<?php /** * Copyright (C) 2021 Double Bastion LLC * * This file is part of Roundpin, which is licensed under the * GNU Affero General Public License Version 3.0. The license terms * are detailed in the "LICENSE.txt" file located in the root directory. */ session_start(); if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) { define('ACCESSCONST', TRUE); require('db-connect.php'); $username = $_POST['username']; // Get the Roundcube password and Roundcube auth password for the current user from the 'app_users' table $querysel = $mysqli->query("SELECT username, rcdomain, rcbasicauthuser, rcbasicauthpass, rcuser, rcpassword, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1"); $confdatafromdb = $querysel->fetch_assoc(); // Decrypt the Roundcube password (if any) and Roundcube basic auth password (if any), fetched from the database if ($confdatafromdb['rcpassword'] != '' && $confdatafromdb['rcpassword'] != null && $confdatafromdb['rcpassword'] != 'undefined') { $psswdaddedkeyrc = file_get_contents('restr/'.$username.'/pwdkeyrc'); $rcpasswdinit = $confdatafromdb['rcpassword']; $componentrcpass = explode(':', $rcpasswdinit); $encpwdin = $componentrcpass[0]; $ivkey = $componentrcpass[1]; $rcpassworddec = openssl_decrypt($encpwdin, 'AES-256-CBC', $psswdaddedkeyrc, false, $ivkey); $confdatafromdb['rcpassword'] = $rcpassworddec; } else { $confdatafromdb['rcpassword'] = ''; } if ($confdatafromdb['rcbasicauthpass'] != '' && $confdatafromdb['rcbasicauthpass'] != null && $confdatafromdb['rcbasicauthpass'] != 'undefined') { $psswdaddedkeyrcba = file_get_contents('restr/'.$username.'/pwdkeyrcba'); $rcbapasswdinit = $confdatafromdb['rcbasicauthpass']; $componentrcbapass = explode(':', $rcbapasswdinit); $baencpwdin = $componentrcbapass[0]; $baivkey = $componentrcbapass[1]; $rcbapassworddec = openssl_decrypt($baencpwdin, 'AES-256-CBC', $psswdaddedkeyrcba, false, $baivkey); $confdatafromdb['rcbasicauthpass'] = $rcbapassworddec; } else { $confdatafromdb['rcbasicauthpass'] = ''; } $datafromdb = $confdatafromdb; echo json_encode($datafromdb); } else { header("Location: roundpin-login.php"); } ?>