forked from mitchellurgero/miab_account_management
-
Notifications
You must be signed in to change notification settings - Fork 1
/
api.php
119 lines (116 loc) · 3.97 KB
/
api.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<?php
session_start();
include('libs/db/db.php');
include('config.php');
include('functions.php');
$db = new JSONDatabase($config['db'], $config['db_location']);
if(!isset($_SESSION['username'])){
$_SESSION['msg'] = "You must be logged in to use this website!";
header("Location: index.php");
die();
}
if(isset($_POST['t'])){
if($_POST['t'] == "password"){
$account = $db->select("accounts", "username", $_SESSION['username']);
if(count($account) < 1){
header("Location: index.php");
die();
} else {
$account = reset($account);
if($_POST['password1'] != $_POST['password2']){
$_SESSION['msg'] = "ERROR! New password does NOT MATCH.";
header("Location: dashboard.php");
die();
}
if(password_verify($_POST['old'],$account['password'])){ //Verify old password before changing it.
$user = $account;
$user['password'] = password_hash($_POST['password1'], PASSWORD_DEFAULT);
$db->insert("accounts", json_encode($user), $user['row_id']);
$_SESSION['good'] = "SUCCESS! Your password has been changed!";
header("Location: dashboard.php");
die();
} else {
$_SESSION['msg'] = "ERROR! OLD password does NOT MATCH current password.";
header("Location: dashboard.php");
die();
}
}
} else {
// Manage User account
switch(strtolower($_POST['t'])){
case "new":
if(isset($_POST['userName'],$_POST['userPass'])){
if(makeNewUser($_POST['userName']."@".$_SESSION['domain'], $_POST['userPass'])){
$_SESSION['good'] = "SUCCESS! The New user account has been created!";
} else {
$_SESSION['msg'] = "ERROR! New user creation failed! Please check logs for details.";
}
} else {
$_SESSION['msg'] = "ERROR! New user creation failed! Please check logs for details.";
}
header("Location: dashboard.php");
break;
case "restore":
if(isset($_POST['userName'])){
$nPass = generateRandomString(14);
$nUser = explode("@", $_POST['userName']);
if(makeNewUser($nUser[0]."@".$_SESSION['domain'], $nPass)){
$_SESSION['good'] = "SUCCESS! The user account has been restored with the password of <code>$nPass</code>";
} else {
$_SESSION['msg'] = "ERROR! User restore failed! Please check logs for details.";
}
} else {
$_SESSION['msg'] = "ERROR! User restore failed! Please check logs for details.";
}
header("Location: dashboard.php");
break;
case "archive":
if(isset($_POST['email'])){
if(archiveUser($_POST['email'])){
$_SESSION['good'] = "SUCCESS! The account was deleted!";
} else {
$_SESSION['msg'] = "ERROR! Unable to archive user, please check logs for details.";
}
} else {
$_SESSION['msg'] = "ERROR! Unable to archive user, please check logs for details.";
}
header("Location: dashboard.php");
break;
case "delalias":
if(isset($_POST['address'])){
if(delAlias($_POST['address'])){
$_SESSION['good'] = "SUCCESS! The alias was deleted!";
} else {
$_SESSION['msg'] = "ERROR! Unable to delete alias, please check logs for details.";
}
}
header("Location: aliases.php");
break;
case "newalias":
if(isset($_POST['address'], $_POST['forwards'])){
if(addAlias($_POST['address'],$_POST['forwards'])){
$_SESSION['good'] = "SUCCESS! The alias was added!";
} else {
$_SESSION['msg'] = "ERROR! Unable to add alias, please check logs for details.";
}
}
header("Location: aliases.php");
break;
default:
$_SESSION['msg'] = "ERROR! API Failure.";
header("Location: dashboard.php");
break;
}
}
} else {
$_SESSION['msg'] = "You must specify a variable!";
header("Location: dashboard.php");
die();
}
function clean($string) {
$string = str_replace(' ', '-', $string); // Replaces all spaces with hyphens.
//$string = str_replace(".","",$string);
$string = preg_replace('/[^A-Za-z0-9\-\.]/', '', $string); // Removes special chars.
return preg_replace('/-+/', '-', $string); // Replaces multiple hyphens with single one.
}
?>