public function index()
{
if (!isset($_POST['domain']) || $_POST['domain'] == '') {
$this->session->set_flashdata('error', 'Please make sure you enter a domain name');
$this->session->set_flashdata('domain', $_POST['domain']);
redirect("/home", "refresh");
}
//remove "http://", "https://" and trailing slashes
$url = str_replace("http://", "", $_POST['domain']);
//$domain = trim( $domain, "https://" );
$url = rtrim($url, "/");
//sub folder action?
$temp = explode("/", $url);
if (count($temp) > 1) {
$domain = $temp[0];
} else {
$domain = $url;
}
if (!is_valid_domain_name($domain)) {
$this->session->set_flashdata('error', 'Please make sure you enter a valid domain name and the domain name has a valid IP address asigned to it.');
$this->session->set_flashdata('domain', $_POST['domain']);
redirect("/home", "refresh");
}
//moving on, $domain now contains a crawlable domain name
//counter to enforce a maximum of crawled URLs
$this->session->set_userdata('pageCounter', 1);
$siteID = $this->crawlmodel->createSite($url);
$this->data['siteID'] = $siteID;
$this->data['page'] = "statiq";
$this->load->view('statiq', $this->data);
}
function mailbox_delete_alias_domain($link, $postarray)
{
$alias_domain = mysqli_real_escape_string($link, $postarray['alias_domain']);
global $logged_in_role;
global $logged_in_as;
if (!mysqli_result(mysqli_query($link, "SELECT target_domain FROM alias_domain WHERE alias_domain='" . $alias_domain . "' AND (target_domain NOT IN (SELECT domain from domain_admins WHERE username='******') OR 'admin'!='" . $logged_in_role . "')"))) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => 'Permission denied');
return false;
}
if (!is_valid_domain_name($alias_domain)) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => 'Invalid domain name');
return false;
}
$mystring = "DELETE FROM alias_domain WHERE alias_domain='" . $alias_domain . "'";
if (!mysqli_query($link, $mystring)) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL Error: ' . mysqli_error($link));
return false;
}
$_SESSION['return'] = array('type' => 'success', 'msg' => 'Deleted alias domain ' . htmlspecialchars($alias_domain));
}
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="trigger_mailbox_action" value="editdomainadmin" class="btn btn-success btn-sm">Submit</button>
</div>
</div>
</form>
<?php
} else {
echo 'Item not found or no permission.';
}
}
} elseif (isset($_GET['domain'])) {
if (!is_valid_domain_name($_GET["domain"]) || empty($_GET["domain"])) {
echo 'Incorrect form data';
} else {
$domain = mysqli_real_escape_string($link, $_GET["domain"]);
if (mysqli_fetch_array(mysqli_query($link, "SELECT domain FROM domain WHERE domain='{$domain}' AND ((domain IN (SELECT domain from domain_admins WHERE username='******') OR 'admin'='{$logged_in_role}'))"))) {
$result = mysqli_fetch_assoc(mysqli_query($link, "SELECT * FROM domain WHERE domain='{$domain}'"));
?>
<h4>Change settings for domain <strong><?php
echo $domain;
?>
</strong></h4>
<form class="form-horizontal" role="form" method="post">
<input type="hidden" name="domain" value="<?php
echo $domain;
?>
">
function get_dns_records($type, $domains)
{
// Allow the request variable from above
global $r;
// Make array from list of domains
$urls = preg_split('/\\s+/', $domains);
// Check which radio button was selected and assign record type
switch ($type) {
case "radio1":
$record_type = "A";
break;
default:
case "radio2":
$record_type = "AAAA";
break;
case "radio3":
$record_type = "CNAME";
break;
case "radio4":
$record_type = "MX";
break;
case "radio5":
$record_type = "NS";
break;
case "radio6":
$record_type = "PTR";
break;
case "radio7":
$record_type = "SPF";
break;
case "radio8":
$record_type = "TXT";
break;
case "radio9":
$record_type = "REVERSE";
break;
}
// Loop through the domains given
foreach ($urls as $data) {
if (is_valid_domain_name($data)) {
// If the record type isn't a reverse lookup then use Net_DNS2 to run the DNS query
if ($record_type !== "REVERSE") {
try {
$record = $r->query($data, $record_type);
} catch (Net_DNS2_Exception $e) {
// If the query fails completely then let us know why
$record = "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">" . $e->getMessage() . "</span></td></tr>\n";
}
// If the record type is reverse lookup make sure the data given in the textbox matches standard IPv4/v6 types
} elseif ($record_type === "REVERSE") {
if (filter_var($data, FILTER_VALIDATE_IP)) {
$record = gethostbyaddr($data);
} else {
$record = "Please enter a valid IPv4/v6 address";
}
}
// If record type isn't REVERSE and there's no record for the query let us know
if ($record_type !== "REVERSE" && empty($record->answer)) {
// If the DNS entry doesn't exist then tell us
echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\"> No record available</span></td></tr>\r\n";
// Otherwise, echo out the record results for each of the queries
} else {
switch ($record_type) {
// Record type is set as A or AAAA
case "A":
case "AAAA":
foreach ($record->answer as $dnsr) {
if (isset($dnsr->address)) {
echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsr->address . "</td></tr>\r\n";
} elseif (isset($dnsr->cname)) {
echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsr->cname . "</td></tr>\r\n";
} else {
echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n";
}
}
default:
break;
// Record type is set as CNAME
// Record type is set as CNAME
case "CNAME":
foreach ($record->answer as $dnsr) {
if (isset($dnsr->cname)) {
echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsr->cname . "</td></tr>\r\n";
} else {
echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n";
}
}
break;
// Record type is set as MX
// Record type is set as MX
case "MX":
foreach ($record->answer as $dnsr) {
if (isset($dnsr->preference) && isset($dnsr->exchange)) {
echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsr->preference . "</td><td class=\"record\">" . $dnsr->exchange . "</td></tr>\r\n";
} else {
echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n";
}
}
break;
// Record type is set as NS
// Record type is set as NS
case "NS":
foreach ($record->answer as $dnsr) {
if (isset($dnsr->nsdname)) {
echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsr->nsdname . "</td></tr>\r\n";
} else {
echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n";
}
}
break;
// Record type is set as PTR
// Record type is set as PTR
case "PTR":
foreach ($record->answer as $dnsr) {
if (isset($dnsr->name) && isset($dnsr->ptrdname)) {
echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsr->name . "</td><td class=\"record\">" . $dnsr->ptrdname . "</td></tr>\r\n";
} else {
echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n";
}
}
break;
// Record type is set as SPF or TXT
// Record type is set as SPF or TXT
case "SPF":
case "TXT":
foreach ($record->answer as $dnsr) {
if (isset($dnsr->text)) {
foreach ($dnsr->text as $dnsrtext) {
if (isset($dnsrtext)) {
echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsrtext . "</td></tr>\r\n";
} else {
echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n";
}
}
} else {
echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n";
}
}
break;
// Record type is set as ReverseDNS
// Record type is set as ReverseDNS
case "REVERSE":
if (isset($record)) {
echo "<tr><td>" . $data . "</td><td class=\"record\"> " . $record . "</td></tr>\r\n";
} else {
echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n";
}
break;
}
}
} else {
echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">Invalid domain name entered</span></td></tr>\r\n";
}
}
}
echo $lang['delete']['remove_button'];
?>
</button>
</div>
</div>
</form>
<?php
} else {
?>
<div class="alert alert-info" role="alert"><?php
echo $lang['info']['no_action'];
?>
</div>
<?php
}
} elseif (isset($_GET["aliasdomain"]) && is_valid_domain_name($_GET["aliasdomain"]) && !empty($_GET["aliasdomain"])) {
$alias_domain = strtolower(trim($_GET["aliasdomain"]));
try {
$stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain`\r\n\t\t\t\t\t\t\tWHERE `alias_domain`= :alias_domain");
$stmt->execute(array(':alias_domain' => $alias_domain));
$DomainData = $stmt->fetch(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL: ' . $e);
}
if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $DomainData['target_domain'])) {
?>
<div class="alert alert-warning" role="alert"><?php
echo sprintf($lang['delete']['remove_domainalias_warning'], htmlspecialchars($_GET["aliasdomain"]));
?>
</div>
<form class="form-horizontal" role="form" method="post" action="/mailbox.php">
pi_log("CORS skipped, unknown HTTP_ORIGIN");
//pi_log("CORS allowed: " . join(',', $AUTHORIZED_HOSTNAMES));
}
// Otherwise probably same origin... out of the scope of CORS
session_start();
// Check CSRF token
// Credit: http://php.net/manual/en/function.hash-equals.php#119576
if (!function_exists('hash_equals')) {
function hash_equals($known_string, $user_string)
{
$ret = 0;
if (strlen($known_string) !== strlen($user_string)) {
$user_string = $known_string;
$ret = 1;
}
$res = $known_string ^ $user_string;
for ($i = strlen($res) - 1; $i >= 0; --$i) {
$ret |= ord($res[$i]);
}
return !$ret;
}
}
if (!isset($_SESSION['token'], $_POST['token']) || !hash_equals($_SESSION['token'], $_POST['token'])) {
log_and_die("Wrong token");
}
if (isset($_POST['domain'])) {
$validDomain = is_valid_domain_name($_POST['domain']);
if (!$validDomain) {
log_and_die($_POST['domain'] . ' is not a valid domain');
}
}
function mailbox_delete_alias_domain($link, $postarray)
{
$alias_domain = mysqli_real_escape_string($link, $postarray['alias_domain']);
global $logged_in_as;
$qstring = "SELECT `domain` FROM `domain_admins` WHERE (domain='" . $alias_domain . "' AND active='1' AND username='******') OR 'admin'='" . $_SESSION['mailcow_cc_role'] . "'";
$qresult = mysqli_query($link, $qstring);
$num_results = mysqli_num_rows($qresult);
if ($num_results == 0 || empty($num_results)) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => 'Permission Denied');
return false;
}
if (!is_valid_domain_name($alias_domain)) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => 'Invalid domain name');
return false;
}
$mystring = "DELETE FROM alias_domain WHERE alias_domain='" . $alias_domain . "'";
if (!mysqli_query($link, $mystring)) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL Error: ' . mysqli_error($link));
return false;
}
$_SESSION['return'] = array('type' => 'success', 'msg' => 'Deleted alias domain ' . htmlspecialchars($alias_domain));
}
function add_domain_admin($postarray)
{
global $lang;
global $pdo;
$username = strtolower(trim($postarray['username']));
$password = $postarray['password'];
$password2 = $postarray['password2'];
isset($postarray['active']) ? $active = '1' : ($active = '0');
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['access_denied']));
return false;
}
if (empty($postarray['domain'])) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['domain_invalid']));
return false;
}
if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty($username)) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['username_invalid']));
return false;
}
try {
$stmt = $pdo->prepare("SELECT `username` FROM `mailbox`\r\n\t\t\tWHERE `username` = :username");
$stmt->execute(array(':username' => $username));
$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
$stmt = $pdo->prepare("SELECT `username` FROM `admin`\r\n\t\t\tWHERE `username` = :username");
$stmt->execute(array(':username' => $username));
$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
$stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`\r\n\t\t\tWHERE `username` = :username");
$stmt->execute(array(':username' => $username));
$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
} catch (PDOException $e) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL: ' . $e);
return false;
}
foreach ($num_results as $num_results_each) {
if ($num_results_each != 0) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($username)));
return false;
}
}
if (!empty($password) && !empty($password2)) {
if ($password != $password2) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['password_mismatch']));
return false;
}
$password_hashed = hash_password($password);
foreach ($postarray['domain'] as $domain) {
if (!is_valid_domain_name($domain)) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['domain_invalid']));
return false;
}
try {
$stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)\r\n\t\t\t\t\t\tVALUES (:username, :domain, :created, :active)");
$stmt->execute(array(':username' => $username, ':domain' => $domain, ':created' => date('Y-m-d H:i:s'), ':active' => $active));
} catch (PDOException $e) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL: ' . $e);
return false;
}
}
try {
$stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)\r\n\t\t\t\tVALUES (:username, :password_hashed, '0', :created, :modified, :active)");
$stmt->execute(array(':username' => $username, ':password_hashed' => $password_hashed, ':created' => date('Y-m-d H:i:s'), ':modified' => date('Y-m-d H:i:s'), ':active' => $active));
} catch (PDOException $e) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL: ' . $e);
return false;
}
} else {
$_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['password_empty']));
return false;
}
$_SESSION['return'] = array('type' => 'success', 'msg' => sprintf($lang['success']['domain_admin_added'], htmlspecialchars($username)));
}
function addSubDomain()
{
global $subdomain, $domainname;
$this->getVariable(array('subdomain', "domainname"));
$domainname = $this->chooseDomain(__FUNCTION__, $domainname);
$success = True;
$filter = "domainname='{$domainname}'";
if ($subdomain) {
if (!is_valid_domain_name($subdomain)) {
return $this->error_text_tr("domain_format_wrong");
}
$count = $this->recordcount($this->conf['subdomainstable']['tablename'], "domainname='{$domainname}' and subdomain='{$subdomain}'");
# todo: this should be moved to existscontrol
if ($count > 0) {
return $this->errorText("subdomain already exists.");
}
$domaininfo = $this->domaininfo = $this->getDomainInfo($domainname);
$homedir = $domaininfo['homedir'] . "/httpdocs/subdomains/{$subdomain}";
$webserverips = $domaininfo['webserverips'];
$qu = "insert into " . $this->conf['subdomainstable']['tablename'] . " (panelusername,subdomain,domainname,homedir,webserverips)values('{$this->activeuser}','{$subdomain}','{$domainname}','{$homedir}','{$webserverips}')";
$success = $success && $this->executeQuery($qu, $opname);
#$success=$success && $this->addDaemonOp("daemondomain","addsubdomain",$domainname,$homedir,'add subdomain');
$success = $success && $this->add_daemon_op(array('op' => 'daemondomain', 'action' => 'addsubdomain', 'info' => $subdomain, 'info2' => $domainname, 'info3' => $homedir));
$success = $success && $this->addDaemonOp("syncdomains", 'xx', $domainname, '', 'sync domains');
if ($success) {
$sub1 = "http://" . $subdomain . "." . $domainname;
$sub2 = "http://www." . $subdomain . "." . $domainname;
$this->output .= "<br>You may access <a target=_blank href='{$sub1}'>{$sub1}</a> and <a target=_blank href='{$sub2}'>{$sub2}</a> in a few seconds..<br>";
}
$this->ok_err_text($success, "Add subdomain success", "Error adding subdomain");
} else {
$inputparams = array(array('subdomain', 'righttext' => ".{$domainname}"));
$this->output .= "Enter subdomain here: <br>(additionally, www. automatically will be added in front of subdomain)" . inputform5($inputparams);
}
$this->showSimilarFunctions('subdomainsDirs');
return $success;
}
$password = htmlspecialchars($_POST['pword']);
$confirm_password = htmlspecialchars($_POST['confirmpword']);
$opac_server_name = htmlspecialchars($_POST['opacname']);
$intra_server_name = htmlspecialchars($_POST['intraname']);
}
# Check validity of the parameters.
if ($password !== $confirm_password && $respond == null) {
$respond = "Mismatching passwords";
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL) && $respond == null) {
$respond = "Invalid email address";
}
if (!is_valid_domain_name($opac_server_name) && $respond == null) {
$respond = "Invalid OPAC server name";
}
if (!is_valid_domain_name($intra_server_name) && $respond == null) {
$respond = "Invalid intranet server name";
}
# If all of the parameters are valid, continue to send the request.
if ($respond == null) {
try {
$mysqli = new mysqli(HOSTNAME, USERNAME, PASSWORD, DATABASE);
##
# Register the Koha site with the registration database.
##
if (!($statement = $mysqli->prepare("CALL add_koha_site(?, ?, ?, ?, ?, ?)"))) {
throw new Exception("Unable to prepare SQL statement for adding the Koha site (" . $mysqli->errno . "): " . $mysqli->error);
}
if (!$statement->bind_param("ssssss", $first_name, $surname, $email, $password, $opac_server_name, $intra_server_name)) {
throw new Exception("Unable to bind parameters to the statement for adding the Koha site (" . $statement->errno . "): " . $statement->error);
}
