/**
* Check the given login credential against in the db stored account.
*
*
* @param string $username
* @param string $password
* @param boolean $admin_only If true we will not search for RoleType::Users in table mailbox
* @return boolean
*/
public function check_login_credentials($username, $password, $admin_only = FALSE)
{
// Check for the Root Account setup in config.php
// and validate input for root account
if (($root_login_hash = $this->config->item("root_login_hash")) !== NULL && ($root_hash_algo = $this->config->item("root_hash_algo")) !== NULL && strlen($root_login_hash) === $this->config->item("root_hash_length")) {
// Check for valid root credentials
if ($root_login_hash === hash($root_hash_algo, hash($root_hash_algo, $username) . hash($root_hash_algo, $password))) {
// Root is there.
$this->auth->initialize(array("type" => Auth::ROOT, "username" => $username, "name" => $this->config->item("root_name"), "emailaddress" => $this->config->item("root_emailaddress")));
return TRUE;
}
}
// Load the pacrypt() method which comes from the original postfixadmin project
$this->load->helper("pacrypt");
// check the login credentials against the admin accounts
$query = $this->db->get_where(PA_NG_TABLE_ADMIN, ["username" => $username, "active" => TRUE]);
if ($query->num_rows() > 0) {
$result = $query->result();
$query->free_result();
// Check the password with the help of pacrypt()
if ($result->password == pacrypt($password, $result->password)) {
$result->type = Auth::ADMIN;
$this->auth->initialize($result);
return TRUE;
}
return FALSE;
}
if (!$admin_only) {
/**
* No Root, No Admin ?!?!
* MayBe an normal mailbox user ???
*
* !!! Do not allow deactivated users
*/
$query = $this->db->get_where(PA_NG_TABLE_MAILBOX, ["username" => $username, "active" => TRUE]);
if ($query->num_rows() > 0) {
$result = $query->result();
$query->free_result();
// Check password over pacrypt
if ($result->password == pacrypt($password, $result->password)) {
$result->type = Auth::USER;
$this->auth->initialize($result);
return TRUE;
}
}
}
return FALSE;
}
/**
* @return boolean true on success; false on failure
* @param string $old_password
* @param string $new_passwords
* @param bool $match = true
*
* All passwords need to be plain text; they'll be hashed appropriately
* as per the configuration in config.inc.php
*/
public function change_pw($new_password, $old_password, $match = true)
{
list(, $domain) = explode('@', $this->id);
if ($match == true) {
if (!$this->login($this->id, $old_password)) {
db_log($domain, 'edit_password', "MATCH FAILURE: " . $this->id);
$this->errormsg[] = Config::Lang('pPassword_password_current_text_error');
return false;
}
}
$set = array('password' => pacrypt($new_password));
$result = db_update('mailbox', 'username', $this->id, $set);
if ($result != 1) {
db_log($domain, 'edit_password', "FAILURE: " . $this->id);
$this->errormsg[] = Config::lang('pEdit_mailbox_result_error');
return false;
}
db_log($domain, 'edit_password', $this->id);
return true;
}
/**
* Attempt to log a user in.
* @param string $username
* @param string $password
* @return boolean true on successful login (i.e. password matches etc)
*/
public function login($username, $password)
{
$username = escape_string($username);
$table = table_by_key($this->db_table);
$active = db_get_boolean(True);
$query = "SELECT password FROM {$table} WHERE " . $this->id_field . "='{$username}' AND active='{$active}'";
$result = db_query($query);
if ($result['rows'] == 1) {
$row = db_array($result['result']);
$crypt_password = pacrypt($password, $row['password']);
if ($row['password'] == $crypt_password) {
return true;
}
}
return false;
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$fUsername = escape_string($_POST['fUsername']);
$fPassword = escape_string($_POST['fPassword']);
$lang = safepost('lang');
if ($lang != check_language(0)) {
# only set cookie if language selection was changed
setcookie('lang', $lang, time() + 60 * 60 * 24 * 30);
# language cookie, lifetime 30 days
# (language preference cookie is processed even if username and/or password are invalid)
}
$active = db_get_boolean(True);
$query = "SELECT password FROM {$table_mailbox} WHERE username='******' AND active={$active}";
$result = db_query($query);
if ($result['rows'] == 1) {
$row = db_array($result['result']);
$password = pacrypt($fPassword, $row['password']);
$query = "SELECT * FROM {$table_mailbox} WHERE username='******' AND password='******' AND active={$active}";
$result = db_query($query);
if ($result['rows'] != 1) {
$error = 1;
$tMessage = $PALANG['pLogin_password_incorrect'];
$tUsername = $fUsername;
}
} else {
$error = 1;
$tMessage = $PALANG['pLogin_username_incorrect'];
}
if ($error != 1) {
session_regenerate_id();
$_SESSION['sessid'] = array();
$_SESSION['sessid']['roles'] = array();
$tQuota = $fQuota;
$tDomain = $fDomain;
$pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text_error'];
}
}
$result = db_query("SELECT * FROM {$table_alias} WHERE address='{$fUsername}'");
if ($result['rows'] == 1) {
$error = 1;
$tUsername = escape_string($_POST['fUsername']);
$tName = $fName;
$tQuota = $fQuota;
$tDomain = $fDomain;
$pCreate_mailbox_username_text = $PALANG['pCreate_mailbox_username_text_error2'];
}
if ($error != 1) {
$password = pacrypt($fPassword);
if ($CONF['domain_path'] == "YES") {
if ($CONF['domain_in_mailbox'] == "YES") {
$maildir = $fDomain . "/" . $fUsername . "/";
} else {
$maildir = $fDomain . "/" . escape_string(strtolower($_POST['fUsername'])) . "/";
}
} else {
$maildir = $fUsername . "/";
}
if (!empty($fQuota)) {
$quota = multiply_quota($fQuota);
} else {
$quota = 0;
}
if ($fActive == "on") {
function create_admin($fUsername, $fPassword, $fPassword2, $fDomains, $no_generate_password = 0)
{
global $PALANG;
global $CONF;
$error = 0;
$tMessage = '';
$pAdminCreate_admin_username_text = '';
$pAdminCreate_admin_password_text = '';
if (!check_email($fUsername)) {
$error = 1;
$pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text_error1'];
}
if (empty($fUsername) or admin_exist($fUsername)) {
$error = 1;
$pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text_error2'];
}
if (empty($fPassword) or empty($fPassword2) or $fPassword != $fPassword2) {
if (empty($fPassword) and empty($fPassword2) and $CONF['generate_password'] == "YES" && $no_generate_password == 0) {
$fPassword = generate_password();
} else {
$error = 1;
$pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text'];
$pAdminCreate_admin_password_text = $PALANG['pAdminCreate_admin_password_text_error'];
}
}
if ($error != 1) {
$password = pacrypt($fPassword);
$pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text'];
$result = db_query("INSERT INTO " . table_by_key('admin') . " (username,password,created,modified) VALUES ('{$fUsername}','{$password}',NOW(),NOW())");
if ($result['rows'] != 1) {
$tMessage = $PALANG['pAdminCreate_admin_result_error'] . "<br />({$fUsername})<br />";
} else {
if (!empty($fDomains[0])) {
for ($i = 0; $i < sizeof($fDomains); $i++) {
$domain = $fDomains[$i];
$result = db_query("INSERT INTO " . table_by_key('domain_admins') . " (username,domain,created) VALUES ('{$fUsername}','{$domain}',NOW())");
}
}
$tMessage = $PALANG['pAdminCreate_admin_result_success'] . "<br />({$fUsername}";
if ($CONF['generate_password'] == "YES" && $no_generate_password == 0) {
$tMessage .= " / {$fPassword})</br />";
} else {
if ($CONF['show_password'] == "YES" && $no_generate_password == 0) {
$tMessage .= " / {$fPassword})</br />";
} else {
$tMessage .= ")</br />";
}
}
}
}
# TODO: should we log creation, editing and deletion of admins?
# Note: needs special handling in viewlog, because domain is empty
# db_log ($SESSID_USERNAME, '', 'create_admin', "$fUsername");
return array($error, $tMessage, $pAdminCreate_admin_username_text, $pAdminCreate_admin_password_text);
}
/**
* @param string $name
* @param mixed $value
*/
public function __set($name, $value)
{
if (isset($this->{$name})) {
if ($name == "password") {
$this->password = pacrypt($pw);
} else {
$this->{$name} = $value;
}
}
}
}
if (isset($_POST['fQuota'])) {
$fQuota = intval($_POST['fQuota']);
}
if (isset($_POST['fActive'])) {
$fActive = escape_string($_POST['fActive']);
}
if ($fPassword != $user_details['password']) {
$min_length = $CONF['min_password_length'];
if ($fPassword == $fPassword2) {
if ($fPassword != "") {
if ($min_length > 0 && strlen($fPassword) < $min_length) {
flash_error(sprintf($PALANG['pPasswordTooShort'], $CONF['min_password_length']));
$error = 1;
}
$formvars['password'] = pacrypt($fPassword);
}
} else {
flash_error($PALANG['pEdit_mailbox_password_text_error']);
$error = 1;
}
}
if ($CONF['quota'] == "YES") {
if (!check_quota($fQuota, $fDomain)) {
$error = 1;
$tName = $fName;
$tQuota = $fQuota;
$tActive = $fActive;
$pEdit_mailbox_quota_text = $PALANG['pEdit_mailbox_quota_text_error'];
}
}
