diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 699709ce..0f48efbd 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -4462,7 +4462,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$mailboxdata['active'] = $row['active'];
$mailboxdata['active_int'] = $row['active'];
$mailboxdata['domain'] = $row['domain'];
- $mailboxdata['relayhost'] = $row['relayhost'];
$mailboxdata['name'] = $row['name'];
$mailboxdata['local_part'] = $row['local_part'];
$mailboxdata['quota'] = $row['quota'];
diff --git a/data/web/inc/lib/ssp.class.php b/data/web/inc/lib/ssp.class.php
new file mode 100644
index 00000000..503f9b29
--- /dev/null
+++ b/data/web/inc/lib/ssp.class.php
@@ -0,0 +1,623 @@
+ 'utf8'` - you might need this depending on your PHP / MySQL config
+ * @return resource PDO connection
+ */
+ static function db ( $conn )
+ {
+ if ( is_array( $conn ) ) {
+ return self::sql_connect( $conn );
+ }
+
+ return $conn;
+ }
+
+
+ /**
+ * Paging
+ *
+ * Construct the LIMIT clause for server-side processing SQL query
+ *
+ * @param array $request Data sent to server by DataTables
+ * @param array $columns Column information array
+ * @return string SQL limit clause
+ */
+ static function limit ( $request, $columns )
+ {
+ $limit = '';
+
+ if ( isset($request['start']) && $request['length'] != -1 ) {
+ $limit = "LIMIT ".intval($request['start']).", ".intval($request['length']);
+ }
+
+ return $limit;
+ }
+
+
+ /**
+ * Ordering
+ *
+ * Construct the ORDER BY clause for server-side processing SQL query
+ *
+ * @param array $request Data sent to server by DataTables
+ * @param array $columns Column information array
+ * @return string SQL order by clause
+ */
+ static function order ( $tableAS, $request, $columns )
+ {
+ $select = '';
+ $order = '';
+
+ if ( isset($request['order']) && count($request['order']) ) {
+ $selects = [];
+ $orderBy = [];
+ $dtColumns = self::pluck( $columns, 'dt' );
+
+ for ( $i=0, $ien=count($request['order']) ; $i<$ien ; $i++ ) {
+ // Convert the column index into the column data property
+ $columnIdx = intval($request['order'][$i]['column']);
+ $requestColumn = $request['columns'][$columnIdx];
+
+ $columnIdx = array_search( $columnIdx, $dtColumns );
+ $column = $columns[ $columnIdx ];
+
+ if ( $requestColumn['orderable'] == 'true' ) {
+ $dir = $request['order'][$i]['dir'] === 'asc' ?
+ 'ASC' :
+ 'DESC';
+
+ if(isset($column['order_subquery'])) {
+ $selects[] = '('.$column['order_subquery'].') AS `'.$column['db'].'_count`';
+ $orderBy[] = '`'.$column['db'].'_count` '.$dir;
+ } else {
+ $orderBy[] = '`'.$tableAS.'`.`'.$column['db'].'` '.$dir;
+ }
+ }
+ }
+
+ if ( count( $selects ) ) {
+ $select = ', '.implode(', ', $selects);
+ }
+
+ if ( count( $orderBy ) ) {
+ $order = 'ORDER BY '.implode(', ', $orderBy);
+ }
+ }
+
+ return [$select, $order];
+ }
+
+
+ /**
+ * Searching / Filtering
+ *
+ * Construct the WHERE clause for server-side processing SQL query.
+ *
+ * NOTE this does not match the built-in DataTables filtering which does it
+ * word by word on any field. It's possible to do here performance on large
+ * databases would be very poor
+ *
+ * @param array $request Data sent to server by DataTables
+ * @param array $columns Column information array
+ * @param array $bindings Array of values for PDO bindings, used in the
+ * sql_exec() function
+ * @return string SQL where clause
+ */
+ static function filter ( $tablesAS, $request, $columns, &$bindings )
+ {
+ $globalSearch = array();
+ $columnSearch = array();
+ $joins = array();
+ $dtColumns = self::pluck( $columns, 'dt' );
+
+ if ( isset($request['search']) && $request['search']['value'] != '' ) {
+ $str = $request['search']['value'];
+
+ for ( $i=0, $ien=count($request['columns']) ; $i<$ien ; $i++ ) {
+ $requestColumn = $request['columns'][$i];
+ $columnIdx = array_search( $i, $dtColumns );
+ $column = $columns[ $columnIdx ];
+
+ if ( $requestColumn['searchable'] == 'true' ) {
+ if(!empty($column['db'])){
+ $binding = self::bind( $bindings, '%'.$str.'%', PDO::PARAM_STR );
+
+ if(isset($column['search']['join'])) {
+ $joins[] = $column['search']['join'];
+ $globalSearch[] = $column['search']['where_column'].' LIKE '.$binding;
+ } else {
+ $globalSearch[] = "`".$tablesAS."`.`".$column['db']."` LIKE ".$binding;
+ }
+ }
+ }
+ }
+ }
+
+ // Individual column filtering
+ if ( isset( $request['columns'] ) ) {
+ for ( $i=0, $ien=count($request['columns']) ; $i<$ien ; $i++ ) {
+ $requestColumn = $request['columns'][$i];
+ $columnIdx = array_search( $requestColumn['data'], $dtColumns );
+ $column = $columns[ $columnIdx ];
+
+ $str = $requestColumn['search']['value'];
+
+ if ( $requestColumn['searchable'] == 'true' &&
+ $str != '' ) {
+ if(!empty($column['db'])){
+ $binding = self::bind( $bindings, '%'.$str.'%', PDO::PARAM_STR );
+ $columnSearch[] = "`".$tablesAS."`.`".$column['db']."` LIKE ".$binding;
+ }
+ }
+ }
+ }
+
+ // Combine the filters into a single string
+ $where = '';
+
+ if ( count( $globalSearch ) ) {
+ $where = '('.implode(' OR ', $globalSearch).')';
+ }
+
+ if ( count( $columnSearch ) ) {
+ $where = $where === '' ?
+ implode(' AND ', $columnSearch) :
+ $where .' AND '. implode(' AND ', $columnSearch);
+ }
+
+ $join = '';
+ if( count($joins) ) {
+ $join = implode(' ', $joins);
+ }
+
+ if ( $where !== '' ) {
+ $where = 'WHERE '.$where;
+ }
+
+ return [$join, $where];
+ }
+
+
+ /**
+ * Perform the SQL queries needed for an server-side processing requested,
+ * utilising the helper functions of this class, limit(), order() and
+ * filter() among others. The returned array is ready to be encoded as JSON
+ * in response to an SSP request, or can be modified if needed before
+ * sending back to the client.
+ *
+ * @param array $request Data sent to server by DataTables
+ * @param array|PDO $conn PDO connection resource or connection parameters array
+ * @param string $table SQL table to query
+ * @param string $primaryKey Primary key of the table
+ * @param array $columns Column information array
+ * @return array Server-side processing response array
+ */
+ static function simple ( $request, $conn, $table, $primaryKey, $columns )
+ {
+ $bindings = array();
+ $db = self::db( $conn );
+
+ // Allow for a JSON string to be passed in
+ if (isset($request['json'])) {
+ $request = json_decode($request['json'], true);
+ }
+
+ // table AS
+ $tablesAS = null;
+ if(is_array($table)) {
+ $tablesAS = $table[1];
+ $table = $table[0];
+ }
+
+ // Build the SQL query string from the request
+ list($select, $order) = self::order( $tablesAS, $request, $columns );
+ $limit = self::limit( $request, $columns );
+ list($join, $where) = self::filter( $tablesAS, $request, $columns, $bindings );
+
+ // Main query to actually get the data
+ $data = self::sql_exec( $db, $bindings,
+ "SELECT `$tablesAS`.`".implode("`, `$tablesAS`.`", self::pluck($columns, 'db'))."`
+ $select
+ FROM `$table` AS `$tablesAS`
+ $join
+ $where
+ $order
+ $limit"
+ );
+
+ // Data set length after filtering
+ $resFilterLength = self::sql_exec( $db, $bindings,
+ "SELECT COUNT(`{$tablesAS}`.`{$primaryKey}`)
+ FROM `$table` AS `$tablesAS`
+ $join
+ $where"
+ );
+ $recordsFiltered = $resFilterLength[0][0];
+
+ // Total data set length
+ $resTotalLength = self::sql_exec( $db,
+ "SELECT COUNT(`{$tablesAS}`.`{$primaryKey}`)
+ FROM `$table` AS `$tablesAS`"
+ );
+ $recordsTotal = $resTotalLength[0][0];
+
+ /*
+ * Output
+ */
+ return array(
+ "draw" => isset ( $request['draw'] ) ?
+ intval( $request['draw'] ) :
+ 0,
+ "recordsTotal" => intval( $recordsTotal ),
+ "recordsFiltered" => intval( $recordsFiltered ),
+ "data" => self::data_output( $columns, $data )
+ );
+ }
+
+
+ /**
+ * The difference between this method and the `simple` one, is that you can
+ * apply additional `where` conditions to the SQL queries. These can be in
+ * one of two forms:
+ *
+ * * 'Result condition' - This is applied to the result set, but not the
+ * overall paging information query - i.e. it will not effect the number
+ * of records that a user sees they can have access to. This should be
+ * used when you want apply a filtering condition that the user has sent.
+ * * 'All condition' - This is applied to all queries that are made and
+ * reduces the number of records that the user can access. This should be
+ * used in conditions where you don't want the user to ever have access to
+ * particular records (for example, restricting by a login id).
+ *
+ * In both cases the extra condition can be added as a simple string, or if
+ * you are using external values, as an assoc. array with `condition` and
+ * `bindings` parameters. The `condition` is a string with the SQL WHERE
+ * condition and `bindings` is an assoc. array of the binding names and
+ * values.
+ *
+ * @param array $request Data sent to server by DataTables
+ * @param array|PDO $conn PDO connection resource or connection parameters array
+ * @param string|array $table SQL table to query, if array second key is AS
+ * @param string $primaryKey Primary key of the table
+ * @param array $columns Column information array
+ * @param string $join JOIN sql string
+ * @param string|array $whereResult WHERE condition to apply to the result set
+ * @return array Server-side processing response array
+ */
+ static function complex (
+ $request,
+ $conn,
+ $table,
+ $primaryKey,
+ $columns,
+ $join=null,
+ $whereResult=null
+ ) {
+ $bindings = array();
+ $db = self::db( $conn );
+
+ // table AS
+ $tablesAS = null;
+ if(is_array($table)) {
+ $tablesAS = $table[1];
+ $table = $table[0];
+ }
+
+ // Build the SQL query string from the request
+ list($select, $order) = self::order( $tablesAS, $request, $columns );
+ $limit = self::limit( $request, $columns );
+ list($join_filter, $where) = self::filter( $tablesAS, $request, $columns, $bindings );
+
+ // whereResult can be a simple string, or an assoc. array with a
+ // condition and bindings
+ if ( $whereResult ) {
+ $str = $whereResult;
+
+ if ( is_array($whereResult) ) {
+ $str = $whereResult['condition'];
+
+ if ( isset($whereResult['bindings']) ) {
+ self::add_bindings($bindings, $whereResult);
+ }
+ }
+
+ $where = $where ?
+ $where .' AND '.$str :
+ 'WHERE '.$str;
+ }
+
+ // Main query to actually get the data
+ $data = self::sql_exec( $db, $bindings,
+ "SELECT `$tablesAS`.`".implode("`, `$tablesAS`.`", self::pluck($columns, 'db'))."`
+ $select
+ FROM `$table` AS `$tablesAS`
+ $join
+ $join_filter
+ $where
+ GROUP BY `{$tablesAS}`.`{$primaryKey}`
+ $order
+ $limit"
+ );
+
+ // Data set length after filtering
+ $resFilterLength = self::sql_exec( $db, $bindings,
+ "SELECT COUNT(`{$tablesAS}`.`{$primaryKey}`)
+ FROM `$table` AS `$tablesAS`
+ $join
+ $join_filter
+ $where
+ GROUP BY `{$tablesAS}`.`{$primaryKey}`"
+ );
+ $recordsFiltered = (isset($resFilterLength[0])) ? $resFilterLength[0][0] : 0;
+
+ // Total data set length
+ $resTotalLength = self::sql_exec( $db, $bindings,
+ "SELECT COUNT(`{$tablesAS}`.`{$primaryKey}`)
+ FROM `$table` AS `$tablesAS`
+ $join
+ $join_filter
+ $where
+ GROUP BY `{$tablesAS}`.`{$primaryKey}`"
+ );
+ $recordsTotal = (isset($resTotalLength[0])) ? $resTotalLength[0][0] : 0;
+
+ /*
+ * Output
+ */
+ return array(
+ "draw" => isset ( $request['draw'] ) ?
+ intval( $request['draw'] ) :
+ 0,
+ "recordsTotal" => intval( $recordsTotal ),
+ "recordsFiltered" => intval( $recordsFiltered ),
+ "data" => self::data_output( $columns, $data )
+ );
+ }
+
+
+ /**
+ * Connect to the database
+ *
+ * @param array $sql_details SQL server connection details array, with the
+ * properties:
+ * * host - host name
+ * * db - database name
+ * * user - user name
+ * * pass - user password
+ * @return resource Database connection handle
+ */
+ static function sql_connect ( $sql_details )
+ {
+ try {
+ $db = @new PDO(
+ "mysql:host={$sql_details['host']};dbname={$sql_details['db']}",
+ $sql_details['user'],
+ $sql_details['pass'],
+ array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION )
+ );
+ }
+ catch (PDOException $e) {
+ self::fatal(
+ "An error occurred while connecting to the database. ".
+ "The error reported by the server was: ".$e->getMessage()
+ );
+ }
+
+ return $db;
+ }
+
+
+ /**
+ * Execute an SQL query on the database
+ *
+ * @param resource $db Database handler
+ * @param array $bindings Array of PDO binding values from bind() to be
+ * used for safely escaping strings. Note that this can be given as the
+ * SQL query string if no bindings are required.
+ * @param string $sql SQL query to execute.
+ * @return array Result from the query (all rows)
+ */
+ static function sql_exec ( $db, $bindings, $sql=null )
+ {
+ // Argument shifting
+ if ( $sql === null ) {
+ $sql = $bindings;
+ }
+
+ $stmt = $db->prepare( $sql );
+
+ // Bind parameters
+ if ( is_array( $bindings ) ) {
+ for ( $i=0, $ien=count($bindings) ; $i<$ien ; $i++ ) {
+ $binding = $bindings[$i];
+ $stmt->bindValue( $binding['key'], $binding['val'], $binding['type'] );
+ }
+ }
+
+ // Execute
+ try {
+ $stmt->execute();
+ }
+ catch (PDOException $e) {
+ self::fatal( "An SQL error occurred: ".$e->getMessage() );
+ }
+
+ // Return all
+ return $stmt->fetchAll( PDO::FETCH_BOTH );
+ }
+
+
+ /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+ * Internal methods
+ */
+
+ /**
+ * Throw a fatal error.
+ *
+ * This writes out an error message in a JSON string which DataTables will
+ * see and show to the user in the browser.
+ *
+ * @param string $msg Message to send to the client
+ */
+ static function fatal ( $msg )
+ {
+ echo json_encode( array(
+ "error" => $msg
+ ) );
+
+ exit(0);
+ }
+
+ /**
+ * Create a PDO binding key which can be used for escaping variables safely
+ * when executing a query with sql_exec()
+ *
+ * @param array &$a Array of bindings
+ * @param * $val Value to bind
+ * @param int $type PDO field type
+ * @return string Bound key to be used in the SQL where this parameter
+ * would be used.
+ */
+ static function bind ( &$a, $val, $type )
+ {
+ $key = ':binding_'.count( $a );
+
+ $a[] = array(
+ 'key' => $key,
+ 'val' => $val,
+ 'type' => $type
+ );
+
+ return $key;
+ }
+
+ static function add_bindings(&$bindings, $vals)
+ {
+ foreach($vals['bindings'] as $key => $value) {
+ $bindings[] = array(
+ 'key' => $key,
+ 'val' => $value,
+ 'type' => PDO::PARAM_STR
+ );
+ }
+ }
+
+
+ /**
+ * Pull a particular property from each assoc. array in a numeric array,
+ * returning and array of the property values from each item.
+ *
+ * @param array $a Array to get data from
+ * @param string $prop Property to read
+ * @return array Array of property values
+ */
+ static function pluck ( $a, $prop )
+ {
+ $out = array();
+
+ for ( $i=0, $len=count($a) ; $i<$len ; $i++ ) {
+ if ( empty($a[$i][$prop]) && $a[$i][$prop] !== 0 ) {
+ continue;
+ }
+ if ( $prop == 'db' && isset($a[$i]['dummy']) && $a[$i]['dummy'] === true ) {
+ continue;
+ }
+
+ //removing the $out array index confuses the filter method in doing proper binding,
+ //adding it ensures that the array data are mapped correctly
+ $out[$i] = $a[$i][$prop];
+ }
+
+ return $out;
+ }
+
+
+ /**
+ * Return a string from an array or a string
+ *
+ * @param array|string $a Array to join
+ * @param string $join Glue for the concatenation
+ * @return string Joined string
+ */
+ static function _flatten ( $a, $join = ' AND ' )
+ {
+ if ( ! $a ) {
+ return '';
+ }
+ else if ( $a && is_array($a) ) {
+ return implode( $join, $a );
+ }
+ return $a;
+ }
+}
+
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index c2b1761d..cc316b71 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -435,7 +435,7 @@ jQuery(function($){
var table = $('#domain_table').DataTable({
responsive: true,
processing: true,
- serverSide: false,
+ serverSide: true,
stateSave: true,
pageLength: pagination_size,
dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
@@ -447,9 +447,9 @@ jQuery(function($){
},
ajax: {
type: "GET",
- url: "/api/v1/get/domain/all",
+ url: "/api/v1/get/domain/datatables",
dataSrc: function(json){
- $.each(json, function(i, item) {
+ $.each(json.data, function(i, item) {
item.domain_name = escapeHtml(item.domain_name);
item.aliases = item.aliases_in_domain + " / " + item.max_num_aliases_for_domain;
@@ -498,7 +498,7 @@ jQuery(function($){
}
});
- return json;
+ return json.data;
}
},
columns: [
@@ -528,17 +528,20 @@ jQuery(function($){
{
title: lang.aliases,
data: 'aliases',
+ searchable: false,
defaultContent: ''
},
{
title: lang.mailboxes,
data: 'mailboxes',
+ searchable: false,
responsivePriority: 4,
defaultContent: ''
},
{
title: lang.domain_quota,
data: 'quota',
+ searchable: false,
defaultContent: '',
render: function (data, type) {
data = data.split("/");
@@ -548,6 +551,7 @@ jQuery(function($){
{
title: lang.stats,
data: 'stats',
+ searchable: false,
defaultContent: '',
render: function (data, type) {
data = data.split("/");
@@ -557,53 +561,67 @@ jQuery(function($){
{
title: lang.mailbox_defquota,
data: 'def_quota_for_mbox',
+ searchable: false,
defaultContent: ''
},
{
title: lang.mailbox_quota,
data: 'max_quota_for_mbox',
+ searchable: false,
defaultContent: ''
},
{
title: 'RL',
data: 'rl',
+ searchable: false,
+ orderable: false,
defaultContent: ''
},
{
title: lang.backup_mx,
data: 'backupmx',
+ searchable: false,
defaultContent: '',
- redner: function (data, type){
- return 1==value ? '' : 0==value && '';
+ render: function (data, type){
+ return 1==data ? '' : 0==data && '';
}
},
{
title: lang.domain_admins,
data: 'domain_admins',
+ searchable: false,
+ orderable: false,
defaultContent: '',
className: 'none'
},
{
title: lang.created_on,
data: 'created',
+ searchable: false,
+ orderable: false,
defaultContent: '',
className: 'none'
},
{
title: lang.last_modified,
data: 'modified',
+ searchable: false,
+ orderable: false,
defaultContent: '',
className: 'none'
},
{
title: 'Tags',
data: 'tags',
+ searchable: true,
+ orderable: false,
defaultContent: '',
className: 'none'
},
{
title: lang.active,
data: 'active',
+ searchable: false,
defaultContent: '',
responsivePriority: 6,
render: function (data, type) {
@@ -613,6 +631,8 @@ jQuery(function($){
{
title: lang.action,
data: 'action',
+ searchable: false,
+ orderable: false,
className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
responsivePriority: 5,
defaultContent: ''
@@ -844,7 +864,7 @@ jQuery(function($){
var table = $('#mailbox_table').DataTable({
responsive: true,
processing: true,
- serverSide: false,
+ serverSide: true,
stateSave: true,
pageLength: pagination_size,
dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
@@ -853,13 +873,12 @@ jQuery(function($){
language: lang_datatables,
initComplete: function(settings, json){
hideTableExpandCollapseBtn('#tab-mailboxes', '#mailbox_table');
- filterByDomain(json, 8, table);
},
ajax: {
type: "GET",
- url: "/api/v1/get/mailbox/reduced",
+ url: "/api/v1/get/mailbox/datatables",
dataSrc: function(json){
- $.each(json, function (i, item) {
+ $.each(json.data, function (i, item) {
item.quota = {
sortBy: item.quota_used,
value: item.quota
@@ -945,7 +964,7 @@ jQuery(function($){
}
});
- return json;
+ return json.data;
}
},
columns: [
@@ -975,13 +994,14 @@ jQuery(function($){
{
title: lang.domain_quota,
data: 'quota.value',
+ searchable: false,
responsivePriority: 8,
- defaultContent: '',
- orderData: 23
+ defaultContent: ''
},
{
title: lang.last_mail_login,
data: 'last_mail_login',
+ searchable: false,
defaultContent: '',
responsivePriority: 7,
render: function (data, type) {
@@ -994,15 +1014,16 @@ jQuery(function($){
{
title: lang.last_pw_change,
data: 'last_pw_change',
+ searchable: false,
defaultContent: ''
},
{
title: lang.in_use,
data: 'in_use.value',
+ searchable: false,
defaultContent: '',
responsivePriority: 9,
- className: 'dt-data-w100',
- orderData: 24
+ className: 'dt-data-w100'
},
{
title: lang.fname,
@@ -1067,6 +1088,7 @@ jQuery(function($){
{
title: lang.msg_num,
data: 'messages',
+ searchable: false,
defaultContent: '',
responsivePriority: 5
},
@@ -1085,12 +1107,14 @@ jQuery(function($){
{
title: 'Tags',
data: 'tags',
+ searchable: true,
defaultContent: '',
className: 'none'
},
{
title: lang.active,
data: 'active',
+ searchable: false,
defaultContent: '',
responsivePriority: 4,
render: function (data, type) {
@@ -1100,22 +1124,12 @@ jQuery(function($){
{
title: lang.action,
data: 'action',
+ searchable: false,
+ orderable: false,
className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
responsivePriority: 6,
defaultContent: ''
- },
- {
- title: "",
- data: 'quota.sortBy',
- defaultContent: '',
- className: "d-none"
- },
- {
- title: "",
- data: 'in_use.sortBy',
- defaultContent: '',
- className: "d-none"
- },
+ }
]
});
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 344257fe..28f8cac5 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -15,7 +15,7 @@ function api_log($_data) {
continue;
}
- $value = json_decode($value, true);
+ $value = json_decode($value, true);
if ($value) {
if (is_array($value)) unset($value["csrf_token"]);
foreach ($value as $key => &$val) {
@@ -23,7 +23,7 @@ function api_log($_data) {
$val = '*';
}
}
- $value = json_encode($value);
+ $value = json_encode($value);
}
$data_var[] = $data . "='" . $value . "'";
}
@@ -44,7 +44,7 @@ function api_log($_data) {
'msg' => 'Redis: '.$e
);
return false;
- }
+ }
}
if (isset($_GET['query'])) {
@@ -178,12 +178,12 @@ if (isset($_GET['query'])) {
// parse post data
$post = trim(file_get_contents('php://input'));
if ($post) $post = json_decode($post);
-
+
// process registration data from authenticator
try {
// decode base64 strings
$clientDataJSON = base64_decode($post->clientDataJSON);
- $attestationObject = base64_decode($post->attestationObject);
+ $attestationObject = base64_decode($post->attestationObject);
// processCreate($clientDataJSON, $attestationObject, $challenge, $requireUserVerification=false, $requireUserPresent=true, $failIfRootMismatch=true)
$data = $WebAuthn->processCreate($clientDataJSON, $attestationObject, $_SESSION['challenge'], false, true);
@@ -250,7 +250,7 @@ if (isset($_GET['query'])) {
default:
process_add_return(mailbox('add', 'domain', $attr));
break;
- }
+ }
break;
case "resource":
process_add_return(mailbox('add', 'resource', $attr));
@@ -470,7 +470,7 @@ if (isset($_GET['query'])) {
// false, if only internal is allowed
// null, if internal and cross-platform is allowed
$createArgs = $WebAuthn->getCreateArgs($_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], 30, false, $GLOBALS['WEBAUTHN_UV_FLAG_REGISTER'], null, $excludeCredentialIds);
-
+
print(json_encode($createArgs));
$_SESSION['challenge'] = $WebAuthn->getChallenge();
return;
@@ -533,9 +533,50 @@ if (isset($_GET['query'])) {
case "domain":
switch ($object) {
+ case "datatables":
+ $table = ['domain', 'd'];
+ $primaryKey = 'domain';
+ $columns = [
+ ['db' => 'domain', 'dt' => 2],
+ ['db' => 'aliases', 'dt' => 3, 'order_subquery' => "SELECT COUNT(*) FROM `alias` WHERE (`domain`= `d`.`domain` OR `domain` IN (SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = `d`.`domain`)) AND `address` NOT IN (SELECT `username` FROM `mailbox`)"],
+ ['db' => 'mailboxes', 'dt' => 4, 'order_subquery' => "SELECT COUNT(*) FROM `mailbox` WHERE `mailbox`.`domain` = `d`.`domain` AND (`mailbox`.`kind` = '' OR `mailbox`.`kind` = NULL)"],
+ ['db' => 'quota', 'dt' => 5, 'order_subquery' => "SELECT COALESCE(SUM(`mailbox`.`quota`), 0) FROM `mailbox` WHERE `mailbox`.`domain` = `d`.`domain` AND (`mailbox`.`kind` = '' OR `mailbox`.`kind` = NULL)"],
+ ['db' => 'stats', 'dt' => 6, 'dummy' => true, 'order_subquery' => "SELECT SUM(bytes) FROM `quota2` WHERE `quota2`.`username` IN (SELECT `username` FROM `mailbox` WHERE `domain` = `d`.`domain`)"],
+ ['db' => 'defquota', 'dt' => 7],
+ ['db' => 'maxquota', 'dt' => 8],
+ ['db' => 'backupmx', 'dt' => 10],
+ ['db' => 'tags', 'dt' => 14, 'dummy' => true, 'search' => ['join' => 'LEFT JOIN `tags_domain` AS `td` ON `td`.`domain` = `d`.`domain`', 'where_column' => '`td`.`tag_name`']],
+ ['db' => 'active', 'dt' => 15],
+ ];
+
+ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/ssp.class.php';
+ global $pdo;
+ if($_SESSION['mailcow_cc_role'] === 'admin') {
+ $data = SSP::simple($_GET, $pdo, $table, $primaryKey, $columns);
+ } elseif ($_SESSION['mailcow_cc_role'] === 'domainadmin') {
+ $data = SSP::complex($_GET, $pdo, $table, $primaryKey, $columns,
+ 'INNER JOIN domain_admins as da ON da.domain = d.domain',
+ [
+ 'condition' => 'da.active = 1 and da.username = :username',
+ 'bindings' => ['username' => $_SESSION['mailcow_cc_username']]
+ ]);
+ }
+
+ if (!empty($data['data'])) {
+ $domainsData = [];
+ foreach ($data['data'] as $domain) {
+ if ($details = mailbox('get', 'domain_details', $domain[2])) {
+ $domainsData[] = $details;
+ }
+ }
+ $data['data'] = $domainsData;
+ }
+
+ process_get_return($data);
+ break;
case "all":
$tags = null;
- if (isset($_GET['tags']) && $_GET['tags'] != '')
+ if (isset($_GET['tags']) && $_GET['tags'] != '')
$tags = explode(',', $_GET['tags']);
$domains = mailbox('get', 'domains', null, $tags);
@@ -1021,10 +1062,49 @@ if (isset($_GET['query'])) {
break;
case "mailbox":
switch ($object) {
+ case "datatables":
+ $table = ['mailbox', 'm'];
+ $primaryKey = 'username';
+ $columns = [
+ ['db' => 'username', 'dt' => 2],
+ ['db' => 'quota', 'dt' => 3],
+ ['db' => 'last_mail_login', 'dt' => 4, 'dummy' => true, 'order_subquery' => "SELECT MAX(`datetime`) FROM `sasl_log` WHERE `service` != 'SSO' AND `username` = `m`.`username`"],
+ ['db' => 'last_pw_change', 'dt' => 5, 'dummy' => true, 'order_subquery' => "JSON_EXTRACT(attributes, '$.passwd_update')"],
+ ['db' => 'in_use', 'dt' => 6, 'dummy' => true, 'order_subquery' => "(SELECT SUM(bytes) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`) / `m`.`quota`"],
+ ['db' => 'messages', 'dt' => 17, 'dummy' => true, 'order_subquery' => "SELECT SUM(messages) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`"],
+ ['db' => 'tags', 'dt' => 20, 'dummy' => true, 'search' => ['join' => 'LEFT JOIN `tags_mailbox` AS `tm` ON `tm`.`username` = `m`.`username`', 'where_column' => '`tm`.`tag_name`']],
+ ['db' => 'active', 'dt' => 21]
+ ];
+
+ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/ssp.class.php';
+ global $pdo;
+ if($_SESSION['mailcow_cc_role'] === 'admin') {
+ $data = SSP::complex($_GET, $pdo, $table, $primaryKey, $columns, null, "(`m`.`kind` = '' OR `m`.`kind` = NULL)");
+ } elseif ($_SESSION['mailcow_cc_role'] === 'domainadmin') {
+ $data = SSP::complex($_GET, $pdo, $table, $primaryKey, $columns,
+ 'INNER JOIN domain_admins as da ON da.domain = m.domain',
+ [
+ 'condition' => "(`m`.`kind` = '' OR `m`.`kind` = NULL) AND `da`.`active` = 1 AND `da`.`username` = :username",
+ 'bindings' => ['username' => $_SESSION['mailcow_cc_username']]
+ ]);
+ }
+
+ if (!empty($data['data'])) {
+ $mailboxData = [];
+ foreach ($data['data'] as $mailbox) {
+ if ($details = mailbox('get', 'mailbox_details', $mailbox[2])) {
+ $mailboxData[] = $details;
+ }
+ }
+ $data['data'] = $mailboxData;
+ }
+
+ process_get_return($data);
+ break;
case "all":
case "reduced":
$tags = null;
- if (isset($_GET['tags']) && $_GET['tags'] != '')
+ if (isset($_GET['tags']) && $_GET['tags'] != '')
$tags = explode(',', $_GET['tags']);
if (empty($extra)) $domains = mailbox('get', 'domains');
@@ -1058,7 +1138,7 @@ if (isset($_GET['query'])) {
break;
default:
$tags = null;
- if (isset($_GET['tags']) && $_GET['tags'] != '')
+ if (isset($_GET['tags']) && $_GET['tags'] != '')
$tags = explode(',', $_GET['tags']);
if ($tags === null) {
@@ -1068,7 +1148,7 @@ if (isset($_GET['query'])) {
$mailboxes = mailbox('get', 'mailboxes', $object, $tags);
if (is_array($mailboxes)) {
foreach ($mailboxes as $mailbox) {
- if ($details = mailbox('get', 'mailbox_details', $mailbox))
+ if ($details = mailbox('get', 'mailbox_details', $mailbox))
$data[] = $details;
}
}
@@ -1571,15 +1651,15 @@ if (isset($_GET['query'])) {
'solr_size' => $solr_size,
'solr_documents' => $solr_documents
));
- break;
+ break;
case "host":
if (!$extra){
$stats = docker("host_stats");
echo json_encode($stats);
- }
+ }
else if ($extra == "ip") {
// get public ips
-
+
$curl = curl_init();
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 0);
@@ -2003,7 +2083,7 @@ if (isset($_GET['query'])) {
exit();
}
}
-if ($_SESSION['mailcow_cc_api'] === true) {
+if (array_key_exists('mailcow_cc_api', $_SESSION) && $_SESSION['mailcow_cc_api'] === true) {
if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
unset($_SESSION['return']);
}