Add create_admin.php tool

README.md

@@ -139,6 +139,8 @@ Install [acme.sh](https://github.com/acmesh-official/acme.sh) or [certbot](https
 nano /etc/postfix/main.cf /etc/nginx/nginx.conf /etc/turnserver.conf
 ```
 
+Replace `YOUR_PASSWORD` in `/etc/postfix/sql/mysql_tls_policy_out.cf` with the one you've generated previously on the other server.
+
 Generate a wireguard keypair and add the public key generated here to the primary mail server wireguard config:
 ```
 export PRIV=$(wg genkey)
@@ -152,6 +154,12 @@ nano /etc/wireguard/wg0.conf
 systemctl enable wg-quick@wg0 && systemctl start wg-quick@wg0
 ```
 
+Edit and create your admin user with the following script:
+```
+nano /var/www/mail/tools/create_admin.php
+php /var/www/mail/tools/create_admin.php
+```
+
 Final step is to reboot the server and check that everything is working.
 
 ### General Domain settings

common_config.php

@@ -27,6 +27,7 @@ const DBUSER_PROSODY = 'prosody'; // Database user
 const DBPASS_PROSODY = 'YOUR_PASSWORD'; // Database password
 const DBNAME_PROSODY = 'prosody'; // Database
 const REGISTRATION_ENABLED = true; // Whether registration is enabled
+const PRIMARY_DOMAIN='danwin1210.de'; // Primary domain to use when a username without domain part was specified
 
 const LANGUAGES = [
 	'cs' => ['name' => 'čeština', 'locale' => 'cs_CZ', 'flag' => '🇨🇿', 'show_in_menu' => true, 'dir' => 'ltr'],

install_binaries.sh

@@ -52,7 +52,7 @@ chown _rspamd: /var/lib/rspamd/dkim
 if [ ! -e /var/www/html/mail ]; then
 	ln -s ../mail/www /var/www/html/mail
 fi
-cp -r composer.json cron.php setup.php www /var/www/mail/
+cp -r composer.json cron.php setup.php www tools /var/www/mail/
 cd /var/www/mail/
 composer install --no-dev
 

tools/create_admin.php

@@ -0,0 +1,11 @@
+<?php
+const ADMIN_USER='admin';
+const ADMIN_PASS='YOUR_PASSWORD';
+
+require_once __DIR__ . '/../common_config.php';
+$db = get_db_instance();
+$hash = password_hash( ADMIN_PASS, PASSWORD_ARGON2ID );
+$stmt = $db->prepare( 'INSERT INTO admin (password_hash_type, password, superadmin, username, created, modified) VALUES ("{ARGON2ID}", ?, 1, ?, NOW(), NOW());' );
+$stmt->execute( [ $hash, ADMIN_USER ] );
+$stmt = $db->prepare( 'INSERT IGNORE INTO domain (domain, created, modified) VALUES (?, NOW(), NOW())' );
+$stmt->execute( [ PRIMARY_DOMAIN ] );

www/manage_account.php

@@ -49,7 +49,7 @@ if ( $_SERVER[ 'REQUEST_METHOD' ] === 'POST' ) {
 			if ( $ok ) {
 				$db = get_db_instance();
 				$user = $match[ 1 ];
-				$domain = $match[ 3 ] ?? 'danwin1210.de';
+				$domain = $match[ 3 ] ?? PRIMARY_DOMAIN;
 				$stmt = $db->prepare( 'SELECT target_domain FROM alias_domain WHERE alias_domain = ? AND active=1;' );
 				$stmt->execute( [ $domain ] );
 				if ( $tmp = $stmt->fetch( PDO::FETCH_ASSOC ) ) {

www/register.php

@@ -31,7 +31,7 @@ if ( isset( $_POST[ 'user' ] ) ) {
 		$msg .= '<div class="red" role="alert">'.htmlspecialchars(_('Invalid username. It may not contain a +, \', " or /.')).'</div>';
 	}
 	$user = mb_strtolower( $match[ 1 ] ?? '' );
-	$domain = $match[ 3 ] ?? 'danwin1210.de';
+	$domain = $match[ 3 ] ?? PRIMARY_DOMAIN;
 	if ( $ok && ( empty( $_POST[ 'pwd' ] ) || empty( $_POST[ 'pwd2' ] ) || $_POST[ 'pwd' ] !== $_POST[ 'pwd2' ] ) ) {
 		$ok = false;
 		$msg .= '<div class="red" role="alert">'.htmlspecialchars(_('Passwords empty or don\'t match')).'</div>';