27663afe |
1 | <?php |
2 | /* MySQL change password backend |
3 | * Author: Thijs Kinkhorst <kink@squirrelmail.org> |
4 | */ |
5 | |
6 | /** |
7 | * Config vars |
8 | */ |
9 | |
10 | global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field, |
11 | $mysql_password_field, $mysql_manager_id, $mysql_manager_pw; |
12 | |
13 | // The MySQL Server |
14 | $mysql_server = 'localhost'; |
15 | $mysql_database = 'email'; |
16 | $mysql_table = 'users'; |
17 | |
18 | // The names of the user ID and password columns |
19 | $mysql_userid_field = 'id'; |
20 | $mysql_password_field ='password'; |
21 | |
22 | // The user to log into MySQL with (must have rights) |
23 | $mysql_manager_id = 'email_admin'; |
24 | $mysql_manager_pw = 'xxxxxxx'; |
25 | |
26 | |
27 | // NO NEED TO CHANGE ANYTHING BELOW THIS LINE |
28 | |
29 | global $squirrelmail_plugin_hooks; |
30 | $squirrelmail_plugin_hooks['change_password_dochange']['mysql'] = |
31 | 'cpw_mysql_dochange'; |
32 | |
33 | /** |
34 | * This is the function that is specific to your backend. It takes |
35 | * the current password (as supplied by the user) and the desired |
36 | * new password. It will return an array of messages. If everything |
37 | * was successful, the array will be empty. Else, it will contain |
38 | * the errormessage(s). |
39 | * Constants to be used for these messages: |
40 | * CPW_CURRENT_NOMATCH -> "Your current password is not correct." |
41 | * CPW_INVALID_PW -> "Your new password contains invalid characters." |
42 | * |
43 | * @param array data The username/currentpw/newpw data. |
44 | * @return array Array of error messages. |
45 | */ |
46 | function cpw_mysql_dochange($data) |
47 | { |
48 | // unfortunately, we can only pass one parameter to a hook function, |
49 | // so we have to pass it as an array. |
50 | $username = $data['username']; |
51 | $curpw = $data['curpw']; |
52 | $newpw = $data['newpw']; |
53 | |
54 | $msgs = array(); |
55 | |
56 | global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field, |
57 | $mysql_password_field, $mysql_manager_id, $mysql_manager_pw; |
58 | |
59 | $ds = mysql_pconnect($mysql_server, $mysql_manager_id, $mysql_manager_pw); |
60 | if (! $ds) { |
61 | array_push($msgs, _("Cannot connect to Database Server, please try later!")); |
62 | return $msgs; |
63 | } |
64 | if (!mysql_select_db($mysql_database, $ds)) { |
65 | array_push($msgs, _("Database not found on server")); |
66 | return $msgs; |
67 | } |
68 | |
69 | $query_string = 'SELECT ' . $mysql_userid_field . ',' . $mysql_password_field |
70 | . ' FROM ' . $mysql_table |
71 | . ' WHERE ' . $mysql_userid_field . '="' . mysql_escape_string($username) .'"' |
72 | . ' AND ' . $mysql_password_field . '="' . mysql_escape_string($curpw) . '"'; |
73 | $select_result = mysql_query($query_string, $ds); |
74 | if (!$select_result) { |
75 | array_push($msgs, _("SQL call failed, try again later.")); |
76 | return $msgs; |
77 | } |
78 | |
79 | if (mysql_num_rows($select_result) == 0) { |
80 | array_push($msgs, CPW_CURRENT_NOMATCH); |
81 | return $msgs; |
82 | } |
83 | if (mysql_num_rows($select_result) > 1) { |
84 | //make sure we only have 1 uid |
85 | array_push($msgs, _("Duplicate login entries detected, cannot change password!")); |
86 | return $msgs; |
87 | } |
88 | |
89 | $update_string = 'UPDATE '. $mysql_table . ' SET ' . $mysql_password_field |
90 | . ' = "' . mysql_escape_string($cp_newpass) . '"' |
91 | . ' WHERE ' . $mysql_userid_field . ' = "' . mysql_escape_string($username) . '"'; |
92 | if (!mysql_query($update_string, $ds)) { |
93 | array_push($msgs, _("Password change was not successful!")); |
94 | } |
95 | |
96 | return $msgs; |
97 | } |