plugins/change_password/backend/mysql.php

   1 <?php
   2 /* MySQL change password backend
   3  * Author: Thijs Kinkhorst <kink@squirrelmail.org>
   4  */
   5
   6 /**
   7  * Config vars
   8  */
   9
  10 global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
  11        $mysql_password_field, $mysql_manager_id, $mysql_manager_pw;
  12
  13 // The MySQL Server
  14 $mysql_server = 'localhost';
  15 $mysql_database = 'email';
  16 $mysql_table = 'users';
  17
  18 // The names of the user ID and password columns
  19 $mysql_userid_field = 'id';
  20 $mysql_password_field ='password';
  21
  22 // The user to log into MySQL with (must have rights)
  23 $mysql_manager_id = 'email_admin';
  24 $mysql_manager_pw = 'xxxxxxx';
  25
  26
  27 // NO NEED TO CHANGE ANYTHING BELOW THIS LINE
  28
  29 global $squirrelmail_plugin_hooks;
  30 $squirrelmail_plugin_hooks['change_password_dochange']['mysql'] =
  31         'cpw_mysql_dochange';
  32
  33 /**
  34  * This is the function that is specific to your backend. It takes
  35  * the current password (as supplied by the user) and the desired
  36  * new password. It will return an array of messages. If everything
  37  * was successful, the array will be empty. Else, it will contain
  38  * the errormessage(s).
  39  * Constants to be used for these messages:
  40  * CPW_CURRENT_NOMATCH -> "Your current password is not correct."
  41  * CPW_INVALID_PW -> "Your new password contains invalid characters."
  42  *
  43  * @param array data The username/currentpw/newpw data.
  44  * @return array Array of error messages.
  45  */
  46 function cpw_mysql_dochange($data)
  47 {
  48     // unfortunately, we can only pass one parameter to a hook function,
  49     // so we have to pass it as an array.
  50     $username = $data['username'];
  51     $curpw = $data['curpw'];
  52     $newpw = $data['newpw'];
  53
  54     $msgs = array();
  55
  56     global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
  57            $mysql_password_field, $mysql_manager_id, $mysql_manager_pw;
  58
  59     $ds = mysql_pconnect($mysql_server, $mysql_manager_id, $mysql_manager_pw);
  60     if (! $ds) {
  61         array_push($msgs, _("Cannot connect to Database Server, please try later!"));
  62         return $msgs;
  63     }
  64     if (!mysql_select_db($mysql_database, $ds)) {
  65         array_push($msgs, _("Database not found on server"));
  66         return $msgs;
  67     }
  68
  69     $query_string = 'SELECT ' . $mysql_userid_field . ',' . $mysql_password_field
  70                   . ' FROM '  . $mysql_table
  71                   . ' WHERE ' . $mysql_userid_field . '="' . mysql_escape_string($username) .'"'
  72                   . ' AND ' . $mysql_password_field . '="' . mysql_escape_string($curpw) . '"';
  73     $select_result = mysql_query($query_string, $ds);
  74     if (!$select_result) {
  75         array_push($msgs, _("SQL call failed, try again later."));
  76         return $msgs;
  77     }
  78
  79     if (mysql_num_rows($select_result) == 0) {
  80         array_push($msgs, CPW_CURRENT_NOMATCH);
  81         return $msgs;
  82     }
  83     if (mysql_num_rows($select_result) > 1) {
  84         //make sure we only have 1 uid
  85         array_push($msgs, _("Duplicate login entries detected, cannot change password!"));
  86         return $msgs;
  87     }
  88
  89     $update_string = 'UPDATE '. $mysql_table . ' SET ' . $mysql_password_field
  90                    . ' = "' . mysql_escape_string($cp_newpass) . '"'
  91                    . ' WHERE ' . $mysql_userid_field . ' = "' . mysql_escape_string($username) . '"';
  92     if (!mysql_query($update_string, $ds)) {
  93         array_push($msgs, _("Password change was not successful!"));
  94     }
  95
  96     return $msgs;
  97 }