2 ########################################################################
4 # mailadmin.cgi NCI2000 #
5 # Jeff Finucane <jeff@nci2000.net> #
8 ########################################################################
13 use FS::MailAdminClient qw(authenticate list_packages list_mailboxes delete_mailbox password_mailbox add_mailbox list_forwards list_pkg_forwards delete_forward add_forward);
15 my $sessionfile = '/usr/local/apache/htdocs/mailadmin/adminsess'; # session file
16 my $tmpdir = '/usr/local/apache/htdocs/mailadmin/tmp'; # Location to store temp files
17 my $cookiedomain = ".your.dom"; # domain if THIS server, should prepend with a '.'
18 my $cookieexpire = '+12h'; # expire the cookie session after this much idle time
19 my $sessexpire = 43200; # expire session after this long of no use (in seconds)
21 my $body = "<body bgcolor=dddddd>";
23 #### Should not have to change anything under this line ####
24 my $printmainpage = 1;
28 my $cgi = $query->url();
29 my $now = getdatetime();
30 my $current_package = 0;
31 my $current_account = 0;
32 my $current_domname = "";
34 # if they are trying to login we wont check the session yet
35 if ($query->param('login') eq '' && $query->param('action') ne 'login') {
40 if ($query->param('login') ne '') {
42 my $username = $query->param('username');
43 my $password = $query->param('password');
45 if (!checkuserpass($username, $password)) {
50 my @alpha = ('A'..'Z', 'a'..'z', 0..9);
52 for (my $i = 0; $i < 10; $i++) {
53 $sessid .= @alpha[rand(@alpha)];
56 my $cookie1 = $query->cookie(-name=>'username',
58 -expires=>$cookieexpire,
59 -domain=>$cookiedomain);
61 my $cookie2 = $query->cookie(-name=>'ma_sessionid',
63 -expires=>$cookieexpire,
64 -domain=>$cookiedomain);
67 open(NEWSESS, ">>$sessionfile") || error('open');
68 print NEWSESS "$username $sessid $now 0 0\n";
71 print $query->header(-COOKIE=>[$cookie1, $cookie2]);
75 } elsif ($query->param('action') eq 'blankframe') {
77 print "<html>$body</body></html>\n";
80 } elsif ($query->param('action') eq 'list_packages') {
82 my $username = $query->cookie(-name=>'username'); # session checked
83 my $list = list_packages($username);
84 print "<html>$body\n";
85 print "<center><table border=0>\n";
86 print "<tr><td></td><td><p>Package Number</td><td><p>Description</td></tr>\n";
87 foreach my $package ( @{$list} ) {
89 print "<td></td><td><p>$package->{'pkgnum'}</td><td><p>$package->{'domain'}</td>\n";
90 print "<td></td><td><a href=\"$cgi\?action=select&package=$package->{'pkgnum'}&account=$package->{'account'}&domname=$package->{'domain'}\" target=\"rightmainframe\">select</td>\n";
94 print "</body></html>\n";
97 } elsif ($query->param('action') eq 'list_mailboxes') {
99 my $username = $query->cookie(-name=>'username'); # session checked
100 select_package($username) unless $current_package;
101 my $list = list_mailboxes($username, $current_package);
102 my $forwardlist = list_pkg_forwards($username, $current_package);
103 print "<html>$body\n";
104 print "<center><table border=0>\n";
105 print "<tr><td></td><td><p>Username</td><td><p>Password</td></tr>\n";
106 foreach my $account ( @{$list} ) {
108 print "<td></td><td><p>$account->{'username'}</td><td><p>$account->{'_password'}</td>\n";
109 print "<td></td><td><a href=\"$cgi\?action=change&account=$account->{'svcnum'}&mailbox=$account->{'username'}\" target=\"rightmainframe\">change</td>\n";
112 # my $forwardlist = list_forwards($username, $account->{'svcnum'});
113 # foreach my $forward ( @{$forwardlist} ) {
114 # my $label = qq!=> ! . $forward->{'dest'};
115 # print "<tr><td></td><td></td><td><p>$label</td></tr>\n";
117 foreach my $forward ( @{$forwardlist} ) {
118 if ($forward->{'srcsvc'} == $account->{'svcnum'}) {
119 my $label = qq!=> ! . $forward->{'dest'};
120 print "<tr><td></td><td></td><td><p>$label</td></tr>\n";
126 print "</body></html>\n";
129 } elsif ($query->param('action') eq 'select') {
131 my $username = $query->cookie(-name=>'username'); # session checked
132 $current_package = $query->param('package');
133 $current_account = $query->param('account');
134 $current_domname = $query->param('domname');
136 print "<html>$body\n";
137 print "<form name=form1 action=\"$cgi\" method=post target=\"rightmainframe\">\n";
139 print "<p>Selected package $current_package\n";
142 print "</body></html>\n";
145 } elsif ($query->param('action') eq 'change') {
147 my $username = $query->cookie(-name=>'username'); # session checked
148 select_package($username) unless $current_package;
149 my $account = $query->param('account');
150 my $mailbox = $query->param('mailbox');
151 my $list = list_forwards($username, $account);
152 print "<html>$body\n";
153 print "<form name=form1 action=\"$cgi\" method=post target=\"rightmainframe\">\n";
154 print "<center><table border=0>\n";
155 print "<tr><td></td><td><p>Username</td><td><p>$mailbox</td></tr>\n";
156 print "<input type=hidden name=\"account\" value=\"$account\">\n";
157 print "<input type=hidden name=\"mailbox\" value=\"$mailbox\">\n";
158 foreach my $forward ( @{$list} ) {
159 my $label = qq!=> ! . $forward->{'dest'};
160 # print "<tr><td></td><td></td><td><p>$label</td></tr>\n";
161 print "<tr><td></td><td></td><td><p>$label</td><td><a href=\"$cgi\?action=deleteforward&service=$forward->{'svcnum'}&mailbox=$mailbox&dest=$forward->{'dest'}\" target=\"rightmainframe\">remove</td></tr>\n";
163 print "<tr><td></td><td><p>Password</td><td><input type=text name=\"_password\" value=\"\"></td></tr>\n";
165 print "<input type=submit name=\"deleteaccount\" value=\"Delete This User\">\n";
166 print "<input type=submit name=\"changepassword\" value=\"Change The Password\">\n";
167 print "<input type=submit name=\"addforward\" value=\"Add Forwarding\">\n";
171 print "<p> You may delete this user and all mailforwarding by pressing <B>Delete This User</B>.\n";
172 print "<p> To set or change the password for this user, type the new password in the box next to <B>Password</B> and press <B>Change The Password</B>.\n";
173 print "<p> If you would like to have mail destined for this user forwarded to another email address then press the <B>Add Forwarding</B> button.\n";
174 print "</body></html>\n";
177 } elsif ($query->param('deleteaccount') ne '') {
179 my $username = $query->cookie(-name=>'username'); # session checked
180 select_package($username) unless $current_package;
181 my $account = $query->param('account');
182 my $mailbox = $query->param('mailbox');
183 print "<html>$body\n";
184 print "<form name=form1 action=\"$cgi\" method=post target=\"rightmainframe\">\n";
185 print "<p>Are you certain you want to delete user $mailbox?\n";
186 print "<p><input type=hidden name=\"account\" value=\"$account\">\n";
187 print "<input type=submit name=\"deleteaccounty\" value=\"Confirm\">\n";
188 print "</body></html>\n";
191 } elsif ($query->param('deleteaccounty') ne '') {
193 my $username = $query->cookie(-name=>'username'); # session checked
194 select_package($username) unless $current_package;
195 my $account = $query->param('account');
197 if ( my $error = delete_mailbox ( {
198 'authuser' => $username,
199 'account' => $account,
201 print "<html>$body\n";
203 print "</body></html>\n";
206 print "<html>$body\n";
207 print "<p>Deleted\n";
208 print "</body></html>\n";
213 } elsif ($query->param('changepassword') ne '') {
215 my $username = $query->cookie(-name=>'username'); # session checked
216 select_package($username) unless $current_package;
217 my $account = $query->param('account');
218 my $_password = $query->param('_password');
220 if ( my $error = password_mailbox ( {
221 'authuser' => $username,
222 'account' => $account,
223 '_password' => $_password,
225 print "<html>$body\n";
227 print "</body></html>\n";
230 print "<html>$body\n";
231 print "<p>Changed\n";
232 print "</body></html>\n";
237 } elsif ($query->param('action') eq 'newmailbox') {
239 my $username = $query->cookie(-name=>'username'); # session checked
240 select_package($username) unless $current_package;
241 print "<html>$body\n";
242 print "<form name=form1 action=\"$cgi\" method=post target=\"rightmainframe\">\n";
243 print "<center><table border=0>\n";
244 print "<tr><td></td><td><p>Username </td><td><input type=text name=\"account\" value=\"\"></td><td>@ " . $current_domname . "</td></tr>\n";
245 print "<tr><td></td><td><p>Password</td><td><input type=text name=\"_password\" value=\"\"></td></tr>\n";
247 print "<input type=submit name=\"addmailbox\" value=\"Add This User\">\n";
251 print "<p>Use this screen to add a new mailbox user. If the domain name of the email address (the part after the <B>@</B> sign) is not what you expect then you may need to use <B>List Packages</B> to select the package with the correct domain.\n";
252 print "<p>Enter the first portion of the email address in the box adjacent to <B>Username</B> and enter the password for that user in the space next to <B>Password</B>. Then press the button labeled <B>Add The User</B>.\n";
253 print "<p>If you do not want to add a new user at this time then select a choice from the menu at the left, such as <B>List Mailboxes</B>.\n";
254 print "</body></html>\n";
257 } elsif ($query->param('addmailbox') ne '') {
259 my $username = $query->cookie(-name=>'username'); # session checked
260 select_package($username) unless $current_package;
261 my $account = $query->param('account');
262 my $_password = $query->param('_password');
264 if ( my $error = add_mailbox ( {
265 'authuser' => $username,
266 'package' => $current_package,
267 'account' => $account,
268 '_password' => $_password,
270 print "<html>$body\n";
272 print "</body></html>\n";
275 print "<html>$body\n";
276 print "<p>Created\n";
277 print "</body></html>\n";
282 } elsif ($query->param('action') eq 'deleteforward') {
284 my $username = $query->cookie(-name=>'username'); # session checked
285 select_package($username) unless $current_package;
286 my $svcnum = $query->param('service');
287 my $mailbox = $query->param('mailbox');
288 my $dest = $query->param('dest');
289 print "<html>$body\n";
290 print "<form name=form1 action=\"$cgi\" method=post target=\"rightmainframe\">\n";
291 print "<p>Are you certain you want to remove the forwarding from $mailbox to $dest?\n";
292 print "<p><input type=hidden name=\"service\" value=\"$svcnum\">\n";
293 print "<input type=submit name=\"deleteforwardy\" value=\"Confirm\">\n";
294 print "</body></html>\n";
297 } elsif ($query->param('deleteforwardy') ne '') {
299 my $username = $query->cookie(-name=>'username'); # session checked
300 select_package($username) unless $current_package;
301 my $service = $query->param('service');
303 if ( my $error = delete_forward ( {
304 'authuser' => $username,
305 'svcnum' => $service,
307 print "<html>$body\n";
309 print "</body></html>\n";
312 print "<html>$body\n";
313 print "<p>Forwarding Removed\n";
314 print "</body></html>\n";
319 } elsif ($query->param('addforward') ne '') {
321 my $username = $query->cookie(-name=>'username'); # session checked
322 select_package($username) unless $current_package;
323 my $account = $query->param('account');
324 my $mailbox = $query->param('mailbox');
326 print "<html>$body\n";
327 print "<form name=form1 action=\"$cgi\" method=post target=\"rightmainframe\">\n";
328 print "<center><table border=0>\n";
329 print "<input type=hidden name=\"account\" value=\"$account\">\n";
330 print "<input type=hidden name=\"mailbox\" value=\"$mailbox\">\n";
331 print "<tr><td>Forward mail from </td><td><p>$mailbox:</td><td> to </td></tr>\n";
332 print "<tr><td></td><td><p>Destination:</td><td><input type=text name=\"dest\" value=\"\"></td></tr>\n";
334 print "<input type=submit name=\"addforwarddst\" value=\"Add the Forwarding\">\n";
338 print "<p> If you would like mail originally destined for the above address to be forwarded to a different email address then type that email address in the box next to <B>Destination:</B> and press the <B>Add the Forwarding</B> button.\n";
339 print "<p> If you do not want to add mail forwarding then select a choice from the menu at the left, such as <B>List Accounts</B>.\n";
343 } elsif ($query->param('addforwarddst') ne '') {
345 my $username = $query->cookie(-name=>'username'); # session checked
346 select_package($username) unless $current_package;
347 my $account = $query->param('account');
348 my $dest = $query->param('dest');
350 if ( my $error = add_forward ( {
351 'authuser' => $username,
352 'package' => $current_package,
353 'source' => $account,
356 print "<html>$body\n";
358 print "</body></html>\n";
361 print "<html>$body\n";
362 print "<p>Forwarding Created\n";
363 print "</body></html>\n";
368 } elsif ($query->param('action') eq 'navframe') {
370 print "<html><body bgcolor=bbbbbb>\n";
371 print "<center><h2>NCI2000 MAIL ADMIN Web Interface</h2></center>\n";
373 print "<br><center>Choose Action:</center><br>\n";
374 print "<center><table border=0>\n";
376 print "<tr><td><li><a href=\"$cgi\?action=logout\" target=\"_top\">Log Off</a></td><tr>\n";
377 print "<tr><td><li><a href=\"$cgi\?action=list_packages\" target=\"rightmainframe\">List Packages</a></td><tr>\n";
378 print "<tr><td><li><a href=\"$cgi\?action=list_mailboxes\" target=\"rightmainframe\">List Accounts</a></td><tr>\n";
379 print "<tr><td><li><a href=\"$cgi\?action=newmailbox\" target=\"rightmainframe\">Add Account</a></td><tr>\n";
381 print "</table></center>\n";
383 print "<br><br><br>\n";
384 print "</body></html>\n";
388 } elsif ($query->param('action') eq 'rightmainframe') {
390 print "<html>$body\n";
391 print "<br><br><br>\n";
392 print "<font size=4><----- Please choose function on the left menu</font>\n";
394 print "<p> Choose <B>Log Off</B> when you are finished. This helps prevent unauthorized access to your accounts.\n";
395 print "<p> Use <B>List Packages</B> when you administer multiple packages. When you have multiple domains at NCI2000 you are likely to have multiple packages. Use of <B>List Packages</B> is not necessary if administer only one package.\n";
396 print "<p> Use <B>List Accounts</B> to view your current arrangement of mailboxes. From this list you my choose to make changes to existing mailboxes or delete mailboxes. If you would like to modify the forwarding associated with a mailbox then choose it from this list.\n";
397 print "<p> Use <B>Add Account</B> when you would like an additional mailbox. After you have added the mailbox you may choose to make additional changes from the list provided by <B>List Accounts<B>.\n";
398 print "</body></html>\n";
405 if ($query->param('action') eq 'login') {
410 } elsif ($query->param('action') eq 'logout') {
416 } elsif ($printmainpage) {
419 print "<html><head><title>NCI2000 MAIL ADMIN Web Interface</title></head>\n";
420 print "<FRAMESET cols=\"160,*\" BORDER=\"3\">\n";
421 print "<FRAME NAME=\"navframe\" src=\"$cgi?action=navframe\">\n";
422 print "<FRAME NAME=\"rightmainframe\" src=\"$cgi?action=rightmainframe\">\n";
423 print "</FRAMESET>\n";
430 my $today = localtime(time());
431 my ($day,$mon,$dayofmon,$time,$year) = split(/\s+/,$today);
432 my @datemonths = ("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec");
436 foreach my $mons (@datemonths) {
443 return "$year-$nummon-$dayofmon $time";
454 if ($error eq 'not_admin') {
455 print "<html><head><title>Error!</title></head>\n";
457 print "<center><h1><font face=arial>Error!</font></h1></center>\n";
458 print "<font face=arial>Unauthorized attempt to access mail administration.</font>\n";
459 print "<br><font face=arial>Please login again if you think this is an error.</font>\n";
460 print "<form><input type=button value=\"<<Back\" OnClick=\"history.back()\"></form>\n";
461 print "</body></html>\n";
462 } elsif ($error eq 'exists') {
463 print "<html><head><title>Error!</title></head>\n";
465 print "<center><h1><font face=arial>Error!</font></h1></center>\n";
466 print "<font face=arial>The user you are trying to enter already exists. Please go back and enter a different username</font>\n";
467 print "</font></body></html>\n";
468 } elsif ($error eq 'ingroup') {
469 print "<html><head><title>Error!</title></head>\n";
471 print "<center><h1><font face=arial>Error!</font></h1></center>\n";
472 print "<font face=arial>This user is already in the group <i>$arg1</i>. Please go back and deselect group <i>$arg1</i> from the list.</font>\n";
473 print "<form><input type=button value=\"<<Back\" OnClick=\"history.back()\"></form>\n";
474 print "</font></body></html>\n";
475 } elsif ($error eq 'sess_expired') {
476 print "<html>$body\n";
477 print "<center><font size=4>Your session has expired.</font></center>\n";
478 print "<br><br><center>Please login again <a href=\"$cgi\?action=login\" target=\"_top\"> HERE</a></center>\n";
479 print "</body></html>\n";
480 } elsif ($error eq 'open') {
481 print "<html>$body\n";
482 print "<center><font size=4>Unable to open or rename file.</font></center>\n";
483 print "<br><br><center>If this continues, please contact your administrator</center>\n";
484 print "</body></html>\n";
493 #print a html header if not printed yet
497 print "Content-Type: text/html\n\n";
504 #verify user can access administration
507 my $username = $query->cookie(-name=>'username');
508 my $sessionid = $query->cookie(-name=>'ma_sessionid');
510 if ($sessionid eq '') {
512 if ($query->param()) {
513 error('sess_expired');
522 open(SESSFILE, "$sessionfile") || error('open');
523 error('open') if -l "$tmpdir/adminsess.$$";
524 open(NEWSESS, ">$tmpdir/adminsess.$$") || error('open');
527 my ($user, $sess, $time, $pkgnum, $svcdomain, $domname) = split(/\s+/);
528 next if $now - $sessexpire > $time;
529 if ($username eq $user && !$founduser) {
530 if ($sess eq $sessionid) {
532 print NEWSESS "$user $sess $now $pkgnum $svcdomain $domname\n";
533 $current_package=$pkgnum;
534 $current_account=$svcdomain;
535 $current_domname=$domname;
539 print NEWSESS "$user $sess $time $pkgnum $svcdomain $domname\n";
543 system("mv $tmpdir/adminsess.$$ $sessionfile");
544 error('sess_expired') unless $founduser;
546 my $cookie1 = $query->cookie(-name=>'username',
548 -expires=>$cookieexpire,
549 -domain=>$cookiedomain);
551 my $cookie2 = $query->cookie(-name=>'ma_sessionid',
553 -expires=>$cookieexpire,
554 -domain=>$cookiedomain);
556 print $query->header(-COOKIE=>[$cookie1, $cookie2]);
566 my $username = $query->cookie(-name=>'username');
567 my $sessionid = $query->cookie(-name=>'ma_sessionid');
569 if ($sessionid eq '') {
571 if ($query->param()) {
572 error('sess_expired');
581 open(SESSFILE, "$sessionfile") || error('open');
582 error('open') if -l "$tmpdir/adminsess.$$";
583 open(NEWSESS, ">$tmpdir/adminsess.$$") || error('open');
586 my ($user, $sess, $time, $pkgnum, $svcdomain, $domname) = split(/\s+/);
587 next if $now - $sessexpire > $time;
588 if ($username eq $user && !$founduser) {
589 if ($sess eq $sessionid) {
594 print NEWSESS "$user $sess $time $pkgnum $svcdomain $domname\n";
598 system("mv $tmpdir/adminsess.$$ $sessionfile");
599 error('sess_expired') unless $founduser;
607 # checks the username and pass against the database
610 my $username = shift;
611 my $password = shift;
613 my $error = authenticate ( {
614 'authuser' => $username,
615 '_password' => $password,
618 if ($error eq "$username OK") {
626 #printlogin prints a login page
629 print "<html>$body\n";
630 print "<center><font size=4>Please login to access MAIL ADMIN</font></center>\n";
631 print "<form action=\"$cgi\" method=post>\n";
632 print "<center>Email Address: <input type=text name=\"username\">\n";
633 print "<br>Email Password: <input type=password name=\"password\">\n";
634 print "<br><input type=submit name=\"login\" value=\"Login\">\n";
635 print "</form></center>\n";
636 print "</body></html>\n";
640 #select_package chooses a administrable package if more than one exists
643 my $packages = list_packages($user);
644 if (scalar(@{$packages}) eq 1) {
645 $current_package = @{$packages}[0]->{'pkgnum'};
648 if (scalar(@{$packages}) > 1) {
649 # print $query->redirect("$cgi\?action=list_packages");
650 print "<p>No package selected. You must first <a href=\"$cgi\?action=list_packages\" target=\"rightmainframe\">select a package</a>.\n";
657 my $username = $query->cookie(-name=>'username');
658 my $sessionid = $query->cookie(-name=>'ma_sessionid');
660 if ($sessionid eq '') {
662 if ($query->param()) {
663 error('sess_expired');
672 open(SESSFILE, "$sessionfile") || error('open');
673 error('open') if -l "$tmpdir/adminsess.$$";
674 open(NEWSESS, ">$tmpdir/adminsess.$$") || error('open');
677 my ($user, $sess, $time, $pkgnum, $svcdomain, $domname) = split(/\s+/);
678 next if $now - $sessexpire > $time;
679 if ($username eq $user && !$founduser) {
680 if ($sess eq $sessionid) {
682 print NEWSESS "$user $sess $time $current_package $current_account $current_domname\n";
686 print NEWSESS "$user $sess $time $pkgnum $svcdomain $domname\n";
690 system("mv $tmpdir/adminsess.$$ $sessionfile");
691 error('sess_expired') unless $founduser;