Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

[Web] Various fixes for app passwd functions

Browse Source
This commit is contained in:
andryyy 2019-12-21 22:25:09 +01:00
parent 0b224d1e07
commit aece2558df
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
2 changed files with 46 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
data/web/inc/functions.app_passwd.inc.php
View File

@ -59,7 +59,6 @@ function app_passwd($_action, $_data = null) {
); );
return false; return false;
} }
try {
$stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `active`) $stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `active`)
VALUES (:app_name, :mailbox, :domain, :password, :active)"); VALUES (:app_name, :mailbox, :domain, :password, :active)");
$stmt->execute(array( $stmt->execute(array(
@ -69,15 +68,6 @@ function app_passwd($_action, $_data = null) {
':password' => $password_hashed, ':password' => $password_hashed,
':active' => $active ':active' => $active
)); ));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
return false;
}
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'success', 'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log), 'log' => array(__FUNCTION__, $_action, $_data_log),
@ -130,7 +120,6 @@ function app_passwd($_action, $_data = null) {
':id' => $id ':id' => $id
)); ));
} }
try {
$stmt = $pdo->prepare("UPDATE `app_passwd` SET $stmt = $pdo->prepare("UPDATE `app_passwd` SET
`name` = :app_name, `name` = :app_name,
`mailbox` = :username, `mailbox` = :username,
@ -142,15 +131,6 @@ function app_passwd($_action, $_data = null) {
':active' => $active, ':active' => $active,
':id' => $id ':id' => $id
)); ));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
continue;
}
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'success', 'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log), 'log' => array(__FUNCTION__, $_action, $_data_log),
@ -161,18 +141,27 @@ function app_passwd($_action, $_data = null) {
case 'delete': case 'delete':
$ids = (array)$_data['id']; $ids = (array)$_data['id'];
foreach ($ids as $id) { foreach ($ids as $id) {
try { $stmt = $pdo->prepare("SELECT `mailbox` FROM `app_passwd` WHERE `id` = :id");
$stmt = $pdo->prepare("DELETE FROM `app_passwd` WHERE `id`= :id AND `mailbox`= :username"); $stmt->execute(array(':id' => $id));
$stmt->execute(array(':id' => $id, ':username' => $username)); $mailbox = $stmt->fetch(PDO::FETCH_ASSOC)['mailbox'];
} if (empty($mailbox)) {
catch (PDOException $e) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log), 'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e) 'msg' => 'app_passwd_id_invalid'
); );
return false; return false;
} }
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $mailbox)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
);
return false;
}
$stmt = $pdo->prepare("DELETE FROM `app_passwd` WHERE `id`= :id");
$stmt->execute(array(':id' => $id));
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'success', 'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log), 'log' => array(__FUNCTION__, $_action, $_data_log),
@ -198,10 +187,16 @@ function app_passwd($_action, $_data = null) {
`active` AS `active_int`, `active` AS `active_int`,
CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
FROM `app_passwd` FROM `app_passwd`
WHERE `id` = :id WHERE `id` = :id");
AND `mailbox` = :username"); $stmt->execute(array(':id' => $_data['id']));
$stmt->execute(array(':id' => $_data['id'], ':username' => $username));
$app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC); $app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC);
if (empty($app_passwd_data)) {
return false;
}
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $app_passwd_data['mailbox'])) {
$app_passwd_data = array();
return false;
}
return $app_passwd_data; return $app_passwd_data;
break; break;
} }

7
data/web/json_api.php
View File

@ -296,12 +296,7 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
} }
if (!empty($app_passwds)) { if (!empty($app_passwds)) {
foreach ($app_passwds as $app_passwd) { foreach ($app_passwds as $app_passwd) {
if (empty($extra)) {
$details = app_passwd('details', array('id' => $app_passwd['id'])); $details = app_passwd('details', array('id' => $app_passwd['id']));
}
else {
$details = app_passwd('details', array('id' => $app_passwd['id'], 'username' => $extra));
}
if ($details !== false) { if ($details !== false) {
$data[] = $details; $data[] = $details;
} }
@ -317,7 +312,7 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
break; break;
default: default:
$data = app_passwd('details', array('id' => $object)); $data = app_passwd('details', array('id' => $object['id']));
process_get_return($data); process_get_return($data);
break; break;
} }