From 32cbcc35cc938f699d2cb0160e9ab3d39c8b0f20 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.de>
Date: Fri, 30 Dec 2022 13:31:57 +0100
Subject: [PATCH] A few bugfixes

---
 .gitignore       |  3 +++
 cron.php         |  4 ++--
 www/admin.php    | 38 +++++++++++++++++++++++++-------------
 www/index.php    |  1 +
 www/register.php |  4 ++--
 5 files changed, 33 insertions(+), 17 deletions(-)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..61cde56
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+composer.lock
+vendor/
+*~
diff --git a/cron.php b/cron.php
index d9ba29c..37fb26d 100644
--- a/cron.php
+++ b/cron.php
@@ -47,10 +47,10 @@ while ( $tmp = $stmt->fetch( PDO::FETCH_ASSOC ) ) {
 			$delete_prosody_archive->execute( [ $tmp[ 'local_part' ], $tmp[ 'domain' ] ] );
 		}
 	}
-	if ( $tmp[ 'active' ] === '-2' ) {
+	if ( $tmp[ 'active' ] === -2 ) {
 		$delete->execute( [ $tmp[ 'username' ] ] );
 	}
-	if ( $tmp[ 'active' ] === '-1' ) {
+	if ( $tmp[ 'active' ] === -1 ) {
 		$disable->execute( [ $tmp[ 'username' ] ] );
 	}
 	$delete_alias->execute( [ $tmp[ 'username' ] ] );
diff --git a/www/admin.php b/www/admin.php
index 577d457..f82a494 100644
--- a/www/admin.php
+++ b/www/admin.php
@@ -205,25 +205,37 @@ if ( $_SERVER[ 'REQUEST_METHOD' ] === 'POST' ) {
 					$msg .= '<div class="green" role="alert">Successfully updated alias domain.</div>';
 				}
 			} elseif ( $_POST[ 'action' ] === 'save_new_domain' && ! empty( $_POST[ 'domain' ] ) && $_SESSION[ 'email_admin_superadmin' ] ) {
-				$stmt = $db->prepare( 'SELECT null FROM domain WHERE domain = ?;' );
-				$stmt->execute( [ $_POST[ 'domain' ] ] );
+				$stmt = $db->prepare( 'SELECT null FROM domain WHERE domain = ? UNION SELECT null FROM alias_domain WHERE alias_domain = ?;' );
+				$stmt->execute( [ $_POST[ 'domain' ], $_POST[ 'domain' ] ] );
 				if ( $stmt->fetch() ) {
 					$msg .= '<div class="red" role="alert">Oops, it looks like the domain "' . htmlspecialchars( $_POST[ 'domain' ] ) . '" already exists.</div>';
 				} else {
+					$ascii_domian = idn_to_ascii($_POST['domain'], IDNA_NONTRANSITIONAL_TO_ASCII);
+					$utf8_domian = idn_to_utf8($_POST['domain'], IDNA_NONTRANSITIONAL_TO_UNICODE);
 					$active = isset( $_POST[ 'active' ] ) ? 1 : 0;
 					$stmt = $db->prepare( 'INSERT INTO domain (active, domain, created, modified) VALUES (?, ?, NOW(), NOW());' );
-					$stmt->execute( [ $active, $_POST[ 'domain' ] ] );
+					$stmt->execute( [ $active, $utf8_domain ] );
+					if($ascii_domain !== $utf8_domain){
+						$stmt = $db->prepare( 'INSERT INTO alias_domain (active, alias_domain, target_domain, created, modified) VALUES (1, ?, ?, NOW(), NOW());' );
+						$stmt->execute( [ $ascii_domain, $utf8_domain ] );
+					}
 					$msg .= '<div class="green" role="alert">Successfully created domain.</div>';
 				}
 			} elseif ( $_POST[ 'action' ] === 'save_new_alias_domain' && ! empty( $_POST[ 'alias_domain' ] ) && $_SESSION[ 'email_admin_superadmin' ] ) {
-				$stmt = $db->prepare( 'SELECT null FROM alias_domain WHERE alias_domain = ?;' );
-				$stmt->execute( [ $_POST[ 'alias_domain' ] ] );
+				$stmt = $db->prepare( 'SELECT null FROM domain WHERE domain = ? UNION SELECT null FROM alias_domain WHERE alias_domain = ?;' );
+				$stmt->execute( [ $_POST[ 'alias_domain' ], $_POST[ 'alias_domain' ] ] );
 				if ( $stmt->fetch() ) {
-					$msg .= '<div class="red" role="alert">Oops, it looks like the alias domain "' . htmlspecialchars( $_POST[ 'domain' ] ) . '" already exists.</div>';
+					$msg .= '<div class="red" role="alert">Oops, it looks like the alias domain "' . htmlspecialchars( $_POST[ 'alias_domain' ] ) . '" already exists.</div>';
 				} else {
+					$ascii_domian = idn_to_ascii($_POST['alias_domain'], IDNA_NONTRANSITIONAL_TO_ASCII);
+					$utf8_domian = idn_to_utf8($_POST['alias_domain'], IDNA_NONTRANSITIONAL_TO_UNICODE);
 					$active = isset( $_POST[ 'active' ] ) ? 1 : 0;
 					$stmt = $db->prepare( 'INSERT INTO alias_domain (active, alias_domain, target_domain, created, modified) VALUES (?, ?, ?, NOW(), NOW());' );
-					$stmt->execute( [ $active, $_POST[ 'alias_domain' ], $_POST[ 'target_domain' ] ] );
+					$stmt->execute( [ $active, $utf8_domain, $_POST[ 'target_domain' ] ] );
+					if($ascii_domain !== $utf8_domain){
+						$stmt = $db->prepare( 'INSERT INTO alias_domain (active, alias_domain, target_domain, created, modified) VALUES (?, ?, ?, NOW(), NOW());' );
+						$stmt->execute( [ $active, $ascii_domain, $_POST[ 'target_domain' ] ] );
+					}
 					$msg .= '<div class="green" role="alert">Successfully created alias domain.</div>';
 				}
 			} elseif ( $_POST[ 'action' ] === 'save_new_alias' && ! empty( $_POST[ 'alias' ] ) && ! empty( $_POST[ 'target' ] ) ) {
@@ -362,8 +374,8 @@ if ( $_SERVER[ 'REQUEST_METHOD' ] === 'POST' ) {
         <link rel="canonical" href="https://danwin1210.de/mail/admin.php">
     </head>
     <body>
-        <main>
-	<?php if ( ! empty( $_SESSION[ 'email_admin_user' ] ) ) { ?>
+	<main><h1>E-Mail and XMPP - Admin managemen</h1>
+	if ( ! empty( $_SESSION[ 'email_admin_user' ] ) ) { ?>
         <form method="post"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION[ 'csrf_token' ]; ?>">
         <p>Logged in as <?php echo htmlspecialchars( $_SESSION[ 'email_admin_user' ] ); ?> |
             <button name="action" value="logout" type="submit">Logout</button><?php
@@ -969,12 +981,12 @@ function send_edit_mailbox(): void
 	$stmt->execute( [ $_REQUEST[ 'user' ] ] );
 	if ( $email = $stmt->fetch( PDO::FETCH_ASSOC ) ) {
 		$aliases = explode( ',', $email[ 'goto' ] );
-		$aliases_to = implode( "\n", array_diff( $aliases, [ $_POST[ 'user' ] ] ) );
+		$aliases_to = implode( "\n", array_diff( $aliases, [ $_REQUEST[ 'user' ] ] ) );
 		?>
-        <h2>Edit mailbox <?php echo htmlspecialchars( $_POST[ 'user' ] ); ?></h2>
+        <h2>Edit mailbox <?php echo htmlspecialchars( $_REQUEST[ 'user' ] ); ?></h2>
         <form class="form_limit" action="admin.php" method="post">
             <input type="hidden" name="csrf_token" value="<?php echo $_SESSION[ 'csrf_token' ]; ?>">
-            <input type="hidden" name="user" value="<?php echo htmlspecialchars( $_POST[ 'user' ] ); ?>">
+            <input type="hidden" name="user" value="<?php echo htmlspecialchars( $_REQUEST[ 'user' ] ); ?>">
             <div class="row">
                 <div class="col"><label for="alias_to">Forward to</label></div>
                 <div class="col"><textarea name="alias_to"
@@ -983,7 +995,7 @@ function send_edit_mailbox(): void
             <div class="row">
                 <div class="col"><label for="alias_keep_copy">Keep a local copy</label></div>
                 <div class="col"><input type="checkbox" name="alias_keep_copy"
-                                        id="alias_keep_copy"<?php echo in_array( $_POST[ 'user' ], $aliases, true ) ? ' checked' : ''; ?>>
+                                        id="alias_keep_copy"<?php echo in_array( $_REQUEST[ 'user' ], $aliases, true ) ? ' checked' : ''; ?>>
                 </div>
             </div>
             <div class="row">
diff --git a/www/index.php b/www/index.php
index 4f1f2ef..446a68d 100644
--- a/www/index.php
+++ b/www/index.php
@@ -1,3 +1,4 @@
+<?php include_once('../common_config.php'); ?>
 <!DOCTYPE html><html lang="en-gb"><head>
 <title>Daniel - E-Mail and XMPP</title>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
diff --git a/www/register.php b/www/register.php
index 5c2b609..ad54581 100644
--- a/www/register.php
+++ b/www/register.php
@@ -3,7 +3,6 @@
 use Egulias\EmailValidator\EmailValidator;
 use Egulias\EmailValidator\Validation\NoRFCWarningsValidation;
 
-require_once( '../vendor/autoload.php' );
 require_once( '../common_config.php' );
 session_start();
 if ( empty( $_SESSION[ 'csrf_token' ] ) || $_SESSION[ 'UA' ] !== $_SERVER[ 'HTTP_USER_AGENT' ] ) {
@@ -85,7 +84,8 @@ if ( isset( $_POST[ 'user' ] ) ) {
 <body>
 <main>
 <p><a href="/mail/">Info</a> | Register | <a href="/mail/squirrelmail/src/login.php" target="_blank">Webmail-Login</a> |
-    <a href="/mail/manage_account.php">Manage account</a> | <a href="https://danwin1210.de:5281/conversejs" target="_blank" rel="noopener">Web-XMPP</a></p>
+    <a href="/mail/manage_account.php">Manage account</a> | <a href="https://danwin1210.de:5281/conversejs" target="_blank" rel="noopener">Web-XMPP</a>
+</p>
 <?php echo "<p>$msg</p>"; ?>
 <form class="form_limit" action="register.php" method="post"><input type="hidden" name="csrf_token"
                                                                     value="<?php echo $_SESSION[ 'csrf_token' ] ?>">