1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,65 @@ |
1 |
+<?php |
|
2 |
+/** |
|
3 |
+ * Copyright (C) 2021 Double Bastion LLC |
|
4 |
+ * |
|
5 |
+ * This file is part of Roundpin, which is licensed under the |
|
6 |
+ * GNU Affero General Public License Version 3.0. The license terms |
|
7 |
+ * are detailed in the "LICENSE.txt" file located in the root directory. |
|
8 |
+ */ |
|
9 |
+ |
|
10 |
+session_start(); |
|
11 |
+ |
|
12 |
+if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) { |
|
13 |
+ |
|
14 |
+ define('ACCESSCONST', TRUE); |
|
15 |
+ |
|
16 |
+ require('db-connect.php'); |
|
17 |
+ |
|
18 |
+ $username = $_POST['username']; |
|
19 |
+ |
|
20 |
+ // Get the Roundcube password and Roundcube auth password for the current user from the 'app_users' table |
|
21 |
+ $querysel = $mysqli->query("SELECT username, rcdomain, rcbasicauthuser, rcbasicauthpass, rcuser, rcpassword, enabled FROM app_users WHERE BINARY username = '$username' AND enabled = 1"); |
|
22 |
+ $confdatafromdb = $querysel->fetch_assoc(); |
|
23 |
+ |
|
24 |
+ |
|
25 |
+ // Decrypt the Roundcube password (if any) and Roundcube basic auth password (if any), fetched from the database |
|
26 |
+ |
|
27 |
+ if ($confdatafromdb['rcpassword'] != '' && $confdatafromdb['rcpassword'] != null && $confdatafromdb['rcpassword'] != 'undefined') { |
|
28 |
+ |
|
29 |
+ $psswdaddedkeyrc = file_get_contents('restr/'.$username.'/pwdkeyrc'); |
|
30 |
+ $rcpasswdinit = $confdatafromdb['rcpassword']; |
|
31 |
+ $componentrcpass = explode(':', $rcpasswdinit); |
|
32 |
+ |
|
33 |
+ $encpwdin = $componentrcpass[0]; |
|
34 |
+ $ivkey = $componentrcpass[1]; |
|
35 |
+ |
|
36 |
+ $rcpassworddec = openssl_decrypt($encpwdin, 'AES-256-CBC', $psswdaddedkeyrc, false, $ivkey); |
|
37 |
+ |
|
38 |
+ $confdatafromdb['rcpassword'] = $rcpassworddec; |
|
39 |
+ |
|
40 |
+ } else { $confdatafromdb['rcpassword'] = ''; } |
|
41 |
+ |
|
42 |
+ if ($confdatafromdb['rcbasicauthpass'] != '' && $confdatafromdb['rcbasicauthpass'] != null && $confdatafromdb['rcbasicauthpass'] != 'undefined') { |
|
43 |
+ |
|
44 |
+ $psswdaddedkeyrcba = file_get_contents('restr/'.$username.'/pwdkeyrcba'); |
|
45 |
+ $rcbapasswdinit = $confdatafromdb['rcbasicauthpass']; |
|
46 |
+ $componentrcbapass = explode(':', $rcbapasswdinit); |
|
47 |
+ |
|
48 |
+ $baencpwdin = $componentrcbapass[0]; |
|
49 |
+ $baivkey = $componentrcbapass[1]; |
|
50 |
+ |
|
51 |
+ $rcbapassworddec = openssl_decrypt($baencpwdin, 'AES-256-CBC', $psswdaddedkeyrcba, false, $baivkey); |
|
52 |
+ |
|
53 |
+ $confdatafromdb['rcbasicauthpass'] = $rcbapassworddec; |
|
54 |
+ |
|
55 |
+ } else { $confdatafromdb['rcbasicauthpass'] = ''; } |
|
56 |
+ |
|
57 |
+ $datafromdb = $confdatafromdb; |
|
58 |
+ |
|
59 |
+ echo json_encode($datafromdb); |
|
60 |
+ |
|
61 |
+} else { |
|
62 |
+ header("Location: roundpin-login.php"); |
|
63 |
+} |
|
64 |
+ |
|
65 |
+?> |