[squirrelmail.git] / plugins / change_password / backend / merak.php

<?php

/**
 * Merakchange password backend
 *
 * @author Edwin van Elk <edwin at eve-software.com>
 * @copyright &copy; 2004-2006 The SquirrelMail Project Team
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 * @version $Id$
 * @package plugins
 * @subpackage change_password
 */

/**
 * Config vars
 */

global $merak_url, $merak_selfpage, $merak_action;

// The Merak Server

$merak_url = "http://localhost:32000/";
$merak_selfpage = "self.html";
$merak_action = "self_edit";

// get overrides from config.
if ( isset($cpw_merak) && is_array($cpw_merak) && !empty($cpw_merak) ) {
  foreach ( $cpw_merak as $key => $value ) {
    if ( isset(${'merak_'.$key}) )
      ${'merak_'.$key} = $value;
  }
}

global $squirrelmail_plugin_hooks;
$squirrelmail_plugin_hooks['change_password_dochange']['merak'] =
   'cpw_merak_dochange';
$squirrelmail_plugin_hooks['change_password_init']['merak'] =
   'cpw_merak_init';

/**
 * Check if php install has all required extensions.
 */
function cpw_merak_init() {
    global $oTemplate;

    if (!function_exists('curl_init')) {
        // user_error('Curl module NOT available!', E_USER_ERROR);
        error_box(_("PHP Curl extension is NOT available! Unable to change password!"));
        // close html and stop script execution
        $oTemplate->display('footer.tpl');
        exit();
    }
}

/**
 * This is the function that is specific to your backend. It takes
 * the current password (as supplied by the user) and the desired
 * new password. It will return an array of messages. If everything
 * was successful, the array will be empty. Else, it will contain
 * the errormessage(s).
 * Constants to be used for these messages:
 * CPW_CURRENT_NOMATCH -> "Your current password is not correct."
 * CPW_INVALID_PW -> "Your new password contains invalid characters."
 *
 * @param array data The username/currentpw/newpw data.
 * @return array Array of error messages.
 */
function cpw_merak_dochange($data)
{
   // unfortunately, we can only pass one parameter to a hook function,
   // so we have to pass it as an array.
   $username = $data['username'];
   $curpw = $data['curpw'];
   $newpw = $data['newpw'];

   $msgs = array();

   global $merak_url, $merak_selfpage, $merak_action;

   $ch = curl_init();
   curl_setopt ($ch, CURLOPT_URL, $merak_url . $merak_selfpage);
   curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt ($ch, CURLOPT_TIMEOUT, 10);
   curl_setopt ($ch, CURLOPT_USERPWD, "$username:$curpw");
   curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
   $result = curl_exec ($ch);
   curl_close ($ch);

   if (strpos($result, "401 Access denied") <> 0) {
      array_push($msgs, _("Cannot change password! (Is user 'Self Configurable User' ?) (401)"));
      return $msgs;
   }

   // Get URL from: <FORM METHOD="POST" ACTION="success.html?id=a9375ee5e445775e871d5e1401a963aa">

   $str = stristr($result, "<FORM");
   $str = substr($str, 0, strpos($str, ">") + 1);
   $str = stristr($str, "ACTION=");
   $str = substr(stristr($str, "\""),1);
   $str = substr($str, 0, strpos($str, "\""));

   // Extra check to see if the result contains 'html'
   if (!stristr($str, "html")) {
      array_push($msgs, _("Cannot change password!") . " (1)" );
      return $msgs;
   }

   $newurl = $merak_url . $str;

   // Get useraddr from: $useraddr = <INPUT TYPE="HIDDEN" NAME="usraddr" VALUE="mail@hostname.com">

   $str = stristr($result, "usraddr");
   $str = substr($str, 0, strpos($str, ">") + 1);
   $str = stristr($str, "VALUE=");
   $str = substr(stristr($str, "\""),1);
   $str = substr($str, 0, strpos($str, "\""));

   // Extra check to see if the result contains '@'
   if (!stristr($str, "@")) {
      array_push($msgs, _("Cannot change password!") . " (2)" );
      return $msgs;
   }

   $useraddr = $str;

   //Include (almost) all input fields from screen

   $contents2 = $result;

   $tag = stristr($contents2, "<INPUT");

   while ($tag) {
      $contents2 = stristr($contents2, "<INPUT");
      $tag = substr($contents2, 0, strpos($contents2, ">") + 1);

      if (GetSub($tag, "TYPE") == "TEXT" ||
          GetSub($tag, "TYPE") == "HIDDEN" ||
          GetSub($tag, "TYPE") == "PASSWORD") {
         $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
      }

      if ((GetSub($tag, "TYPE") == "RADIO" ||
           GetSub($tag, "TYPE") == "CHECKBOX") &&
          IsChecked($tag)) {
         $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
      }
      $contents2 = substr($contents2, 1);
   }

   $tags["action"]   = $merak_action;
   $tags["usraddr"]  = $useraddr;
   $tags["usr_pass"] = $newpw;
   $tags["usr_conf"] = $newpw;

   $str2 = "";
   foreach ($tags as $key => $value) {
      $str2 .= $key . "=" . urlencode($value) . "&";
   }

   $str2 = trim($str2, "&");

   // Change password!

   $ch = curl_init();
   curl_setopt ($ch, CURLOPT_URL, $newurl);
   curl_setopt ($ch, CURLOPT_POST, 1);
   curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
   curl_setopt ($ch, CURLOPT_POSTFIELDS, $str2);
   $result=curl_exec ($ch);
   curl_close ($ch);

   if (strpos($result, "Failure") <> 0) {
     array_push($msgs, _("Cannot change password!") .  " (3)");
     return $msgs;
   }

   return $msgs;
}

function GetSub($tag, $type) {

   $str = stristr($tag, $type . "=");
   $str = substr($str, strlen($type) + 1);
   $str = trim($str, '"');

   if (!strpos($str, " ") === false) {
      $str = substr($str, 0, strpos($str, " "));
      $str = trim($str, '"');
   }

   if (!(strpos($str, '"') === false)) {
      $str = substr($str, 0, strpos($str, '"'));
   }

   $str = trim($str, '>');

   return $str;
}

function IsChecked($tag) {

   if (!(strpos(strtolower($tag), 'checked') === false)) {
      return true;
   }

   return false;
}
Commit	Line	Data
087508d9	1	<?php
4b4abf93	2
6ca3fd49	3	/**
	4	* Merakchange password backend
	5	*
4b4abf93	6	* @author Edwin van Elk <edwin at eve-software.com>
47ccfad4	7	* @copyright © 2004-2006 The SquirrelMail Project Team
4b4abf93	8	* @license http://opensource.org/licenses/gpl-license.php GNU Public License
6ca3fd49	9	* @version $Id$
	10	* @package plugins
	11	* @subpackage change_password
087508d9	12	*/
	13
	14	/**
	15	* Config vars
	16	*/
	17
	18	global $merak_url, $merak_selfpage, $merak_action;
	19
	20	// The Merak Server
	21
	22	$merak_url = "http://localhost:32000/";
	23	$merak_selfpage = "self.html";
	24	$merak_action = "self_edit";
	25
76063016	26	// get overrides from config.
	27	if ( isset($cpw_merak) && is_array($cpw_merak) && !empty($cpw_merak) ) {
	28	foreach ( $cpw_merak as $key => $value ) {
	29	if ( isset(${'merak_'.$key}) )
	30	${'merak_'.$key} = $value;
	31	}
	32	}
087508d9	33
087508d9	34	global $squirrelmail_plugin_hooks;
91e0dccc	35	$squirrelmail_plugin_hooks['change_password_dochange']['merak'] =
087508d9	36	'cpw_merak_dochange';
c683d87f	37	$squirrelmail_plugin_hooks['change_password_init']['merak'] =
76063016	38	'cpw_merak_init';
	39
	40	/**
	41	* Check if php install has all required extensions.
	42	*/
	43	function cpw_merak_init() {
1b858d86	44	global $oTemplate;
76063016	45
76063016	46	if (!function_exists('curl_init')) {
76063016	47	// user_error('Curl module NOT available!', E_USER_ERROR);
1b858d86	48	error_box(_("PHP Curl extension is NOT available! Unable to change password!"));
76063016	49	// close html and stop script execution
1b858d86	50	$oTemplate->display('footer.tpl');
76063016	51	exit();
	52	}
	53	}
087508d9	54
	55	/**
	56	* This is the function that is specific to your backend. It takes
	57	* the current password (as supplied by the user) and the desired
	58	* new password. It will return an array of messages. If everything
	59	* was successful, the array will be empty. Else, it will contain
	60	* the errormessage(s).
	61	* Constants to be used for these messages:
	62	* CPW_CURRENT_NOMATCH -> "Your current password is not correct."
	63	* CPW_INVALID_PW -> "Your new password contains invalid characters."
	64	*
91e0dccc	65	* @param array data The username/currentpw/newpw data.
087508d9	66	* @return array Array of error messages.
	67	*/
	68	function cpw_merak_dochange($data)
	69	{
	70	// unfortunately, we can only pass one parameter to a hook function,
	71	// so we have to pass it as an array.
	72	$username = $data['username'];
	73	$curpw = $data['curpw'];
	74	$newpw = $data['newpw'];
	75
	76	$msgs = array();
	77
ce68b76b	78	global $merak_url, $merak_selfpage, $merak_action;
087508d9	79
087508d9	80	$ch = curl_init();
	81	curl_setopt ($ch, CURLOPT_URL, $merak_url . $merak_selfpage);
	82	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
	83	curl_setopt ($ch, CURLOPT_TIMEOUT, 10);
	84	curl_setopt ($ch, CURLOPT_USERPWD, "$username:$curpw");
	85	curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
	86	$result = curl_exec ($ch);
	87	curl_close ($ch);
	88
	89	if (strpos($result, "401 Access denied") <> 0) {
	90	array_push($msgs, _("Cannot change password! (Is user 'Self Configurable User' ?) (401)"));
	91	return $msgs;
	92	}
	93
	94	// Get URL from: <FORM METHOD="POST" ACTION="success.html?id=a9375ee5e445775e871d5e1401a963aa">
	95
	96	$str = stristr($result, "<FORM");
	97	$str = substr($str, 0, strpos($str, ">") + 1);
	98	$str = stristr($str, "ACTION=");
	99	$str = substr(stristr($str, "\""),1);
	100	$str = substr($str, 0, strpos($str, "\""));
	101
	102	// Extra check to see if the result contains 'html'
	103	if (!stristr($str, "html")) {
	104	array_push($msgs, _("Cannot change password!") . " (1)" );
	105	return $msgs;
	106	}
	107
	108	$newurl = $merak_url . $str;
	109
	110	// Get useraddr from: $useraddr = <INPUT TYPE="HIDDEN" NAME="usraddr" VALUE="mail@hostname.com">
	111
	112	$str = stristr($result, "usraddr");
	113	$str = substr($str, 0, strpos($str, ">") + 1);
	114	$str = stristr($str, "VALUE=");
	115	$str = substr(stristr($str, "\""),1);
	116	$str = substr($str, 0, strpos($str, "\""));
	117
	118	// Extra check to see if the result contains '@'
	119	if (!stristr($str, "@")) {
	120	array_push($msgs, _("Cannot change password!") . " (2)" );
	121	return $msgs;
	122	}
	123
	124	$useraddr = $str;
	125
	126	//Include (almost) all input fields from screen
	127
	128	$contents2 = $result;
	129
	130	$tag = stristr($contents2, "<INPUT");
	131
	132	while ($tag) {
	133	$contents2 = stristr($contents2, "<INPUT");
	134	$tag = substr($contents2, 0, strpos($contents2, ">") + 1);
	135
	136	if (GetSub($tag, "TYPE") == "TEXT" \|\|
	137	GetSub($tag, "TYPE") == "HIDDEN" \|\|
	138	GetSub($tag, "TYPE") == "PASSWORD") {
	139	$tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
	140	}
	141
	142	if ((GetSub($tag, "TYPE") == "RADIO" \|\|
	143	GetSub($tag, "TYPE") == "CHECKBOX") &&
144	IsChecked($tag)) {
145	$tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
146	}
147	$contents2 = substr($contents2, 1);
148	}
149
150	$tags["action"] = $merak_action;
151	$tags["usraddr"] = $useraddr;
152	$tags["usr_pass"] = $newpw;
153	$tags["usr_conf"] = $newpw;
154
155	$str2 = "";
156	foreach ($tags as $key => $value) {
157	$str2 .= $key . "=" . urlencode($value) . "&";
158	}
159
160	$str2 = trim($str2, "&");
161
162	// Change password!
163
164	$ch = curl_init();
165	curl_setopt ($ch, CURLOPT_URL, $newurl);
166	curl_setopt ($ch, CURLOPT_POST, 1);
167	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
168	curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
169	curl_setopt ($ch, CURLOPT_POSTFIELDS, $str2);
170	$result=curl_exec ($ch);
171	curl_close ($ch);
172
173	if (strpos($result, "Failure") <> 0) {
174	array_push($msgs, _("Cannot change password!") . " (3)");
175	return $msgs;
176	}
177
178	return $msgs;
179	}
180
181	function GetSub($tag, $type) {
182
183	$str = stristr($tag, $type . "=");
184	$str = substr($str, strlen($type) + 1);
185	$str = trim($str, '"');
186
187	if (!strpos($str, " ") === false) {
188	$str = substr($str, 0, strpos($str, " "));
189	$str = trim($str, '"');
190	}
191
192	if (!(strpos($str, '"') === false)) {
193	$str = substr($str, 0, strpos($str, '"'));
194	}
195
196	$str = trim($str, '>');
197
198	return $str;
199	}
200
201	function IsChecked($tag) {
202
203	if (!(strpos(strtolower($tag), 'checked') === false)) {
204	return true;
205	}
206
207	return false;
91e0dccc	208	}