X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=plugins%2Fchange_password%2Fbackend%2Fldap.php;h=f0ff7419255932f0f1a24ccb6c3aae716951d9b0;hb=c4faef335b2362c81b8ebf026d4066c12d70536c;hp=c04785f83fac9134cb1a9e745aeb1c0630baf57a;hpb=444db9b329defe670a702dbecc22749141a5ca03;p=squirrelmail.git

diff --git a/plugins/change_password/backend/ldap.php b/plugins/change_password/backend/ldap.php
index c04785f8..f0ff7419 100644
--- a/plugins/change_password/backend/ldap.php
+++ b/plugins/change_password/backend/ldap.php
@@ -1,22 +1,25 @@
 <?php
+
 /**
  * Change password LDAP backend
  *
+ * @copyright 2005-2020 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
  * @subpackage change_password
  */
 
 /**
- * If SM_PATH isn't defined, define it.  Required to include files.
- * @ignore
+ * do not allow to call this file directly
  */
-if (!defined('SM_PATH')) define('SM_PATH','../../../');
+if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE__) {
+    header("Location: ../../../src/login.php");
+    die();
+}
 
 /** load required functions */
 
-/** error_box() function */
-include_once(SM_PATH . 'functions/display_messages.php');
 /** sqimap_get_user_server() function */
 include_once(SM_PATH . 'functions/imap_general.php');
 
@@ -154,27 +157,26 @@ $squirrelmail_plugin_hooks['change_password_init']['ldap'] =
  * Makes sure that required functions and configuration options are set.
  */
 function cpw_ldap_init() {
-    global $color;
-    global $cpw_ldap_basedn;
+    global $oTemplate, $cpw_ldap_basedn;
 
     // set initial value for error tracker
     $cpw_ldap_initerr=false;
 
     // check for ldap support in php
     if (! function_exists('ldap_connect')) {
-        error_box(_("Current configuration requires LDAP support in PHP."),$color);
+        error_box(_("Current configuration requires LDAP support in PHP."));
         $cpw_ldap_initerr=true;
     }
 
     // chech required configuration settings.
     if ($cpw_ldap_basedn=='') {
-        error_box(_("Plugin is not configured correctly."),$color);
+        error_box(_("Plugin is not configured correctly."));
         $cpw_ldap_initerr=true;
     }
 
     // if error var is positive, close html and stop execution
     if ($cpw_ldap_initerr) {
-        echo '</body></html>';
+        $oTemplate->display('footer.tpl');
         exit;
     }
 }
@@ -548,7 +550,6 @@ function cpw_ldap_password_hash($pass,$crypto,&$msgs,$forced_salt='') {
     case 'smd5':
         // minimal requirement = mhash extension with md5 support and php 4.0.4.
         if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) && defined('MHASH_MD5')) {
-            sq_mt_seed( (double) microtime() * 1000000 );
             if ($forced_salt!='') {
                 $salt=$forced_salt;
             } else {
@@ -588,7 +589,6 @@ function cpw_ldap_password_hash($pass,$crypto,&$msgs,$forced_salt='') {
     case 'ssha':
         // minimal requirement = mhash extension and php 4.0.4
         if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) && defined('MHASH_SHA1')) {
-            sq_mt_seed( (double) microtime() * 1000000 );
             if ($forced_salt!='') {
                 $salt=$forced_salt;
             } else {
@@ -623,7 +623,6 @@ function cpw_ldap_password_hash($pass,$crypto,&$msgs,$forced_salt='') {
     case 'extcrypt':
         // check if crypt() supports extended des
         if (defined('CRYPT_EXT_DES') && CRYPT_EXT_DES==1) {
-            // FIXME: guinea pigs with extended des support needed.
             $ret = '{CRYPT}' . crypt($pass,'_' . GenerateRandomString(8,$extra_salt_chars,7));
         } else {
             array_push($msgs,
@@ -634,7 +633,6 @@ function cpw_ldap_password_hash($pass,$crypto,&$msgs,$forced_salt='') {
     case 'blowfish':
         // check if crypt() supports blowfish
         if (defined('CRYPT_BLOWFISH') && CRYPT_BLOWFISH==1) {
-            // FIXME: guinea pigs with blowfish support needed.
             $ret = '{CRYPT}' . crypt($pass,'$2a$12$' . GenerateRandomString(13,$extra_salt_chars,7));
         } else {
             array_push($msgs,
@@ -648,7 +646,7 @@ function cpw_ldap_password_hash($pass,$crypto,&$msgs,$forced_salt='') {
         break;
     default:
         array_push($msgs,sprintf(_("Unsupported crypto: %s"),
-                                 (is_string($ldap_crypto) ? htmlspecialchars($ldap_crypto) : _("unknown"))));
+                                 (is_string($ldap_crypto) ? sm_encode_html_special_chars($ldap_crypto) : _("unknown"))));
     }
     return $ret;
 }
@@ -784,4 +782,3 @@ function cpw_ldap_compare_pass($pass_hash,$pass_clear,&$msgs) {
     }
     return $ret;
 }
-?>
\ No newline at end of file