));
    3271. 

  3271. 				$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    3272. 

  3272. 				return $rows;
    3273. 

  3273. 			}
    3274. 

  3274. 			catch(PDOException $e) {
    3275. 

  3275. 				$_SESSION['return'] = array(
    3276. 

  3276. 					'type' => 'danger',
    3277. 

  3277. 					'msg' => 'MySQL: '.$e
    3278. 

  3278. 				);
    3279. 

  3279. 				return false;
    3280. 

  3280. 			}
    3281. 

  3281. 			break;
    3282. 

  3282. 		case "unselected-domains":
    3283. 

  3283. 			try {
    3284. 

  3284. 				if ($_SESSION['mailcow_cc_role'] == "admin"  ) {
    3285. 

  3285. 					$stmt = $pdo->prepare("SELECT DISTINCT `domain` FROM `domain`
    3286. 

  3286. 						WHERE `domain` NOT IN (
    3287. 

  3287. 							SELECT REPLACE(`send_as`, '@', '') FROM `sender_acl` 
    3288. 

  3288. 								WHERE `logged_in_as` = :logged_in_as)
    3289. 

  3289. 						AND	`domain` NOT IN (
    3290. 

  3290. 								SELECT REPLACE(`address`, '@', '') FROM `alias` 
    3291. 

  3291. 									WHERE `goto` = :goto)");
    3292. 

  3292. 					$stmt->execute(array(
    3293. 

  3293. 						':logged_in_as' => $mailbox,
    3294. 

  3294. 						':goto' => $mailbox,
    3295. 

  3295. 					));
    3296. 

  3296. 				}
    3297. 

  3297. 				else {
    3298. 

  3298. 					$stmt = $pdo->prepare("SELECT DISTINCT `domain` FROM `domain_admins`
    3299. 

  3299. 						WHERE `username` = :username
    3300. 

  3300. 							AND `domain` != 'ALL'
    3301. 

  3301. 							AND	`domain` NOT IN (
    3302. 

  3302. 								SELECT REPLACE(`send_as`, '@', '') FROM `sender_acl` 
    3303. 

  3303. 									WHERE `logged_in_as` = :logged_in_as)");
    3304. 

  3304. 					$stmt->execute(array(
    3305. 

  3305. 						':logged_in_as' => $mailbox,
    3306. 

  3306. 						':username' => $_SESSION['mailcow_cc_username']
    3307. 

  3307. 					));
    3308. 

  3308. 				}
    3309. 

  3309. 				$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    3310. 

  3310. 				return $rows;
    3311. 

  3311. 			}
    3312. 

  3312. 			catch(PDOException $e) {
    3313. 

  3313. 				$_SESSION['return'] = array(
    3314. 

  3314. 					'type' => 'danger',
    3315. 

  3315. 					'msg' => 'MySQL: '.$e
    3316. 

  3316. 				);
    3317. 

  3317. 				return false;
    3318. 

  3318. 			}
    3319. 

  3319. 			break;
    3320. 

  3320. 		case "unselected-addresses":
    3321. 

  3321. 			try {
    3322. 

  3322. 				if ($_SESSION['mailcow_cc_role'] == "admin"  ) {
    3323. 

  3323. 					$stmt = $pdo->prepare("SELECT `address` FROM `alias`
    3324. 

  3324. 						WHERE `goto` != :goto
    3325. 

  3325. 							AND `address` NOT IN (
    3326. 

  3326. 								SELECT `send_as` FROM `sender_acl` 
    3327. 

  3327. 									WHERE `logged_in_as` = :logged_in_as)");
    3328. 

  3328. 					$stmt->execute(array(
    3329. 

  3329. 						':logged_in_as' => $mailbox,
    3330. 

  3330. 						':goto' => $mailbox
    3331. 

  3331. 					));
    3332. 

  3332. 				}
    3333. 

  3333. 				else {
    3334. 

  3334. 					$stmt = $pdo->prepare("SELECT `address` FROM `alias`
    3335. 

  3335. 						WHERE `goto` != :goto
    3336. 

  3336. 							AND `domain` IN (
    3337. 

  3337. 								SELECT `domain` FROM `domain_admins`
    3338. 

  3338. 									WHERE `username` = :username)
    3339. 

  3339. 							AND `address` NOT IN (
    3340. 

  3340. 								SELECT `send_as` FROM `sender_acl` 
    3341. 

  3341. 									WHERE `logged_in_as` = :logged_in_as)");
    3342. 

  3342. 					$stmt->execute(array(
    3343. 

  3343. 						':logged_in_as' => $mailbox,
    3344. 

  3344. 						':goto' => $mailbox,
    3345. 

  3345. 						':username' => $_SESSION['mailcow_cc_username']
    3346. 

  3346. 					));
    3347. 

  3347. 				}
    3348. 

  3348. 				$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    3349. 

  3349. 				return $rows;
    3350. 

  3350. 			}
    3351. 

  3351. 			catch(PDOException $e) {
    3352. 

  3352. 				$_SESSION['return'] = array(
    3353. 

  3353. 					'type' => 'danger',
    3354. 

  3354. 					'msg' => 'MySQL: '.$e
    3355. 

  3355. 				);
    3356. 

  3356. 				return false;
    3357. 

  3357. 			}
    3358. 

  3358. 			break;
    3359. 

  3359. 	}
    3360. 

  3360. 	return false;
    3361. 

  3361. }
    3362. 

  3362. function tagging_options($action, $data = null) {
    3363. 

  3363. 	global $lang;
    3364. 

  3364. 	global $pdo;
    3365. 

  3365.   $username	= $_SESSION['mailcow_cc_username'];
    3366. 

  3366.   if ($action == "get") {
    3367. 

  3367.     if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
    3368. 

  3368.       return false;
    3369. 

  3369.     }
    3370. 

  3370.     try {
    3371. 

  3371.       $stmt = $pdo->prepare("SELECT `wants_tagged_subject` FROM `mailbox` WHERE `username` = :username");
    3372. 

  3372.       $stmt->execute(array(':username' => $username));
    3373. 

  3373.       $SelectData = $stmt->fetch(PDO::FETCH_ASSOC);
    3374. 

  3374.     }
    3375. 

  3375.     catch(PDOException $e) {
    3376. 

  3376.       $_SESSION['return'] = array(
    3377. 

  3377.         'type' => 'danger',
    3378. 

  3378.         'msg' => 'MySQL: '.$e
    3379. 

  3379.       );
    3380. 

  3380.       return false;
    3381. 

  3381.     }
    3382. 

  3382.     return $SelectData['wants_tagged_subject'];
    3383. 

  3383.   }
    3384. 

  3384.   elseif ($action == "set") {
    3385. 

  3385.     ($data['tagged_mail_handler'] == "subject") ? $wants_tagged_subject = '1' : $wants_tagged_subject = '0';
    3386. 

  3386.     if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
    3387. 

  3387.       $_SESSION['return'] = array(
    3388. 

  3388.         'type' => 'danger',
    3389. 

  3389.         'msg' => sprintf($lang['danger']['username_invalid'])
    3390. 

  3390.       );
    3391. 

  3391.       return false;
    3392. 

  3392.     }
    3393. 

  3393.     try {
    3394. 

  3394.       $stmt = $pdo->prepare("UPDATE `mailbox` SET `wants_tagged_subject` = :wants_tagged_subject WHERE `username` = :username");
    3395. 

  3395.       $stmt->execute(array(':username' => $username, ':wants_tagged_subject' => $wants_tagged_subject));
    3396. 

  3396.       $SelectData = $stmt->fetch(PDO::FETCH_ASSOC);
    3397. 

  3397.     }
    3398. 

  3398.     catch(PDOException $e) {
    3399. 

  3399.       $_SESSION['return'] = array(
    3400. 

  3400.         'type' => 'danger',
    3401. 

  3401.         'msg' => 'MySQL: '.$e
    3402. 

  3402.       );
    3403. 

  3403.       return false;
    3404. 

  3404.     }
    3405. 

  3405.     $_SESSION['return'] = array(
    3406. 

  3406.       'type' => 'success',
    3407. 

  3407.       'msg' => sprintf($lang['success']['mailbox_modified'], $username)
    3408. 

  3408.     );
    3409. 

  3409.   }
    3410. 

  3410.   return false;
    3411. 

  3411. }
    3412. 

  3412. function user_get_alias_details($username) {
    3413. 

  3413. 	global $lang;
    3414. 

  3414. 	global $pdo;
    3415. 

  3415.   if ($_SESSION['mailcow_cc_role'] == "user") {
    3416. 

  3416.     $username	= $_SESSION['mailcow_cc_username'];
    3417. 

  3417.   }
    3418. 

  3418.   if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
    3419. 

  3419.     return false;
    3420. 

  3420.   }
    3421. 

  3421.   try {
    3422. 

  3422.     $data['address'] = $username;
    3423. 

  3423.     $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(`address` SEPARATOR ', '), '&#10008;') AS `aliases` FROM `alias` WHERE `goto` = :username_goto AND `address` NOT LIKE '@%' AND `address` != :username_address");
    3424. 

  3424.     $stmt->execute(array(':username_goto' => $username, ':username_address' => $username));
    3425. 

  3425.     $run = $stmt->fetchAll(PDO::FETCH_ASSOC);
    3426. 

  3426.     while ($row = array_shift($run)) {
    3427. 

  3427.       $data['aliases'] = $row['aliases'];
    3428. 

  3428.     }
    3429. 

  3429.     $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ', '), '&#10008;') AS `ad_alias` FROM `mailbox`
    3430. 

  3430.       LEFT OUTER JOIN `alias_domain` on `target_domain` = `domain`
    3431. 

  3431.         WHERE `username` = :username ;");
    3432. 

  3432.     $stmt->execute(array(':username' => $username));
    3433. 

  3433.     $run = $stmt->fetchAll(PDO::FETCH_ASSOC);
    3434. 

  3434.     while ($row = array_shift($run)) {
    3435. 

  3435.       $data['ad_alias'] = $row['ad_alias'];
    3436. 

  3436.     }
    3437. 

  3437.     $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(`send_as` SEPARATOR ', '), '&#10008;') AS `send_as` FROM `sender_acl` WHERE `logged_in_as` = :username AND `send_as` NOT LIKE '@%';");
    3438. 

  3438.     $stmt->execute(array(':username' => $username));
    3439. 

  3439.     $run = $stmt->fetchAll(PDO::FETCH_ASSOC);
    3440. 

  3440.     while ($row = array_shift($run)) {
    3441. 

  3441.       $data['aliases_also_send_as'] = $row['send_as'];
    3442. 

  3442.     }
    3443. 

  3443.     $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(`send_as` SEPARATOR ', '), '&#10008;') AS `send_as` FROM `sender_acl` WHERE `logged_in_as` = :username AND `send_as` LIKE '@%';");
    3444. 

  3444.     $stmt->execute(array(':username' => $username));
    3445. 

  3445.     $run = $stmt->fetchAll(PDO::FETCH_ASSOC);
    3446. 

  3446.     while ($row = array_shift($run)) {
    3447. 

  3447.       $data['aliases_send_as_all'] = $row['send_as'];
    3448. 

  3448.     }
    3449. 

  3449.     $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(`address` SEPARATOR ', '), '&#10008;') as `address` FROM `alias` WHERE `goto` = :username AND `address` LIKE '@%';");
    3450. 

  3450.     $stmt->execute(array(':username' => $username));
    3451. 

  3451.     $run = $stmt->fetchAll(PDO::FETCH_ASSOC);
    3452. 

  3452.     while ($row = array_shift($run)) {
    3453. 

  3453.       $data['is_catch_all'] = $row['address'];
    3454. 

  3454.     }
    3455. 

  3455.     return $data;
    3456. 

  3456.   }
    3457. 

  3457.   catch(PDOException $e) {
    3458. 

  3458.     $_SESSION['return'] = array(
    3459. 

  3459.       'type' => 'danger',
    3460. 

  3460.       'msg' => 'MySQL: '.$e
    3461. 

  3461.     );
    3462. 

  3462.     return false;
    3463. 

  3463.   }
    3464. 

  3464. }
    3465. 

  3465. function is_valid_domain_name($domain_name) { 
    3466. 

  3466. 	if (empty($domain_name)) {
    3467. 

  3467. 		return false;
    3468. 

  3468. 	}
    3469. 

  3469. 	$domain_name = idn_to_ascii($domain_name);
    3470. 

  3470. 	return (preg_match("/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i", $domain_name)
    3471. 

  3471. 		   && preg_match("/^.{1,253}$/", $domain_name)
    3472. 

  3472. 		   && preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain_name));
    3473. 

  3473. }
    3474. 

  3474. ?>
    3475.