[squirrelmail.git] / plugins / change_password / backend / merak.php

<?php
/**
 * Merakchange password backend
 *
 * @author Edwin van Elk <Edwin@eve-software.com>
 * @version $Id$
 * @package plugins
 * @subpackage change_password
 */

/**
 * Config vars
 */

global $merak_url, $merak_selfpage, $merak_action;

// The Merak Server

$merak_url = "http://localhost:32000/";
$merak_selfpage = "self.html";
$merak_action = "self_edit";

// NO NEED TO CHANGE ANYTHING BELOW THIS LINE

global $squirrelmail_plugin_hooks;
$squirrelmail_plugin_hooks['change_password_dochange']['merak'] =
   'cpw_merak_dochange';

/**
 * This is the function that is specific to your backend. It takes
 * the current password (as supplied by the user) and the desired
 * new password. It will return an array of messages. If everything
 * was successful, the array will be empty. Else, it will contain
 * the errormessage(s).
 * Constants to be used for these messages:
 * CPW_CURRENT_NOMATCH -> "Your current password is not correct."
 * CPW_INVALID_PW -> "Your new password contains invalid characters."
 *
 * @param array data The username/currentpw/newpw data.
 * @return array Array of error messages.
 */
function cpw_merak_dochange($data)
{
   // unfortunately, we can only pass one parameter to a hook function,
   // so we have to pass it as an array.
   $username = $data['username'];
   $curpw = $data['curpw'];
   $newpw = $data['newpw'];

   $msgs = array();

   global $merak_url, $merak_selfpage, $merak_action;

   if (!function_exists('curl_init')) {

      // user_error('Curl module NOT available!', E_USER_ERROR);
      array_push($msgs, _("Curl module NOT available! Unable to change password!"));
      return $msgs;
   }

   $ch = curl_init();
   curl_setopt ($ch, CURLOPT_URL, $merak_url . $merak_selfpage);
   curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt ($ch, CURLOPT_TIMEOUT, 10);
   curl_setopt ($ch, CURLOPT_USERPWD, "$username:$curpw");
   curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
   $result = curl_exec ($ch);
   curl_close ($ch);

   if (strpos($result, "401 Access denied") <> 0) {
      array_push($msgs, _("Cannot change password! (Is user 'Self Configurable User' ?) (401)"));
      return $msgs;
   }

   // Get URL from: <FORM METHOD="POST" ACTION="success.html?id=a9375ee5e445775e871d5e1401a963aa">

   $str = stristr($result, "<FORM");
   $str = substr($str, 0, strpos($str, ">") + 1);
   $str = stristr($str, "ACTION=");
   $str = substr(stristr($str, "\""),1);
   $str = substr($str, 0, strpos($str, "\""));

   // Extra check to see if the result contains 'html'
   if (!stristr($str, "html")) {
      array_push($msgs, _("Cannot change password!") . " (1)" );
      return $msgs;
   }

   $newurl = $merak_url . $str;

   // Get useraddr from: $useraddr = <INPUT TYPE="HIDDEN" NAME="usraddr" VALUE="mail@hostname.com">

   $str = stristr($result, "usraddr");
   $str = substr($str, 0, strpos($str, ">") + 1);
   $str = stristr($str, "VALUE=");
   $str = substr(stristr($str, "\""),1);
   $str = substr($str, 0, strpos($str, "\""));

   // Extra check to see if the result contains '@'
   if (!stristr($str, "@")) {
      array_push($msgs, _("Cannot change password!") . " (2)" );
      return $msgs;
   }

   $useraddr = $str;

   //Include (almost) all input fields from screen

   $contents2 = $result;

   $tag = stristr($contents2, "<INPUT");

   while ($tag) {
      $contents2 = stristr($contents2, "<INPUT");
      $tag = substr($contents2, 0, strpos($contents2, ">") + 1);

      if (GetSub($tag, "TYPE") == "TEXT" ||
          GetSub($tag, "TYPE") == "HIDDEN" ||
          GetSub($tag, "TYPE") == "PASSWORD") {
         $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
      }

      if ((GetSub($tag, "TYPE") == "RADIO" ||
           GetSub($tag, "TYPE") == "CHECKBOX") &&
          IsChecked($tag)) {
         $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
      }
      $contents2 = substr($contents2, 1);
   }

   $tags["action"]   = $merak_action;
   $tags["usraddr"]  = $useraddr;
   $tags["usr_pass"] = $newpw;
   $tags["usr_conf"] = $newpw;

   $str2 = "";
   foreach ($tags as $key => $value) {
      $str2 .= $key . "=" . urlencode($value) . "&";
   }

   $str2 = trim($str2, "&");

   // Change password!

   $ch = curl_init();
   curl_setopt ($ch, CURLOPT_URL, $newurl);
   curl_setopt ($ch, CURLOPT_POST, 1);
   curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
   curl_setopt ($ch, CURLOPT_POSTFIELDS, $str2);
   $result=curl_exec ($ch);
   curl_close ($ch);

   if (strpos($result, "Failure") <> 0) {
     array_push($msgs, _("Cannot change password!") .  " (3)");
     return $msgs;
   }

   return $msgs;
}

function GetSub($tag, $type) {

   $str = stristr($tag, $type . "=");
   $str = substr($str, strlen($type) + 1);
   $str = trim($str, '"');

   if (!strpos($str, " ") === false) {
      $str = substr($str, 0, strpos($str, " "));
      $str = trim($str, '"');
   }

   if (!(strpos($str, '"') === false)) {
      $str = substr($str, 0, strpos($str, '"'));
   }

   $str = trim($str, '>');

   return $str;
}

function IsChecked($tag) {

   if (!(strpos(strtolower($tag), 'checked') === false)) {
      return true;
   }

   return false;
}
Commit	Line	Data
087508d9	1	<?php
6ca3fd49	2	/**
	3	* Merakchange password backend
	4	*
	5	* @author Edwin van Elk <Edwin@eve-software.com>
	6	* @version $Id$
	7	* @package plugins
	8	* @subpackage change_password
087508d9	9	*/
	10
	11	/**
	12	* Config vars
	13	*/
	14
	15	global $merak_url, $merak_selfpage, $merak_action;
	16
	17	// The Merak Server
	18
	19	$merak_url = "http://localhost:32000/";
	20	$merak_selfpage = "self.html";
	21	$merak_action = "self_edit";
	22
	23	// NO NEED TO CHANGE ANYTHING BELOW THIS LINE
	24
	25	global $squirrelmail_plugin_hooks;
91e0dccc	26	$squirrelmail_plugin_hooks['change_password_dochange']['merak'] =
087508d9	27	'cpw_merak_dochange';
	28
	29	/**
	30	* This is the function that is specific to your backend. It takes
	31	* the current password (as supplied by the user) and the desired
	32	* new password. It will return an array of messages. If everything
	33	* was successful, the array will be empty. Else, it will contain
	34	* the errormessage(s).
	35	* Constants to be used for these messages:
	36	* CPW_CURRENT_NOMATCH -> "Your current password is not correct."
	37	* CPW_INVALID_PW -> "Your new password contains invalid characters."
	38	*
91e0dccc	39	* @param array data The username/currentpw/newpw data.
087508d9	40	* @return array Array of error messages.
	41	*/
	42	function cpw_merak_dochange($data)
	43	{
	44	// unfortunately, we can only pass one parameter to a hook function,
	45	// so we have to pass it as an array.
	46	$username = $data['username'];
	47	$curpw = $data['curpw'];
	48	$newpw = $data['newpw'];
	49
	50	$msgs = array();
	51
ce68b76b	52	global $merak_url, $merak_selfpage, $merak_action;
087508d9	53
	54	if (!function_exists('curl_init')) {
	55
	56	// user_error('Curl module NOT available!', E_USER_ERROR);
	57	array_push($msgs, _("Curl module NOT available! Unable to change password!"));
	58	return $msgs;
	59	}
	60
	61	$ch = curl_init();
	62	curl_setopt ($ch, CURLOPT_URL, $merak_url . $merak_selfpage);
	63	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
	64	curl_setopt ($ch, CURLOPT_TIMEOUT, 10);
	65	curl_setopt ($ch, CURLOPT_USERPWD, "$username:$curpw");
	66	curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
	67	$result = curl_exec ($ch);
	68	curl_close ($ch);
	69
	70	if (strpos($result, "401 Access denied") <> 0) {
	71	array_push($msgs, _("Cannot change password! (Is user 'Self Configurable User' ?) (401)"));
	72	return $msgs;
	73	}
	74
	75	// Get URL from: <FORM METHOD="POST" ACTION="success.html?id=a9375ee5e445775e871d5e1401a963aa">
	76
	77	$str = stristr($result, "<FORM");
	78	$str = substr($str, 0, strpos($str, ">") + 1);
	79	$str = stristr($str, "ACTION=");
	80	$str = substr(stristr($str, "\""),1);
	81	$str = substr($str, 0, strpos($str, "\""));
	82
	83	// Extra check to see if the result contains 'html'
	84	if (!stristr($str, "html")) {
	85	array_push($msgs, _("Cannot change password!") . " (1)" );
	86	return $msgs;
	87	}
	88
	89	$newurl = $merak_url . $str;
	90
	91	// Get useraddr from: $useraddr = <INPUT TYPE="HIDDEN" NAME="usraddr" VALUE="mail@hostname.com">
	92
	93	$str = stristr($result, "usraddr");
	94	$str = substr($str, 0, strpos($str, ">") + 1);
	95	$str = stristr($str, "VALUE=");
	96	$str = substr(stristr($str, "\""),1);
	97	$str = substr($str, 0, strpos($str, "\""));
	98
	99	// Extra check to see if the result contains '@'
	100	if (!stristr($str, "@")) {
	101	array_push($msgs, _("Cannot change password!") . " (2)" );
	102	return $msgs;
	103	}
	104
	105	$useraddr = $str;
	106
	107	//Include (almost) all input fields from screen
	108
	109	$contents2 = $result;
	110
	111	$tag = stristr($contents2, "<INPUT");
	112
	113	while ($tag) {
	114	$contents2 = stristr($contents2, "<INPUT");
	115	$tag = substr($contents2, 0, strpos($contents2, ">") + 1);
	116
117	if (GetSub($tag, "TYPE") == "TEXT" \|\|
118	GetSub($tag, "TYPE") == "HIDDEN" \|\|
119	GetSub($tag, "TYPE") == "PASSWORD") {
120	$tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
121	}
122
123	if ((GetSub($tag, "TYPE") == "RADIO" \|\|
124	GetSub($tag, "TYPE") == "CHECKBOX") &&
125	IsChecked($tag)) {
126	$tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
127	}
128	$contents2 = substr($contents2, 1);
129	}
130
131	$tags["action"] = $merak_action;
132	$tags["usraddr"] = $useraddr;
133	$tags["usr_pass"] = $newpw;
134	$tags["usr_conf"] = $newpw;
135
136	$str2 = "";
137	foreach ($tags as $key => $value) {
138	$str2 .= $key . "=" . urlencode($value) . "&";
139	}
140
141	$str2 = trim($str2, "&");
142
143	// Change password!
144
145	$ch = curl_init();
146	curl_setopt ($ch, CURLOPT_URL, $newurl);
147	curl_setopt ($ch, CURLOPT_POST, 1);
148	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
149	curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
150	curl_setopt ($ch, CURLOPT_POSTFIELDS, $str2);
151	$result=curl_exec ($ch);
152	curl_close ($ch);
153
154	if (strpos($result, "Failure") <> 0) {
155	array_push($msgs, _("Cannot change password!") . " (3)");
156	return $msgs;
157	}
158
159	return $msgs;
160	}
161
162	function GetSub($tag, $type) {
163
164	$str = stristr($tag, $type . "=");
165	$str = substr($str, strlen($type) + 1);
166	$str = trim($str, '"');
167
168	if (!strpos($str, " ") === false) {
169	$str = substr($str, 0, strpos($str, " "));
170	$str = trim($str, '"');
171	}
172
173	if (!(strpos($str, '"') === false)) {
174	$str = substr($str, 0, strpos($str, '"'));
175	}
176
177	$str = trim($str, '>');
178
179	return $str;
180	}
181
182	function IsChecked($tag) {
183
184	if (!(strpos(strtolower($tag), 'checked') === false)) {
185	return true;
186	}
187
188	return false;
91e0dccc	189	}