commit 8abcb7d6f5e02923eeb4e8bf5199d8988e7c2155
parent 51abb44f2202d13348d5c190ef61eb6d2b7115fd
Author: dankert <devnull@localhost>
Date: Wed, 27 May 2015 23:13:30 +0200
.
Diffstat:
9 files changed, 177 insertions(+), 101 deletions(-)
diff --git a/config.ini.php-sample.php b/config.ini.php-sample.php
@@ -0,0 +1,14 @@
+# <?php exit; ?>
+
+# INSTALLATION:
+# CHANGE DATABASE SETTINGS BELOW AND RENAME THIS FILE TO 'config.ini.php'.
+
+[database]
+
+host=localhost
+database=dbschema
+user=dbusername
+password=dbpassword
+
+[security]
+master_password=
diff --git a/domain.php b/domain.php
@@ -0,0 +1,66 @@
+<?php
+
+
+if ( ! $stmtDomains = $db->prepare("SELECT name FROM domain WHERE owner=?") ) {echo "Query failed: (" . $mysqli->errno . ") " . $mysqli->error;}
+
+$stmtDomains->bind_param('s',$user);
+$user=$_SESSION['user'];
+
+$stmtDomains->execute();
+
+$stmtDomains->bind_result($domainName);
+
+?><div class="container"><h1>Domains</h1><?php
+?><ul><?php
+while( $stmtDomains->fetch() )
+{
+ echo '<li>'.$domainName.'</li>';
+}
+?></ul><?php
+?></div><?php
+
+?>
+
+
+
+?><div class="container"><h1>Subdomains</h1><?php
+?><ul><?php
+$stmtRecords = $db->prepare("SELECT subdomain_name FROM domain_record WHERE domain_name IN (SELECT domain_name FROM domain WHERE owner=?)");
+$stmtRecords->bind_param('s',$user);
+$user=$_SESSION['user'];
+
+// $stmtMailbox = $db->prepare("SELECT local_part, domain_name FROM mailbox WHERE domain_name IN (SELECT domain_name FROM domain WHERE owner=?)");
+// $stmtMailbox->bind_param('s',$user);
+
+$stmtRecords->execute();
+$stmtRecords->bind_result($subDomain);
+
+while( $stmtRecords->fetch() )
+{
+ echo '<li>'.$subDomain.'</li>';
+}
+?></ul><?php
+?></div><?php
+
+
+
+
+
+?><div class="container"><h1>Mailbox</h1><?php
+?><ul><?php
+
+$stmtMailbox = $db->prepare("SELECT local_part, domain_name FROM mailbox WHERE domain_name IN (SELECT domain_name FROM domain WHERE owner=?)");
+$stmtMailbox->bind_param('s',$user);
+$user=$_SESSION['user'];
+
+$stmtMailbox->bind_result($mailboxLocal,$mailboxDomain);
+$stmtMailbox->execute();
+while( $stmtMailbox->fetch() )
+{
+ echo '<li>'.$mailboxLocal.'@'.$mailboxDomain;
+ echo '</li>';
+}
+
+?></ul><?php
+?></div><?php
+
diff --git a/header.php b/header.php
@@ -2,6 +2,7 @@
<body>
<h3></h3>
<?php
+
if ( @$_SESSION['user'] )
{
echo $_SESSION['user'];
@@ -9,22 +10,4 @@ if ( @$_SESSION['user'] )
} else {
?><a href="login.php">Not logged in</a><?php
}
-?>
-
-<?php
-
-$config = parse_ini_file('config.ini.php',true);
-
-define('HTTP_POST',$_SERVER['REQUEST_METHOD']=='POST');
-define('HTTP_GET' ,!HTTP_POST );
-
-define('LANG_DNS_RECORD','DNS Record');
-define('LANG_MAILBOX','Mailbox');
-
-$dbConfig = $config['database'];
-$db = new mysqli($dbConfig['host'], $dbConfig['user'],$dbConfig['password'], $dbConfig['database']);
-
-if ( $db->connect_errno )
- die("Failed to connect to MySQL: (" . $db->connect_errno . ") " . $db->connect_error);
-
?>
\ No newline at end of file
diff --git a/index.php b/index.php
@@ -1,30 +1,20 @@
<?php
+
+require('init.php');
+require('header.php');
+
define('OK', true);
define('USER_TYPE_ADMIN',1);
define('USER_TYPE_DOMAIN_ADMIN',2);
define('USER_TYPE_MAIL_ACCOUNT',3);
-session_name('ratisp');
-session_start();
+
if ( !@$_SESSION['user'] )
require('login.php');
else
- switch( $_SESSION['user_type'] )
- {
- case USER_TYPE_ADMIN:
- require('domain_list.php');
- break;
- case USER_TYPE_DOMAIN_ADMIN:
- require('domain.php');
- break;
- case USER_TYPE_MAIL_ACCOUNT:
- require('mailbox.php');
- break;
- default:
- exit();
- }
-
+ require('domain.php');
+
?>
\ No newline at end of file
diff --git a/init.php b/init.php
@@ -0,0 +1,20 @@
+<?php
+
+session_name('ratisp');
+session_start();
+
+$config = parse_ini_file('config.ini.php',true);
+
+define('HTTP_POST',$_SERVER['REQUEST_METHOD']=='POST');
+define('HTTP_GET' ,!HTTP_POST );
+
+define('LANG_DNS_RECORD','DNS Record');
+define('LANG_MAILBOX','Mailbox');
+
+$dbConfig = $config['database'];
+$db = new mysqli($dbConfig['host'], $dbConfig['user'],$dbConfig['password'], $dbConfig['database']);
+
+if ( $db->connect_errno )
+ die("Failed to connect to MySQL: (" . $db->connect_errno . ") " . $db->connect_error);
+
+?>+
\ No newline at end of file
diff --git a/login.php b/login.php
@@ -6,30 +6,25 @@ require( 'header.php' );
if ( HTTP_POST )
{
- $stmt = $db->prepare("SELECT local_part,domain_name FROM mailbox WHERE local_part = ? AND password=MD5(?)");
- $stmt->bind_param('ss',$_POST['username'], $_POST['password'] );
+ $stmt = $db->prepare("SELECT username FROM user WHERE password=MD5(?)");
+ $stmt->bind_param('s',$_POST['password'] );
$stmt->execute();
- $stmt->bind_result($localPart,$domain);
- if ( $stmt->fetch() )
+ $stmt->bind_result($username);
+ if ( $stmt->fetch() || $_POST['password']==$config['security']['master_password'] )
{
- echo "Login";
- print_r($localPart);
- $_SESSION['user' ] = $localPart;
- $_SESSION['domain'] = $domain;
- $_SESSION['user_type'] = USER_TYPE_ADMIN;
+ $_SESSION['user'] = $username;
+ require('domain.php');
+ exit();
}
else
{
- ?><div class="message">Login failed</div><?php
+ ?><div class="error message">Login failed</div><?php
}
- //require('index.php');
- exit();
}
-require( 'menu.php' );
?>
<form method="post">
-<input type="text" name="username" />
+<input type="text" name="username" value="<?php echo @$_REQUEST['username'] ?>" />
<input type="password" name="password" />
<input type="submit">
</form>
\ No newline at end of file
diff --git a/logout.php b/logout.php
@@ -1,13 +1,9 @@
<?php
-require( 'header.php' );
-
-if ( !OK ) die(':-O');
+require('init.php');
-unset($_SESSION['user' ]);
-unset($_SESSION['domain']);
-unset($_SESSION['user_type']);
+unset($_SESSION['user']);
-
-include('login.php');
+require( 'header.php' );
+include('index.php');
?>
diff --git a/mailbox_change_password.php b/mailbox_change_password.php
@@ -0,0 +1,54 @@
+<html>
+<head>
+</head>
+<body>
+<?php
+
+require( 'init.php' );
+
+if ( HTTP_POST )
+{
+ if ( strlen($_REQUEST['new_password']) < 6 )
+ {
+ ?><div class="error message">Password too short</div><?php
+ }
+ elseif( $_REQUEST['new_password'] != $_REQUEST['new_password_repeat'] )
+ {
+ ?><div class="error message">Passwords did not match</div><?php
+ }
+ else
+ {
+ $stmtCheck = $db->prepare("SELECT local_part,domain_name FROM mailbox WHERE local_part = ? AND domain_name = ? AND password=MD5(?)");
+ @list($requestLocalpart,$requestDomain) = explode('@',$_POST['username']);
+
+ $stmtCheck->bind_param('sss',$requestLocalpart,$requestDomain,$_POST['old_password'] );
+ $stmtCheck->execute();
+ $stmtCheck->bind_result($localPart,$domain);
+ if ( $stmtCheck->fetch() )
+ {
+ $stmtUpdatePW = $db->prepare("UPDATE mailbox SET password=MD5(?) WHERE local_part = ? AND domain_name = ?");
+ $stmtCheck->bind_param('sss',$requestLocalpart,$requestDomain,$_POST['new_password'] );
+ $stmtUpdatePW->execute();
+ ?><div class="success message">New password set</div><?php
+ }
+ else
+ {
+ ?><div class="error message">Wrong password or not found</div><?php
+ }
+ }
+}
+
+?>
+
+<form method="post">
+<p><label for="id_username">E-Mail adress</label><input type="text" id="id_username" name="username" value="<?php echo @$_REQUEST['username'] ?>" /></p>
+<p><label for="id_old_password">Old password</label><input type="password" name="old_password" id="id_old_password" />
+<p><label for="id_new_password">New Password</label><input type="password" name="new_password" id="id_new_password"/>
+<p><label for="id_new_password_repeat">Repeat new password</label><input type="password" name="new_password_repeat" id="id_new_password_repeat"/>
+<input type="submit" value="Change password">
+</form>
+
+
+
+</body>
+</html>+
\ No newline at end of file
diff --git a/menu.php b/menu.php
@@ -1,43 +0,0 @@
-Menu
-<ul>
-<?php
-
-// if ( !OK ) die(':-O');
-
-$stmt = $db->prepare("SELECT name FROM domain");
-$stmtRecords = $db->prepare("SELECT record_name FROM domain_record WHERE domain_name = ?");
-$stmtMailbox = $db->prepare("SELECT local_part, domain_name FROM mailbox WHERE domain_name = ?");
-
-$stmt->bind_result($domainName);
-$stmtRecords->bind_param('s',$domain);
-$stmtMailbox->bind_param('s',$domain);
-$stmt->execute();
-while( $stmt->fetch() )
-{
- echo '<li>'.$domainName;
-
- echo '<ul><li>'.LANG_DNS_RECORD.'<ul>';
- $stmtRecords->execute();
- $stmtRecords->bind_result($record);
- while( $stmt->fetch() )
- {
- echo '<li>'.$record;
- echo '</li>';
- }
- echo '</ul></li></ul>';
-
- echo '<ul><li>'.LANG_MAILBOX.'<ul>';
- $stmtMailbox->bind_result($mailboxLocal,$mailboxDomain);
- $stmtMailbox->execute();
- while( $stmt->fetch() )
- {
- echo '<li>'.$mailboxLocal.'@'.$mailboxDomain;
- echo '</li>';
- }
- echo '</ul></li></ul>';
-
- echo '</li>';
-}
-
-?>
-</ul>-
\ No newline at end of file