banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial Import in SourceForge

Browse Source 
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/tags/postfixadmin-1.4.0@1 a1433add-5e2c-0410-b055-b7f2511e0802
postfixadmin-1.4.0
Mischa Peters 19 years ago
commit 36339f66a5
33 changed files with 2496 additions and 0 deletions
Show Stats Download Patch File Download Diff File

35
CHANGELOG.TXT
Unescape Escape View File

@ -0,0 +1,35 @@
#############################
# Postfix Admin Release 1.x #
#############################
#
# 2003 (c) High5!
# Created by: Mischa Peters <mischa@high5.net>
#
Version 1.4.0 -- TBD
---------------------
- Added: When deleting a domain, all aliases and mailboxes for that domain
are also deleted from the database.
- Added: Add standard aliases for every domain that is created.
These aliases can point to the main "local" administrator.
The aliases are configured in the config.php in the admin directory.
- Change: The layout of my_lib.php and site_lib.php have been changed.
- Change: Modifying an alias is now done with TEXTAREA for more
flexibility.
- Fix: minor bugs and cosmetic fixes.
Version 1.3.8a -- 2003/03/31
----------------------------
- Fix: After deletion of a domain it would not return to the correct page.
Version 1.3.8 -- 2003/03/25
----------------------------
- Added: Admin password change. No longer needed to delete and re-enter
the admin user for a specific domain.
Version 1.3.7 -- 2002/12/24
----------------------------
- Initial public release of Postfix Admin.

111
INSTALL.TXT
Unescape Escape View File

@ -0,0 +1,111 @@
#############################
# Postfix Admin Release 1.x #
#############################
#
# 2003 (c) High5!
# Created by: Mischa Peters <mischa@high5.net>
#
# Detailed instructions on how to install / upgrade Postfix Admin can be
# found in UPGRADE.TXT
#
# Unpack Postfix Admin in the directory where you want it. For example: /usr/local/www/<site>/postfixadmin
# There is also an Admin Admin part, change directory to the "admin" directory
# and change the path to the .htpasswd file in the .htaccess file.
#
# Some other information that you might want to look at is in the site_lib.php
# file.
#
# In order to be able to read & write from the database I have created a
# seperate user in MySQL. I do this because Postfix Admin needs to have more
# rights on the Postfix database. If you are worried abour the password for
# the database. I have Postfix Admin running as the WebServer owner:group,
# that way your postfix username and password are somewhat protected against
# local users.
#
# You can use this file to create the tables that are needed to use postfix
# with mysql. The bottom part is for Postfix Admin.
#
# You can do this from the command line with:
#
# mysql -u root [-p] < INSTALL.TXT
#
# Postfix / MySQL
#
USE mysql
INSERT INTO user (Host, User, Password) VALUES ('localhost','postfix',password('postfix'));
INSERT INTO db (Host, Db, User, Select_priv) VALUES ('localhost','postfix','postfix','Y');
CREATE DATABASE postfix;
#
# Table structure for table alias
#
USE postfix;
CREATE TABLE alias (
address varchar(255) NOT NULL default '',
goto text NOT NULL,
domain varchar(255) NOT NULL default '',
create_date datetime NOT NULL default '0000-00-00 00:00:00',
change_date datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(4) NOT NULL default '1',
PRIMARY KEY (address),
UNIQUE KEY address (address),
KEY address_2 (address)
) TYPE=MyISAM COMMENT='Virtual Aliases - mysql_virtual_alias_maps';
#
# Table structure for table domain
#
USE postfix;
CREATE TABLE domain (
domain varchar(255) NOT NULL default '',
description varchar(255) NOT NULL default '',
create_date datetime NOT NULL default '0000-00-00 00:00:00',
change_date datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(4) NOT NULL default '1',
PRIMARY KEY (domain),
UNIQUE KEY domain (domain)
) TYPE=MyISAM COMMENT='Virtual Domains - mysql_virtual_domains_maps';
#
# Table structure for table mailbox
#
USE postfix;
CREATE TABLE mailbox (
username varchar(255) NOT NULL default '',
password varchar(255) NOT NULL default '',
name varchar(255) NOT NULL default '',
maildir varchar(255) NOT NULL default '',
domain varchar(255) NOT NULL default '',
create_date datetime NOT NULL default '0000-00-00 00:00:00',
change_date datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(4) NOT NULL default '1',
PRIMARY KEY (username),
UNIQUE KEY id (username)
) TYPE=MyISAM COMMENT='Virtual Mailboxes - mysql_virtual_mailbox_maps';
#
#
#
#
# Postfix Admin User & Table
#
USE mysql
INSERT INTO user (Host, User, Password) VALUES ('localhost','postfixadmin',password('postfixadmin'));
INSERT INTO db (Host, Db, User, Select_priv, Insert_priv, Update_priv, Delete_priv) VALUES ('localhost', 'postfix', 'postfixadmin', 'Y', 'Y', 'Y', 'Y');
#
# Table structure for table admin
#
USE postfix;
CREATE TABLE admin (
username varchar(255) NOT NULL default '',
password varchar(255) NOT NULL default '',
domain varchar(255) NOT NULL default '',
create_date datetime NOT NULL default '0000-00-00 00:00:00',
change_date datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(4) NOT NULL default '1',
UNIQUE KEY username (username),
KEY username_2 (username)
) TYPE=MyISAM COMMENT='Virtual Admins - Store Virtual Domain Admins';

50
LICENSE.TXT
Unescape Escape View File

@ -0,0 +1,50 @@
License for Postfix Admin:
The contents of this file are subject to the Mozilla Public License
Version 1.1 (the "License"); you may not use this file except in
compliance with the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS"
basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
License for the specific language governing rights and limitations
under the License.
The Original Code is Postfix Admin.
The Initial Developer of the Original Code is Mischa Peters <mischa@high5.net>.
Portions created by Mischa Peters are Copyright (c) 2002, 2003.
All Rights Reserved.
Contributor(s):
This project includes work by Mischa Peters and others that is:
Copyright (c) 2002,2003 Mischa Peters
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
Neither the names of the copyright holders nor the names of the XLW
Group and its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

90
UPGRADE.TXT
Unescape Escape View File

@ -0,0 +1,90 @@
#############################
# Postfix Admin Release 1.x #
#############################
#
# 2003 (c) High5!
# Created by: Mischa Peters <mischa@high5.net>
#
Upgrade from 1.3.x
------------------
Since some features have been added to this release which are partially
coming from site_lib.php it's wise to do a complete upgrade and modify your
settings in the new site_lib.php.
1. Backup old installation
---------------------------
Make a backup of your current Postfix Admin directory. If you use "cp", be
sure to use the "-Rp" options. -R means recursive, and -p will save the
permissions in the directory.
In this example, we assume that your httpd document directory is
/usr/local/postfixadmin, that your Postfix Admin install is located at
/usr/local/postfixadmin/postfixadmin, and that your new Postfix Admin version is 1.4.0.
Substitute version numbers and names as required.
$ cd /usr/local/postfixadmin
$ cp -Rp postfixadmin postfixadmin.old
2. Unarchive new Postfix Admin
------------------------------
Make sure that you are in your /usr/local/postfixadmin/ directory and then unarchive the
Postfix Admin archive (whatever the filename is):
$ tar -zxvf postfixadmin-1.4.0.tgz
3. Change permissions
----------------------
Since the database password is stored in the site_lib.php it's a good idea
to have Postfix Admin set to the permission of the webserver. In this
example, we assume that user "www" and group "www" are the web server as is
often the case with Apache.
$ cd /usr/local/postfixadmin/
$ chown -R www:www postfixadmin
This is also a good idea for the file permissions.
$ cd /usr/local/postfixadmin/postfixadmin
$ chmod 640 *.php *.css
$ cd /usr/local/postfixadmin/postfixadmin/admin
$ chmod 640 *.php *.css
Additionally, if "chown user:group" doesn't work, you can use "chown user"
and "chgrp group" instead. See the man pages for these commands for more
information.
4. Create the MySQL Tables
--------------------------
In INSTALL.TXT you can find the table structure that you need in order to
configure Postfix Admin and Postfix in general to work with Virtual Domains
and Users
5. Configure
------------
Look at the file site_lib.php in the root of Postfix Admin and the
site_lib.php in the admin directory. Here you can specify the username and
possword of the Postfix Admin user as well as the database name.
In this file you can also find the text that is displayed as the title,
header and footer. You can change this as you see fit.
To change the background and text color please check the stylesheet.css
In config.php in the admin directory you can find an array of default
aliases that are created when a new domain is created. You can change these
aliases so that they reflect your setup.
The default password for the admin part of Postfix Admin is admin/admin.
This is specified in the .htpasswd file in the admin directory.
Make sure that the location of the .htpasswd file matches your path.
6. Done
-------
This is all that is needed. Fire up your browser and go to the site that you
specified to host Postfix Admin.

8
admin/.htaccess
Unescape Escape View File

@ -0,0 +1,8 @@
AuthUserFile /usr/local/postfixadmin/admin/.htpasswd
AuthGroupFile /dev/null
AuthName "Postfix Admin"
AuthType Basic
<limit GET POST>
require valid-user
</limit>

1
admin/.htpasswd
Unescape Escape View File

@ -0,0 +1 @@
admin:$apr1$5awhn...$NvPhYnYme5lGzdXBd3/P//

50
admin/LICENSE.TXT
Unescape Escape View File

@ -0,0 +1,50 @@
License for Postfix Admin:
The contents of this file are subject to the Mozilla Public License
Version 1.1 (the "License"); you may not use this file except in
compliance with the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS"
basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
License for the specific language governing rights and limitations
under the License.
The Original Code is Postfix Admin.
The Initial Developer of the Original Code is Mischa Peters <mischa@high5.net>.
Portions created by Mischa Peters are Copyright (c) 2002, 2003.
All Rights Reserved.
Contributor(s):
This project includes work by Mischa Peters and others that is:
Copyright (c) 2002,2003 Mischa Peters
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
Neither the names of the copyright holders nor the names of the XLW
Group and its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

44
admin/adminview.php
Unescape Escape View File

@ -0,0 +1,44 @@
<?php
include "my_lib.php";
print_header();
print_menu();
print "<hr>\n";
$query = "SELECT * FROM admin ORDER BY domain,username";
$result = db_query ("$query");
if ($result[rows] > 0) {
print "<table border=1 cellpadding=2 cellspacing=2 width=75%>\n";
print "<tr class=\"header\">";
print "<td>Domain Name</td>";
print "<td>Admin Alias</td>";
print "<td>Last Modified</td>";
print "<td>Active</td>";
print "<td colspan=\"2\">&nbsp;</td>";
print "</tr>";
while ($row = mysql_fetch_array ($result[result])) {
print "<tr onMouseOver=\"this.bgColor = '#dfdfdf'\" onMouseOut =\"this.bgColor = '#ffffff'\" bgcolor=\"#ffffff\">";
print "<td><a href=virtualview.php?where=$row[domain]>$row[domain]</a></td>";
print "<td>$row[username]</td>";
print "<td>$row[change_date]</td>";
print "<td>$row[active]</td>";
print "<td><a href=passwd.php?username=$row[username]>edit</a></td>";
print "<td><a href=delete.php?table=admin&where=username&delete=$row[username] onclick=\"return confirm ('Are you sure you want to delete this?')\">del</a></td>";
print "</tr>\n";
}
print "</table>\n";
print "<p>\n";
print "Found: $result[rows]<br>\n";
} else {
print "<p>\n";
print "Nothing Found!\n";
}
print "<p>\n";
print_footer();
?>

15
admin/config.php
Unescape Escape View File

@ -0,0 +1,15 @@
<?php
//
// If config.php is called directly, redirect to login.php
//
if (ereg("config.php", $PHP_SELF)) {
header("Location: ../login.php");
}
// default aliases that need to be created for all domains
$default_aliases = array (
"abuse" => "abuse@example.com",
"postmaster" => "postmaster@localhost",
"webmaster" => "webmaster@example.com",
);
?>

47
admin/delete.php
Unescape Escape View File

@ -0,0 +1,47 @@
<?php
include "my_lib.php";
$table = $_GET[table];
$where = $_GET[where];
$delete = $_GET[delete];
$url = "$table" . "view.php";
if ($table == "domain") {
$r_domain = db_delete ("domain",$where,$delete);
$r_admin = db_delete ("admin",$where,$delete);
$r_alias = db_delete ("alias",$where,$delete);
$r_mailbox = db_delete ("mailbox",$where,$delete);
if (($r_domain == 1) and ($r_admin >= 0) and ($r_alias >= 0) and ($r_mailbox >= 0)) {
header("Location: $url");
} else {
print_header();
print "<hr>\n";
print "<b>Unable</b> to delete all entries for complete domain deletion!<p>\n";
print "Domain delete: $r_domain<br>\n";
print "Admin delete: $r_admin<br>\n";
print "Alias delete: $r_alias<br>\n";
print "Mailbox delete: $r_mailbox<br>\n";
print "<p>\n";
print_footer();
}
} else {
$result = db_delete ($table,$where,$delete);
if ($result == 1) {
header("Location: $url");
} else {
print_header();
print "<hr>\n";
print "<b>Unable</b> to delete entry $delete from the $table table!\n";
print "<p>\n";
print_footer();
}
}
function db_delete ($table,$where,$delete) {
$result = db_query ("DELETE FROM $table WHERE $where='$delete'");
if ($result[rows] >= 1) {
return $result[rows];
} else {
return 0;
}
}
?>

41
admin/domainview.php
Unescape Escape View File

@ -0,0 +1,41 @@
<?php
include "my_lib.php";
print_header();
print_menu();
print "<hr>\n";
$query = "SELECT * FROM domain ORDER BY domain";
$result = db_query ("$query");
if ($result[rows] > 0) {
print "<table border=1 cellpadding=2 cellspacing=2 width=75%>\n";
print "<tr class=\"header\">";
print "<td>Domain</td>";
print "<td>Description</td>";
print "<td>Last Modified</td>";
print "<td>&nbsp;</td>";
print "</tr>";
while ($row = mysql_fetch_array ($result[result])) {
print "<tr onMouseOver=\"this.bgColor = '#dfdfdf'\" onMouseOut =\"this.bgColor = '#ffffff'\" bgcolor=\"#ffffff\">";
print "<td><a href=virtualview.php?where=$row[domain]>$row[domain]</a></td>";
print "<td>$row[description]</td>";
print "<td>$row[change_date]</td>";
print "<td><a href=delete.php?table=domain&where=domain&delete=$row[domain] onclick=\"return confirm ('Do you really want to delete all records for this domain? This can not be undone!')\">del</a></td>";
print "</tr>\n";
}
print "</table>\n";
print "<p>\n";
print "Found: $result[rows]<br>\n";
} else {
print "<p>\n";
print "Nothing Found!\n";
}
print "<p>\n";
print_footer();
?>

1
admin/index.php
Unescape Escape View File

@ -0,0 +1 @@
adminview.php

264
admin/my_lib.php
Unescape Escape View File

@ -0,0 +1,264 @@
<?php
//
// If my_lib.php is called directly, redirect to login.php
//
if (ereg("my_lib.php", $PHP_SELF)) {
header("Location: ../login.php");
}
include "site_lib.php";
include "config.php";
//
// check_session
// Action: Check if a session already exists, if not redirect to login.php
// Call: check_session()
//
function check_session() {
session_name("SessID");
session_start();
if (!session_is_registered("sessid")) {
// if session is not registered redirect to login.php
header("Location: login.php");
exit;
}
$sessid[domain] = $_SESSION[sessid][domain];
$sessid[username] = $_SESSION[sessid][username];
return $sessid;
}
//
// check_admin
// Action: Check if user is admin and allowed to view the page
// Call: check_admin(string admin);
//
function check_admin($admin) {
if ($admin == "N") {
print_header();
print "You are not allowed to view this page.\n";
print_footer();
exit;
}
}
//
// check_string
// Action: checks if a string is valid and returns TRUE is this is the case.
// Call: check_string(string var)
//
function check_string($var) {
return (preg_match('/^([A-Za-z ]+)+$/', $var));
}
//
// check_escape
// Action: checks to see if there are chars that need to be escaped
// Call: check_escape(string var)
//
function check_escape($var) {
$search = array ("'<script[^>]*?>.*?</script>'si",
"'<[\/\!]*?[^<>]*?>'si",
"'\''i");
$replace = array ("",
"",
"");
$escaped = preg_replace ($search, $replace, $var);
return $escaped;
}
//
// check_email
// Action: Checks if email is valid and returns TRUE if this is the case.
// Call: check_email(string email)
//
function check_email($email) {
return (preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,4}$/i', trim($email)));
}
//
// md5crypt
// Action: Creates an MD5 passwd that is readable by FreeBSD daemons
// Call: md5crypt(string cleartextpasswd)
//
$MAGIC = "$1$";
$ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
function md5crypt($pw, $salt="", $magic="") {
global $MAGIC;
if ($magic == "") $magic = $MAGIC;
if ($salt == "") $salt = create_salt();
$slist = explode("$", $salt);
if ($slist[0] == "1") $salt = $slist[1];
$salt = substr($salt, 0, 8);
$ctx = $pw . $magic . $salt;
$final = hex2bin(md5($pw . $salt . $pw));
for ($i=strlen($pw); $i>0; $i-=16) {
if ($i > 16)
$ctx .= substr($final,0,16);
else
$ctx .= substr($final,0,$i);
}
$i = strlen($pw);
while ($i > 0) {
if ($i & 1) $ctx .= chr(0);
else $ctx .= $pw[0];
$i = $i >> 1;
}
$final = hex2bin(md5($ctx));
for ($i=0;$i<1000;$i++) {
$ctx1 = "";
if ($i & 1) $ctx1 .= $pw;
else $ctx1 .= substr($final,0,16);
if ($i % 3) $ctx1 .= $salt;
if ($i % 7) $ctx1 .= $pw;
if ($i & 1) $ctx1 .= substr($final,0,16);
else $ctx1 .= $pw;
$final = hex2bin(md5($ctx1));
}
$passwd = "";
$passwd .= to64( ( (ord($final[0]) << 16) | (ord($final[6]) << 8) | (ord($final[12])) ), 4);
$passwd .= to64( ( (ord($final[1]) << 16) | (ord($final[7]) << 8) | (ord($final[13])) ), 4);
$passwd .= to64( ( (ord($final[2]) << 16) | (ord($final[8]) << 8) | (ord($final[14])) ), 4);
$passwd .= to64( ( (ord($final[3]) << 16) | (ord($final[9]) << 8) | (ord($final[15])) ), 4);
$passwd .= to64( ( (ord($final[4]) << 16) | (ord($final[10]) << 8) | (ord($final[5])) ), 4);
$passwd .= to64( ord($final[11]), 2);
return "$magic$salt\$$passwd";
}
function create_salt() {
srand((double)microtime()*1000000);
$salt = substr(md5(rand(0,9999999)), 0, 8);
return $salt;
}
function hex2bin($str) {
$len = strlen($str);
$nstr = "";
for ($i=0;$i<$len;$i+=2) {
$num = sscanf(substr($str,$i,2), "%x");
$nstr.=chr($num[0]);
}
return $nstr;
}
function to64($v, $n) {
global $ITOA64;
$ret = "";
while (($n - 1) >= 0) {
$n--;
$ret .= $ITOA64[$v & 0x3f];
$v = $v >> 6;
}
return $ret;
}
//
// print_header
// Action: Prints out the default header for every page
// Call: print_header([string title])
//
function print_header($title = "") {
if (empty($title)) {
global $title;
}
print "<html>\n";
print "<head>\n";
if (file_exists(realpath("./stylesheet.css"))) {
print "<link rel=stylesheet href=stylesheet.css>\n";
}
print "<title>$title</title>\n";
print "</head>\n";
print "<body>\n";
print "<center>\n";
}
//
// print_footer
// Action: Prints out the default footer for every page
// Call: print_footer()
//
function print_footer() {
global $version;
print "<hr class=footer>\n";
print "<p class=footer>\n";
print "$version\n";
print "</center>\n";
print "</body>\n";
print "</html>\n";
}
//
// print_error
// Action: Prints an error message and exits/dies
// Call: print_error(string error message);
//
function print_error($msg, $header = "YES") {
if ($header == "YES") {
print_header();
}
print "$msg";
print_footer();
exit;
}
//
// db_connect
// Action: Makes a connection to the database if it doesn't exist
// Call: db_connect()
//
function db_connect() {
global $db_host;
global $db_name;
global $db_user;
global $db_pass;
$link = mysql_connect("$db_host", "$db_user", "$db_pass") or print_error("Could not connect to database server: <b>$db_host</b>.");
$succes = mysql_select_db("$db_name", $link) or print_error("Could not select database: <b>$db_name</b>.");
return ($link);
}
//
// db_query
// Action: Sends a query to the database and returns query result and number of rows
// Call: db_query(string query)
//
function db_query($query) {
$link = db_connect();
$result = mysql_query("$query", $link) or print_error("Could not query the table.<br>", "NO");
// if $query was a select statement check the number of rows with mysql_num_rows().
if (eregi("^select", $query)) {
$number_rows = mysql_num_rows($result);
// if $query was something else, UPDATE, DELETE or INSERT check the number of rows with
// mysql_affected_rows().
} else {
$number_rows = mysql_affected_rows($link);
}
$return = array (
"result" => $result,
"rows" => $number_rows
);
return ($return);
}
?>

76
admin/newadmin.php
Unescape Escape View File

@ -0,0 +1,76 @@
<?php
include "my_lib.php";
print_header();
print_menu();
print "<hr>\n";
if (!empty($_POST[submit])) {
$username = $_POST[username];
$password = $_POST[password];
$domain = $_POST[domain];
$passwd = md5crypt ("$password");
if (empty($username) or empty($password) or empty($domain)) {
print "<p>\n";
print "You will need to fill all fields.\n";
print "<p>\n";
print_footer();
exit;
}
if (!check_email($username)) {
print "<p>\n";
print "The email address that you have supplied at <b>Email</b> is not a valid email address, please go back.\n";
print "<p>\n";
print_footer();
exit;
}
$result = db_query ("SELECT * FROM domain WHERE domain='$domain'");
if ($result[rows] != 1) {
print "<p>\n";
print "The domain <b>$domain</b> is not present in the domain table!\n";
print "<p>\n";
print_footer();
exit;
}
$result = db_query ("SELECT * FROM admin WHERE username='$username'");
if ($result[rows] == 1) {
print "<p>\n";
print "This email address already exists, please choose a different one.\n";
print "<p>\n";
print_footer();
exit;
}
$result = db_query ("INSERT INTO admin (username,password,domain,create_date,change_date) VALUES('$username','$passwd','$domain',NOW(),NOW())");
if ($result[rows] == 1) {
print "<i>$username</i> has been <b>added</b> to the admin table!\n";
print "<p>\n";
} else {
print "<b>Unable</b> to add: <i>$username</i> to the mailbox table!\n";
print "<p>\n";
print_footer();
exit;
}
}
?>
Create a new admin for a domain.
<p>
<form method=post>
<table class=form>
<tr><td>Email:</td><td><input type=text name=username></td></tr>
<tr><td>Passwd:</td><td><input type=text name=password></td></tr>
<tr><td>Domain:</td><td><input type=text name=domain></td><td></tr>
<tr><td colspan=3 align=center><input type=submit name=submit value='Add Entry'></td></tr>
</table>
</form>
<?php
print "<p>\n";
print_footer();
?>

72
admin/newdomain.php
Unescape Escape View File

@ -0,0 +1,72 @@
<?php
include "my_lib.php";
print_header();
print_menu();
print "<hr>\n";
if (!empty($_POST[submit])) {
$domain = $_POST[domain];
$description = $_POST[description];
$aliases = $_POST[aliases];
if (empty($domain) or empty($description)) {
print "<p>\n";
print "You will need to fill all fields.\n";
print "<p>\n";
print_footer();
exit;
}
$result = db_query ("SELECT * FROM domain WHERE domain='$domain'");
if ($result[rows] == 1) {
print "<p>\n";
print "This domain already exists, please choose a different one.\n";
print "<p>\n";
print_footer();
exit;
}
$result = db_query ("INSERT INTO domain (domain,description,create_date,change_date) VALUES('$domain','$description',NOW(),NOW())");
if ($result[rows] == 1) {
print "<i>$domain</i> has been <b>added</b> to the domain table!\n";
print "<p>\n";
} else {
print "<b>Unable</b> to add: <i>$domain</i> to the domain table!\n";
print "<p>\n";
print_footer();
exit;
}
if ($aliases == "on") {
$alias_keys = array_keys($default_aliases);
$alias_values = array_values($default_aliases);
for ($i = 0; $i < count($alias_keys); $i++) {
$address = $alias_keys[$i] . "@" . $domain;
$result = db_query ("INSERT INTO alias (address,goto,domain,create_date,change_date) VALUES('$address','$alias_values[$i]','$domain',NOW(),NOW())");
if ($result[rows] == 1) {
print "<i>$address</i> has been <b>added</b> to the alias table!<br>\n";
} else {
print "<b>Unable</b> to add: <i>$address</i> to the alias table!<br>\n";
}
}
print "<p>\n";
}
}
?>
Create a new domain.
<p>
<form method=post>
<table class=form>
<tr><td>Domain:</td><td><input type=text name=domain></td></tr>
<tr><td>Description:</td><td><input type=text name=description></td></tr>
<tr><td>Add default mail aliases:</td><td><input type=checkbox name=aliases></td></tr>
<tr><td colspan=2 align=center><input type=submit name=submit value='Add Entry'></td></tr>
</table>
</form>
<?php
print "<p>\n";
print_footer();
?>

48
admin/passwd.php
Unescape Escape View File

@ -0,0 +1,48 @@
<?php
include "my_lib.php";
print_header();
print_menu();
print "<hr>\n";
$username = $_GET[username];
if (!empty($_POST[submit])) {
$form_new_passwd1 = $_POST[form_new_passwd1];
if (empty($form_new_passwd1)) {
print "<p class=error>\n";
print "You will need to fill in the password field!\n";
print_footer();
exit;
}
$new_passwd = md5crypt($form_new_passwd1);
$result = db_query ("UPDATE admin SET password='$new_passwd',change_date=NOW() WHERE username='$username'");
if ($result[rows] == 1) {
print "The password has been updated!\n";
print "<p>\n";
print_footer();
exit;
} else {
print "<p class=error>\n";
print "<b>Unable</b> to update your password!\n";
print_footer();
exit;
}
}
?>
Change admin password.
<p>
<form name=passwd method=post>
<table class=form>
<tr><td>Login:</td><td><?php print "$username"; ?></td></tr>
<tr><td>New Password:</td><td><input type=text name=form_new_passwd1></td></tr>
<tr><td colspan=2 align=center><input type=submit name=submit value='Enter'></td></tr>
</table>
</form>
<?php
print_footer();
?>

55
admin/site_lib.php
Unescape Escape View File

@ -0,0 +1,55 @@
<?php
//
// If site_lib.php is called directly, redirect to login.php
//
if (ereg("site_lib.php", $PHP_SELF)) {
header("Location: ../login.php");
}
// login information for the database
$db_host = "localhost";
$db_name = "postfix";
$db_user = "postfixadmin";
$db_pass = "postfixadmin";
// title used for all pages
$title = "Mail Admin Admin";
// footer used for all pages
$version = "Built on Postfix Admin v1.4.0<br>\n2003 &copy; High5!\n";
//
// print_menu
// Action: Prints out the requirement menu bar
// Call: print_menu()
//
function print_menu() {
print "<table>\n";
print "<tr>\n";
print "<td width=8>&nbsp;</td>\n";
print "<td class=menu>\n";
print "<a target=_top href=adminview.php>Admin View</a>";
print "</td>\n";
print "<td width=8>&nbsp;</td>\n";
print "<td class=menu>\n";
print "<a target=_top href=domainview.php>Domain View</a>";
print "</td>\n";
print "<td width=8>&nbsp;</td>\n";
print "<td class=menu>\n";
print "<a target=_top href=virtualview.php>Virtual View</a>";
print "</td>\n";
print "<td width=8>&nbsp;</td>\n";
print "<td class=menu>\n";
print "<a target=_top href=newadmin.php>New Admin</a>";
print "</td>\n";
print "<td width=8>&nbsp;</td>\n";
print "<td class=menu>\n";
print "<a target=_top href=newdomain.php>New Domain</a>";
print "</td>\n";
print "<td width=8>&nbsp;</td>\n";
print "</tr>\n";
print "</table>\n";
}
?>

192
admin/stylesheet.css
Unescape Escape View File

@ -0,0 +1,192 @@
body {
background: white;
color: black;
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 13px;
margin: 8px;
padding: 0px;
text-align: center;
}
h1 {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 18px;
font-weight: bold;
margin-bottom: 0px;
margin-top: 20px;
}
a {
color: blue;
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
text-decoration: none;
}
a:visited {
color: blue;
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
text-decoration: none;
}
a:hover {
color: red;
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
text-decoration: underline;
}
hr {
line-heigt: 1px;
margin-top: 10px;
margin-bottom: 10px;
width: 640px;
text-align: center;
}
hr.footer {
margin-top: 10px;
margin-bottom: 0px;
width: 640px;
}
p {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 13px;
margin-top: 13px;
text-align: center;
}
p.footer {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
margin-top: 0px;
text-align: center;
}
p.error {
color: red;
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 14px;
text-align: center;
}
table {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
width: 640px;
text-align: left;
margin-top: 0px;
margin-bottom: 0px;
padding-top: 0px;
}
table.auto {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
width: auto;
text-align: left;
margin-top: 0px;
margin-bottom: 0px;
padding-top: 0px;
}
table.form {
font-size: 11px;
padding-left: 0px;
padding-right: 0px;
text-align: left;
width: auto;
}
td {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
padding-left: 5px;
padding-right: 5px;
}
tr.header {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-weight: bold;
padding-left: 11px;
padding-right: 11px;
}
td.center {
text-align: center;
}
td.header {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-weight: bold;
padding-left: 11px;
padding-right: 11px;
text-align: center;
}
td.highlight {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
background: rgb(169,194,162);
padding-left: 5px;
padding-right: 5px;
}
td.menu {
text-align: center;
background: #dfdfdf;
border-top: 1px solid #999;
border-right: 1px solid #999;
border-left: 1px solid #999;
border-bottom: 1px solid #999;
border-radius: 2px;
-moz-border-radius: 2px;
padding-bottom: 5px;
padding-top: 5px;
}
td.right {
text-align: center;
padding-left: 0px;
padding-right: 0px;
margin-left: 0px;
margin-right: 0px;
}
input {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
float: none;
clear: none;
}
input.button {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
background: rgb(232,236,176)
}
textarea {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
}

69
admin/virtualview.php
Unescape Escape View File

@ -0,0 +1,69 @@
<?php
include "my_lib.php";
print_header();
print_menu();
print "<hr>\n";
$order = $_GET[order];
$where = $_GET[where];
if (empty($order)) $order = "domain,address";
if (!empty($where)) $where = "WHERE " . "domain='$where'";
$query = "SELECT * FROM alias $where ORDER BY $order";
print "$query\n";
print "<p>\n";
$result = db_query ("$query");
if ($result[rows] > 0) {
print "<center>\n";
print "<table border=1>\n";
while ($row = mysql_fetch_array ($result[result])) {
print "<tr onMouseOver=\"this.bgColor = '#dfdfdf'\" onMouseOut =\"this.bgColor = '#ffffff'\" bgcolor=\"#ffffff\">";
print "<td>$row[address]</td>";
print "<td>" . ereg_replace (",", "<br>", $row[goto]) . "</td>";
print "<td>$row[change_date]</td>";
print "<td>$row[active]</td>";
print "</tr>\n";
}
print "</table>\n";
print "</center>\n";
print "Found: $result[rows]\n";
print "<p>\n";
} else {
print "Nothing Found!\n";
print "<p>\n";
}
$query = "SELECT * FROM mailbox $where";
print "$query\n";
$result = db_query ("$query");
if ($result[rows] > 0) {
print "<center>\n";
print "<table border=1>\n";
while ($row = mysql_fetch_array ($result[result])) {
print "<tr>";
print "<td>$row[username]</td>";
print "<td>$row[name]</td>";
print "<td>$row[maildir]</td>";
print "<td>$row[change_date]</td>";
print "<td>$row[active]</td>";
print "</tr>\n";
}
print "</table>\n";
print "</center>\n";
print "Found: $result[rows]<br>\n";
} else {
print "<p>\n";
print "Nothing Found!\n";
}
print_footer();
?>

77
alias.php
Unescape Escape View File

@ -0,0 +1,77 @@
<?php
include "my_lib.php";
$sessid = check_session();
print_header();
print_menu();
print "<hr>\n";
if (!empty($_POST[submit])) {
$address = $_POST[address];
$goto = $_POST[goto];
$address_value = $address;
$address = $address . "@" . $sessid[domain];
if (empty($address) or empty($goto)) {
print "<p class=error>\n";
print "You will need to fill both fields.\n";
print_footer();
exit;
}
if (!check_email($address)) {
print "<p class=error>\n";
print "The email address that you have supplied at <b>Alias</b> is not a valid email address, please go back.\n";
print_footer();
exit;
}
if (!check_email($goto)) {
print "<p class=error>\n";
print "The email address that you have supplied at <b>To</b> is not a valid email address, please go back.\n";
print_footer();
exit;
}
if ($address_value == "none") {
$address = "@" . $sessid[domain];
}
$result = db_query ("SELECT * FROM alias WHERE address='$address'");
if ($result[rows] == 1) {
print "<p class=error>\n";
print "This email address already exists, please choose a different one.\n";
print_footer();
exit;
}
$result = db_query ("INSERT INTO alias (address,goto,domain,create_date,change_date) VALUES('$address','$goto','$sessid[domain]',NOW(),NOW())");
if ($result[rows] == 1) {
print "<p>\n";
print "<i>$address</i> -> <i>$goto</i> has been <b>added</b> to the alias table!\n";
print "<p>\n";
} else {
print "<p class=error>\n";
print "<b>Unable</b> to add: <i>$address</i> -> <i>$goto</i> to the alias table!\n";
print_footer();
exit;
}
}
?>
Create a new alias for your domain.
<p>
<form name=alias method=post>
<table class=form>
<tr><td>Alias:</td><td><input type=text name=address></td><td>@<?php print "$sessid[domain]" ?></td></tr>
<tr><td>To:</td><td><input type=text name=goto></td><td>Where the mail needs to be send to.<br>Use "edit" in the overview to add more<br>then one email address.</td></tr>
<tr><td colspan=3 align=center><input type=submit name=submit value='Enter'></td></tr>
</table>
</form>
If you want to add a catchall enter "none" in the alias field.
<?php
print_footer();
?>

50
delete.php
Unescape Escape View File

@ -0,0 +1,50 @@
<?php
include "my_lib.php";
$sessid = check_session();
$check_id = "domain";
$table = $_GET[table];
$where = $_GET[where];
$delete = $_GET[delete];
$url = "main.php?" . session_name() . "=" . session_id();
if ($table == "alias") {
$query = "DELETE FROM alias WHERE address='$delete' AND domain='$sessid[$check_id]'";
$result = db_query ("$query");
if ($result[rows] == 1) {
header("Location: $url");
} else {
print_header();
print "<hr>\n";
print "<p class=error>\n";
print "<b>Unable</b> to delete entry $delete from the $table table!\n";
print_footer();
}
}
if ($table == "mailbox") {
$query = "DELETE FROM mailbox WHERE username='$delete' AND domain='$sessid[$check_id]'";
$result = db_query ("$query");
if ($result[rows] != 1) {
print_header();
print "<hr>\n";
print "<p class=error>\n";
print "<b>Unable</b> to delete entry $delete from the $table table!\n";
print_footer();
}
$query = "DELETE FROM alias WHERE address='$delete' AND domain='$sessid[$check_id]'";
$result = db_query ("$query");
if ($result[rows] == 1) {
header("Location: $url");
} else {
print_header();
print "<hr>\n";
print "<p class=error>\n";
print "<b>Unable</b> to delete entry $delete from the $table table!\n";
print_footer();
}
}
?>

1
index.php
Unescape Escape View File

@ -0,0 +1 @@
login.php

71
login.php
Unescape Escape View File

@ -0,0 +1,71 @@
<?php
//
// login.php
//
include "my_lib.php";
if (!empty($_POST[submit])) {
$form_login = $_POST[form_login];
$form_passwd = $_POST[form_passwd];
$result = db_query ("SELECT password FROM admin WHERE username='$form_login'");
if ($result[rows] == 1) {
$row = mysql_fetch_array($result[result]);
$db_passwd = $row[password];
$salt = preg_split('/\$/', $row[password]);
$checked_passwd = md5crypt($form_passwd, $salt[2]);
$result = db_query ("SELECT * FROM admin WHERE username='$form_login' AND password='$checked_passwd' AND active='1'");
if ($result[rows] == 1) {
session_name("SessID");
session_start();
session_register("sessid");
$row = mysql_fetch_array($result[result]);
$sessid = array (
"domain" => $row[domain],
"username" => $row[username]
);
} else {
print_header();
print "<h1>Mail Admin</h1>\n";
print "<hr>\n";
print "<p class=error>\n";
print "Either the password that you supplied is incorrect, go back and try again.<p>\n";
print "Or you are not authorized to view this page.\n";
print_footer();
exit;
}
} else {
print_header();
print "<h1>Mail Admin</h1>\n";
print "<hr>\n";
print "<p class=error>\n";
print "The login that you supplied is not correct, please press BACK and try again.\n";
print_footer();
exit;
}
header("Location: main.php?" . session_name() . "=" . session_id());
}
print_header($welcome_title);
print "<h1>$welcome_header</h1>\n";
?>
<hr>
<form name=login method=post>
<table class=form>
<tr><td>Login:</td><td><input type=text name=form_login></td><td>(email address)</td></tr>
<tr><td>Password:</td><td><input type=password name=form_passwd></td></tr>
<tr><td colspan=3 align=center><input type=submit name=submit value=Enter></td></tr>
</table>
</form>
<p>
<a href=vcp.php>Mailbox Password Change</a>
<?php
print_footer();
?>

21
logout.php
Unescape Escape View File

@ -0,0 +1,21 @@
<?php
//
// logout.php
//
include "my_lib.php";
$sessid = check_session();
session_unset();
session_destroy();
print_header();
print "<h1>Mail Admin</h1>\n";
print "<hr>\n";
print "You are logged out\n";
print "<p>\n";
print "<a href=login.php>Login again</a>\n";
print_footer();
?>

100
mailbox.php
Unescape Escape View File

@ -0,0 +1,100 @@
<?php
include "my_lib.php";
$sessid = check_session();
print_header();
print_menu();
print "<hr>\n";
if (!empty($_POST[submit])) {
$username = $_POST[username];
$password = $_POST[password];
$password2 = $_POST[password2];
$name = $_POST[name];
$username = $username . "@" . $sessid[domain];
$passwd = md5crypt ("$password");
$maildir = $username . "/";
if (empty($username) or empty($password)) {
print "<p class=error>\n";
print "You need to fill all fields.\n";
print_footer();
exit;
}
if (!check_email($username)) {
print "<p class=error>\n";
print "The email address that you have supplied at <b>Email</b> is not a valid email address, please go back.\n";
print_footer();
exit;
}
if ($password != $password2) {
print "<p class=error>\n";
print "The passwords that you supplied don't match!\n";
print_footer();
exit;
}
if (!check_string($name)) {
print "<p class=error>\n";
print "The name that you have supplied at <b>Name</b> is not valid, please go back.\n";
print_footer();
exit;
}
$result = db_query ("SELECT * FROM alias WHERE address='$username'");
if ($result[rows] == 1) {
print "<p class=error>\n";
print "This email address already exists, please choose a different one.\n";
print_footer();
exit;
}
$result = db_query ("INSERT INTO alias (address,goto,domain,create_date,change_date) VALUES('$username','$username','$sessid[domain]',NOW(),NOW())");
if ($result[rows] != 1) {
print "<p class=error>\n";
print "<b>Unable</b> to add: <i>$username</i> to the alias table!\n";
print_footer();
exit;
}
$result = db_query ("INSERT INTO mailbox (username,password,name,maildir,domain,create_date,change_date) VALUES('$username','$passwd','$name','$maildir','$sessid[domain]',NOW(),NOW())");
if ($result[rows] == 1) {
$headers = "From: $sessid[username]";
$subject = "Welcome";
$message = "Hi $name,\n\nWelcome to your new email account.\n\n";
print "<i>$username</i> has been <b>added</b> to the mailbox table!\n";
print "<p>\n";
print "<b>NOTE:</b>\n";
if (!mail($username, $subject, $message, $headers)) {
print "The user needs to first receive an email in order to use the account.<br>\n";
}
print "User needs to login with the full email address, in this case: $username\n";
print "<p>\n";
} else {
print "<p class=error>\n";
print "<b>Unable</b> to add: <i>$username</i> to the mailbox table!\n";
print_footer();
exit;
}
}
?>
Create a new local mailbox for your domain.
<p>
<form name=mailbox method=post>
<table class=form>
<tr><td>Email:</td><td><input type=text name=username></td><td>@<?php print "$sessid[domain]"; ?></td></tr>
<tr><td>Password:</td><td><input type=password name=password></td><td>Password for POP/IMAP</td></tr>
<tr><td>Password (again):</td><td><input type=password name=password2></td></tr>
<tr><td>Name:</td><td><input type=text name=name></td><td>Full name</td></tr>
<tr><td colspan=3 align=center><input type=submit name=submit value='Enter'></td></tr>
</table>
</form>
<?php
print_footer();
?>

73
main.php
Unescape Escape View File

@ -0,0 +1,73 @@
<?php
include "my_lib.php";
$sessid = check_session();
print_header();
print_menu();
print "<hr>\n";
print "Domain: $sessid[domain]\n";
print "<p>\n";
$query = "SELECT alias.address,alias.goto,alias.change_date FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.domain='$sessid[domain]' AND mailbox.maildir IS NULL ORDER BY alias.address";
$result = db_query ("$query");
if ($result[rows] > 0) {
print "<center>\n";
print "<table border=1>\n";
print "<tr class=\"header\">";
print "<td>From</td>";
print "<td>To</td>";
print "<td>Last Modified</td>";
print "<td colspan=\"2\">&nbsp;</td>";
print "</tr>";
while ($row = mysql_fetch_array ($result[result])) {
print "<tr onMouseOver=\"this.bgColor = '#dfdfdf'\" onMouseOut =\"this.bgColor = '#ffffff'\" bgcolor=\"#ffffff\">";
print "<td>$row[address]</td>";
print "<td>" . ereg_replace (",", "<br>", $row[goto]) . "</td>";
print "<td>$row[change_date]</td>";
print "<td><a href=modify.php?" . session_name() . "=" . session_id() . "&modify=$row[address]>edit</a></td>";
print "<td><a href=delete.php?" . session_name() . "=" . session_id() . "&table=alias" . "&delete=$row[address] onclick=\"return confirm ('Are you sure you want to delete this?')\">del</a></td>";
print "</tr>\n";
}
print "</table>\n";
print "</center>\n";
print "<p>\n";
} else {
print "Nothing found in the alias table!\n";
print "<p>\n";
}
$query = "SELECT * FROM mailbox WHERE domain='$sessid[domain]' ORDER BY username";
$result = db_query ("$query");
if ($result[rows] > 0) {
print "<center>\n";
print "<table border=1>\n";
print "<tr class=\"header\">";
print "<td>Email</td>";
print "<td>Name</td>";
print "<td>Last Modified</td>";
print "<td colspan=\"2\">&nbsp;</td>";
print "</tr>";
while ($row = mysql_fetch_array ($result[result])) {
print "<tr onMouseOver=\"this.bgColor = '#dfdfdf'\" onMouseOut =\"this.bgColor = '#ffffff'\" bgcolor=\"#ffffff\">";
print "<td>$row[username]</td>";
print "<td>$row[name]</td>";
print "<td>$row[change_date]</td>";
print "<td><a href=pwd.php?" . session_name() . "=" . session_id() . "&username=$row[username]>edit</a></td>";
print "<td><a href=delete.php?" . session_name() . "=" . session_id() . "&table=mailbox" . "&delete=$row[username] onclick=\"return confirm ('Are you sure you want to delete this?')\">del</a></td>";
print "</tr>\n";
}
print "</table>\n";
print "</center>\n";
} else {
print "Nothing found in the mailbox table!\n";
}
print_footer();
?>

91
modify.php
Unescape Escape View File

@ -0,0 +1,91 @@
<?php
include "my_lib.php";
$sessid = check_session();
$url = "main.php?" . session_name() . "=" . session_id();
$modify = $_GET[modify];
if (!empty($_POST[submit])) {
$goto = $_POST[goto];
if (empty($goto)) {
print_header();
print_menu();
print "<hr>\n";
print "<p class=error>\n";
print "You didn't enter anything at <b>To:</b>.\n";
print_footer();
exit;
}
$goto = preg_replace('/\r\n/', ',', $goto);
$goto = preg_replace('/\,*$/', '', $goto);
$array = preg_split('/,/', $goto);
for ($i = 0; $i < sizeof($array); $i++) {
if (in_array("$array[$i]", $default_aliases)) continue;
if (empty($array[$i])) continue;
if (!check_email($array[$i])) {
print_header();
print_menu();
print "<hr>\n";
print "<p class=error>\n";
print "The email address <b>$array[$i]</b> is not a valid email address, please go back.\n";
print_footer();
exit;
}
}
$result = db_query ("UPDATE alias SET goto='$goto', change_date=NOW() WHERE address='$modify' AND domain='$sessid[domain]'");
if ($result[rows] == 1) {
header("Location: $url");
} else {
print_header();
print_menu();
print "<hr>\n";
print "<p class=error>\n";
print "<b>Unable</b> to update: <i>$address</i> -> <i>$goto</i> in the alias table!\n";
print_footer();
exit;
}
}
$query = "SELECT * FROM alias WHERE address='$modify' AND domain='$sessid[domain]'";
$result = db_query ("$query");
if ($result[rows] == 1) {
$row = mysql_fetch_array ($result[result]);
} else {
print_header();
print_menu();
print "<hr>\n";
print "<p class=error>\n";
print "Unable to find the alias!\n";
print_footer();
exit;
}
print_header();
print_menu();
print "<hr>\n";
?>
Change an alias for your domain.
<p>
<form name=modify method=post>
<table class=form>
<tr><td>Alias:</td><td><?php print "$modify"; ?></td></tr>
<tr><td colspan=2>&nbsp;</td></tr>
<tr><td colspan=2 align=center><b>Enter your email aliases below. One per line!</b></td></tr>
<tr><td valign=top>To:</td><td><textarea rows=24 cols=80 name=goto>
<?php
$array = preg_split('/,/', $row[goto]);
for ($i = 0 ; $i < sizeof($array) ; $i++) {
if (empty($array[$i])) continue;
print "$array[$i]\n";
}
?>
</textarea></td></tr>
<tr><td colspan=2 align=center><input type=submit name=submit value='Enter'></td></tr>
</table>
</form>
<?php
print_footer();
?>

263
my_lib.php
Unescape Escape View File

@ -0,0 +1,263 @@
<?php
//
// If my_lib.php is called directly, redirect to login.php
//
if (ereg("my_lib.php", $PHP_SELF)) {
header("Location: login.php");
}
include "site_lib.php";
include "admin/config.php";
//
// check_session
// Action: Check if a session already exists, if not redirect to login.php
// Call: check_session()
//
function check_session() {
session_name("SessID");
session_start();
if (!session_is_registered("sessid")) {
// if session is not registered redirect to login.php
header("Location: login.php");
exit;
}
$sessid[domain] = $_SESSION[sessid][domain];
$sessid[username] = $_SESSION[sessid][username];
return $sessid;
}
//
// check_admin
// Action: Check if user is admin and allowed to view the page
// Call: check_admin(string admin);
//
function check_admin($admin) {
if ($admin == "N") {
print_header();
print "You are not allowed to view this page.\n";
print_footer();
exit;
}
}
//
// check_string
// Action: checks if a string is valid and returns TRUE is this is the case.
// Call: check_string(string var)
//
function check_string($var) {
return (preg_match('/^([A-Za-z ]+)+$/', $var));
}
//
// check_escape
// Action: checks to see if there are chars that need to be escaped
// Call: check_escape(string var)
//
function check_escape($var) {
$search = array ("'<script[^>]*?>.*?</script>'si",
"'<[\/\!]*?[^<>]*?>'si",
"'\''i");
$replace = array ("",
"",
"");
$escaped = preg_replace ($search, $replace, $var);
return $escaped;
}
//
// check_email
// Action: Checks if email is valid and returns TRUE if this is the case.
// Call: check_email(string email)
//
function check_email($email) {
return (preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,4}$/i', trim($email)));
}
//
// md5crypt
// Action: Creates an MD5 passwd that is readable by FreeBSD daemons
// Call: md5crypt(string cleartextpasswd)
//
$MAGIC = "$1$";
$ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
function md5crypt($pw, $salt="", $magic="") {
global $MAGIC;
if ($magic == "") $magic = $MAGIC;
if ($salt == "") $salt = create_salt();
$slist = explode("$", $salt);
if ($slist[0] == "1") $salt = $slist[1];
$salt = substr($salt, 0, 8);
$ctx = $pw . $magic . $salt;
$final = hex2bin(md5($pw . $salt . $pw));
for ($i=strlen($pw); $i>0; $i-=16) {
if ($i > 16)
$ctx .= substr($final,0,16);
else
$ctx .= substr($final,0,$i);
}
$i = strlen($pw);
while ($i > 0) {
if ($i & 1) $ctx .= chr(0);
else $ctx .= $pw[0];
$i = $i >> 1;
}
$final = hex2bin(md5($ctx));
for ($i=0;$i<1000;$i++) {
$ctx1 = "";
if ($i & 1) $ctx1 .= $pw;
else $ctx1 .= substr($final,0,16);
if ($i % 3) $ctx1 .= $salt;
if ($i % 7) $ctx1 .= $pw;
if ($i & 1) $ctx1 .= substr($final,0,16);
else $ctx1 .= $pw;
$final = hex2bin(md5($ctx1));
}
$passwd = "";
$passwd .= to64( ( (ord($final[0]) << 16) | (ord($final[6]) << 8) | (ord($final[12])) ), 4);
$passwd .= to64( ( (ord($final[1]) << 16) | (ord($final[7]) << 8) | (ord($final[13])) ), 4);
$passwd .= to64( ( (ord($final[2]) << 16) | (ord($final[8]) << 8) | (ord($final[14])) ), 4);
$passwd .= to64( ( (ord($final[3]) << 16) | (ord($final[9]) << 8) | (ord($final[15])) ), 4);
$passwd .= to64( ( (ord($final[4]) << 16) | (ord($final[10]) << 8) | (ord($final[5])) ), 4);
$passwd .= to64( ord($final[11]), 2);
return "$magic$salt\$$passwd";
}
function create_salt() {
srand((double)microtime()*1000000);
$salt = substr(md5(rand(0,9999999)), 0, 8);
return $salt;
}
function hex2bin($str) {
$len = strlen($str);
$nstr = "";
for ($i=0;$i<$len;$i+=2) {
$num = sscanf(substr($str,$i,2), "%x");
$nstr.=chr($num[0]);
}
return $nstr;
}
function to64($v, $n) {
global $ITOA64;
$ret = "";
while (($n - 1) >= 0) {
$n--;
$ret .= $ITOA64[$v & 0x3f];
$v = $v >> 6;
}
return $ret;
}
//
// print_header
// Action: Prints out the default header for every page
// Call: print_header([string title])
//
function print_header($title = "") {
if (empty($title)) {
global $title;
}
print "<html>\n";
print "<head>\n";
if (file_exists(realpath("./stylesheet.css"))) {
print "<link rel=stylesheet href=stylesheet.css>\n";
}
print "<title>$title</title>\n";
print "</head>\n";
print "<body>\n";
print "<center>\n";
}
//
// print_footer
// Action: Prints out the default footer for every page
// Call: print_footer()
//
function print_footer() {
global $version;
print "<hr class=footer>\n";
print "<p class=footer>\n";
print "$version\n";
print "</center>\n";
print "</body>\n";
print "</html>\n";
}
//
// print_error
// Action: Prints an error message and exits/dies
// Call: print_error(string error message);
//
function print_error($msg, $header = "YES") {
if ($header == "YES") {
print_header();
}
print "$msg";
print_footer();
exit;
}
//
// db_connect
// Action: Makes a connection to the database if it doesn't exist
// Call: db_connect()
//
function db_connect() {
global $db_host;
global $db_name;
global $db_user;
global $db_pass;
$link = mysql_connect("$db_host", "$db_user", "$db_pass") or print_error("Could not connect to database server: <b>$db_host</b>.");
$succes = mysql_select_db("$db_name", $link) or print_error("Could not select database: <b>$db_name</b>.");
return ($link);
}
//
// db_query
// Action: Sends a query to the database and returns query result and number of rows
// Call: db_query(string query)
//
function db_query($query) {
$link = db_connect();
$result = mysql_query("$query", $link) or print_error("Could not query the table.<br>", "NO");
// if $query was a select statement check the number of rows with mysql_num_rows().
if (eregi("^select", $query)) {
$number_rows = mysql_num_rows($result);
// if $query was something else, UPDATE, DELETE or INSERT check the number of rows with
// mysql_affected_rows().
} else {
$number_rows = mysql_affected_rows($link);
}
$return = array (
"result" => $result,
"rows" => $number_rows
);
return ($return);
}
?>

81
passwd.php
Unescape Escape View File

@ -0,0 +1,81 @@
<?php
include "my_lib.php";
$sessid = check_session();
print_header();
print_menu();
print "<hr>\n";
if (!empty($_POST[submit])) {
$form_passwd = $_POST[form_passwd];
$form_new_passwd1 = $_POST[form_new_passwd1];
$form_new_passwd2 = $_POST[form_new_passwd2];
if (empty($form_passwd) or empty($form_new_passwd1) or empty($form_new_passwd2)) {
print "<p class=error>\n";
print "You will need to fill all fields!\n";
print_footer();
exit;
}
if ($form_new_passwd1 != $form_new_passwd2) {
print "<p class=error>\n";
print "The new passwords that you supplied don't match!\n";
print_footer();
exit;
}
$result = db_query ("SELECT password FROM admin WHERE username='$sessid[username]'");
if ($result[rows] == 1) {
$row = mysql_fetch_array($result[result]);
$db_passwd = $row[password];
$keys = preg_split('/\$/', $row[password]);
$checked_passwd = md5crypt($form_passwd, $keys[2]);
$result = db_query ("SELECT * FROM admin WHERE username='$sessid[username]' AND password='$checked_passwd' AND active='1'");
if ($result[rows] != 1) {
print "<p class=error>\n";
print "The password that you have entered doesn't match your current password!\n";
print_footer();
exit;
}
}
$new_passwd = md5crypt($form_new_passwd1);
$result = db_query ("UPDATE admin SET password='$new_passwd',change_date=NOW() WHERE username='$sessid[username]'");
if ($result[rows] == 1) {
print "Your password has been updated!\n";
session_unset();
session_destroy();
print "<p>\n";
print "<a href=login.php>Login</a>\n";
print_footer();
exit;
} else {
print "<p class=error>\n";
print "<b>Unable</b> to update your password!\n";
print_footer();
exit;
}
}
?>
Change your password.
<p>
<form name=passwd method=post>
<table class=form>
<tr><td>Login:</td><td><?php print "$sessid[username]"; ?></td></tr>
<tr><td>Current Password:</td><td><input type=password name=form_passwd></td></tr>
<tr><td>New Password:</td><td><input type=password name=form_new_passwd1></td></tr>
<tr><td>New Password (again):</td><td><input type=password name=form_new_passwd2></td></tr>
<tr><td colspan=2 align=center><input type=submit name=submit value='Enter'></td></tr>
</table>
</form>
<?php
print_footer();
?>

61
pwd.php
Unescape Escape View File

@ -0,0 +1,61 @@
<?php
include "my_lib.php";
$sessid = check_session();
$username = $_GET[username];
print_header();
print_menu();
print "<hr>\n";
if (!empty($_POST[submit])) {
$form_new_passwd1 = $_POST[form_new_passwd1];
$form_new_passwd2 = $_POST[form_new_passwd2];
if (empty($form_new_passwd1) or empty($form_new_passwd2)) {
print "<p class=error>\n";
print "You will need to fill all fields!\n";
print_footer();
exit;
}
if ($form_new_passwd1 != $form_new_passwd2) {
print "<p class=error>\n";
print "The new passwords that you supplied don't match!\n";
print_footer();
exit;
}
$new_passwd = md5crypt($form_new_passwd1);
$result = db_query ("UPDATE mailbox SET password='$new_passwd',change_date=NOW() WHERE username='$username' AND domain='$sessid[domain]'");
if ($result[rows] == 1) {
print "The password has been updated!\n";
print "<p>\n";
print "<a href=main.php?" . session_name() . "=" . session_id() . ">Go Back</a>\n";
print_footer();
exit;
} else {
print "<p class=error>\n";
print "<b>Unable</b> to update your password!\n";
print_footer();
exit;
}
}
?>
Change password.
<p>
<form name=passwd method=post>
<table class=form>
<tr><td>Login:</td><td><?php print "$username"; ?></td></tr>
<tr><td>New Password:</td><td><input type=password name=form_new_passwd1></td></tr>
<tr><td>New Password (again):</td><td><input type=password name=form_new_passwd2></td></tr>
<tr><td colspan=2 align=center><input type=submit name=submit value='Enter'></td></tr>
</table>
</form>
<?php
print_footer();
?>

61
site_lib.php
Unescape Escape View File

@ -0,0 +1,61 @@
<?php
//
// If site_lib.php is called directly, redirect to login.php
//
if (ereg("site_lib.php", $PHP_SELF)) {
header("Location: login.php");
}
// login information for the database
$db_host = "localhost";
$db_name = "postfix";
$db_user = "postfixadmin";
$db_pass = "postfixadmin";
// title used for all pages except login
$title = "Mail Admin";
// title used for login
$welcome_title = ":: Welcome to Mail Admin ::";
// header used for login
$welcome_header = "Welcome to Mail Admin";
// footer used for all pages
$version = "Built on Postfix Admin v1.4.0<br>\n2003 &copy; High5!";
//
// print_menu
// Action: Prints out the requirement menu bar
// Call: print_menu()
//
function print_menu() {
print "<table>\n";
print "<tr>\n";
print "<td width=8>&nbsp;</td>\n";
print "<td class=menu>\n";
print "<a target=_top href=main.php?" . session_name() . "=" . session_id() . ">Overview</a>";
print "</td>\n";
print "<td width=8>&nbsp;</td>\n";
print "<td class=menu>\n";
print "<a target=_top href=alias.php?" . session_name() . "=" . session_id() . ">Add Alias</a>";
print "</td>\n";
print "<td width=8>&nbsp;</td>\n";
print "<td class=menu>\n";
print "<a target=_top href=mailbox.php?" . session_name() . "=" . session_id() . ">Add Mailbox</a>";
print "</td>\n";
print "<td width=8>&nbsp;</td>\n";
print "<td class=menu>\n";
print "<a target=_top href=passwd.php?" . session_name() . "=" . session_id() . ">Passwd</a>";
print "</td>\n";
print "<td width=8>&nbsp;</td>\n";
print "<td class=menu>\n";
print "<a target=_top href=logout.php?" . session_name() . "=" . session_id() . ">Logout</a>";
print "</td>\n";
print "<td width=8>&nbsp;</td>\n";
print "</tr>\n";
print "</table>\n";
}
?>

192
stylesheet.css
Unescape Escape View File

@ -0,0 +1,192 @@
body {
background: white;
color: black;
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 13px;
margin: 8px;
padding: 0px;
text-align: center;
}
h1 {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 18px;
font-weight: bold;
margin-bottom: 0px;
margin-top: 20px;
}
a {
color: blue;
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
text-decoration: none;
}
a:visited {
color: blue;
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
text-decoration: none;
}
a:hover {
color: red;
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
text-decoration: underline;
}
hr {
line-heigt: 1px;
margin-top: 10px;
margin-bottom: 10px;
width: 640px;
text-align: center;
}
hr.footer {
margin-top: 10px;
margin-bottom: 0px;
width: 640px;
}
p {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 13px;
margin-top: 13px;
text-align: center;
}
p.footer {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
margin-top: 0px;
text-align: center;
}
p.error {
color: red;
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 14px;
text-align: center;
}
table {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
width: 640px;
text-align: left;
margin-top: 0px;
margin-bottom: 0px;
padding-top: 0px;
}
table.auto {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
width: auto;
text-align: left;
margin-top: 0px;
margin-bottom: 0px;
padding-top: 0px;
}
table.form {
font-size: 11px;
padding-left: 0px;
padding-right: 0px;
text-align: left;
width: auto;
}
td {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
padding-left: 5px;
padding-right: 5px;
}
tr.header {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-weight: bold;
padding-left: 11px;
padding-right: 11px;
}
td.center {
text-align: center;
}
td.header {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-weight: bold;
padding-left: 11px;
padding-right: 11px;
text-align: center;
}
td.highlight {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
background: rgb(169,194,162);
padding-left: 5px;
padding-right: 5px;
}
td.menu {
text-align: center;
background: #dfdfdf;
border-top: 1px solid #999;
border-right: 1px solid #999;
border-left: 1px solid #999;
border-bottom: 1px solid #999;
border-radius: 2px;
-moz-border-radius: 2px;
padding-bottom: 5px;
padding-top: 5px;
}
td.right {
text-align: center;
padding-left: 0px;
padding-right: 0px;
margin-left: 0px;
margin-right: 0px;
}
input {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
float: none;
clear: none;
}
input.button {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
background: rgb(232,236,176)
}
textarea {
font-family: Verdana;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
}

85
vcp.php
Unescape Escape View File

@ -0,0 +1,85 @@
<?php
include "my_lib.php";
print_header();
print "<h1>Mail Admin</h1>\n";
print "<hr>\n";
if (!empty($_POST[submit])) {
$form_login = $_POST[form_login];
$form_passwd = $_POST[form_passwd];
$form_new_passwd1 = $_POST[form_new_passwd1];
$form_new_passwd2 = $_POST[form_new_passwd2];
if (empty($form_login) or empty($form_passwd) or empty($form_new_passwd1) or empty($form_new_passwd2)) {
print "<p class=error>\n";
print "You didn't enter all fields!\n";
print_footer();
exit;
}
if ($form_new_passwd1 != $form_new_passwd2) {
print "<p class=error>\n";
print "The passwords that you supplied don't match!\n";
print_footer();
exit;
}
$result = db_query ("SELECT * FROM mailbox WHERE username='$form_login' AND active='1'");
if ($result[rows] != 1) {
print "<p class=error>\n";
print "The mailbox does not exist!\n";
print_footer();
exit;
}
$result = db_query ("SELECT password FROM mailbox WHERE username='$form_login'");
if ($result[rows] == 1) {
$row = mysql_fetch_array($result[result]);
$db_passwd = $row[password];
$keys = preg_split('/\$/', $row[password]);
$checked_passwd = md5crypt($form_passwd, $keys[2]);
$result = db_query ("SELECT * FROM mailbox WHERE username='$form_login' AND password='$checked_passwd' AND active='1'");
if ($result[rows] != 1) {
print "<p class=error>\n";
print "The password that you have entered doesn't match your current password!\n";
print_footer();
exit;
}
}
$new_passwd = md5crypt($form_new_passwd1);
$result = db_query ("UPDATE mailbox SET password='$new_passwd',change_date=NOW() WHERE username='$form_login'");
if ($result[rows] == 1) {
print "Your password has been updated!\n";
print_footer();
exit;
} else {
print "<p class=error>\n";
print "<b>Unable</b> to update your password!\n";
print_footer();
exit;
}
}
?>
Change your mailbox password.
<p>
<form name=vcp method=post>
<table class=form>
<tr><td>Email:</td><td><input type=text name=form_login></td></tr>
<tr><td>Current Password:</td><td><input type=password name=form_passwd></td></tr>
<tr><td>New Password:</td><td><input type=password name=form_new_passwd1></td></tr>
<tr><td>New Password (again):</td><td><input type=password name=form_new_passwd2></td></tr>
<tr><td colspan=2 align=center><input type=submit name=submit value='Enter'></td></tr>
</table>
</form>
<?php
print_footer();
?>
Write Preview
Loading…
Cancel
Save