Add preliminary printerfriendly-through-css feature. This adds a new print.css
[squirrelmail.git] / plugins / change_password / backend / mysql.php
CommitLineData
27663afe 1<?php
4b4abf93 2
21b8ca51 3/**
4 * MySQL change password backend
5 *
4b4abf93 6 * @author Thijs Kinkhorst <kink at squirrelmail.org>
4b5049de 7 * @copyright &copy; 2003-2007 The SquirrelMail Project Team
4b4abf93 8 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
21b8ca51 9 * @version $Id$
10 * @package plugins
11 * @subpackage change_password
27663afe 12 */
13
14/**
15 * Config vars
16 */
17
18global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
4165198d 19 $mysql_password_field, $mysql_manager_id, $mysql_manager_pw,
76063016 20 $mysql_saslcrypt, $mysql_unixcrypt, $cpw_mysql;
27663afe 21
4165198d 22// Initialize defaults
27663afe 23$mysql_server = 'localhost';
24$mysql_database = 'email';
25$mysql_table = 'users';
26
27// The names of the user ID and password columns
28$mysql_userid_field = 'id';
29$mysql_password_field ='password';
30
31// The user to log into MySQL with (must have rights)
32$mysql_manager_id = 'email_admin';
33$mysql_manager_pw = 'xxxxxxx';
34
4165198d 35// saslcrypt checked first - if it is 1, UNIX crypt is not used.
36$mysql_saslcrypt = 0; // use MySQL password() function
37$mysql_unixcrypt = 0; // use UNIX crypt() function
38
76063016 39// get overrides from config.
40if ( isset($cpw_mysql) && is_array($cpw_mysql) && !empty($cpw_mysql) )
4165198d 41{
76063016 42 foreach ( $cpw_mysql as $key => $value )
4165198d 43 {
44 if ( isset(${'mysql_'.$key}) )
45 ${'mysql_'.$key} = $value;
91e0dccc 46 }
4165198d 47}
27663afe 48
27663afe 49global $squirrelmail_plugin_hooks;
91e0dccc 50$squirrelmail_plugin_hooks['change_password_dochange']['mysql'] =
51 'cpw_mysql_dochange';
27663afe 52
53/**
54 * This is the function that is specific to your backend. It takes
55 * the current password (as supplied by the user) and the desired
56 * new password. It will return an array of messages. If everything
57 * was successful, the array will be empty. Else, it will contain
58 * the errormessage(s).
59 * Constants to be used for these messages:
60 * CPW_CURRENT_NOMATCH -> "Your current password is not correct."
61 * CPW_INVALID_PW -> "Your new password contains invalid characters."
62 *
91e0dccc 63 * @param array data The username/currentpw/newpw data.
27663afe 64 * @return array Array of error messages.
65 */
66function cpw_mysql_dochange($data)
67{
68 // unfortunately, we can only pass one parameter to a hook function,
69 // so we have to pass it as an array.
70 $username = $data['username'];
71 $curpw = $data['curpw'];
72 $newpw = $data['newpw'];
73
74 $msgs = array();
75
76 global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
4165198d 77 $mysql_password_field, $mysql_manager_id, $mysql_manager_pw,
78 $mysql_saslcrypt, $mysql_unixcrypt;
27663afe 79
76063016 80 // TODO: allow to choose between mysql_connect() and mysql_pconnect() functions.
27663afe 81 $ds = mysql_pconnect($mysql_server, $mysql_manager_id, $mysql_manager_pw);
82 if (! $ds) {
83 array_push($msgs, _("Cannot connect to Database Server, please try later!"));
4165198d 84 return $msgs;
27663afe 85 }
86 if (!mysql_select_db($mysql_database, $ds)) {
87 array_push($msgs, _("Database not found on server"));
4165198d 88 return $msgs;
27663afe 89 }
90
91 $query_string = 'SELECT ' . $mysql_userid_field . ',' . $mysql_password_field
92 . ' FROM ' . $mysql_table
93 . ' WHERE ' . $mysql_userid_field . '="' . mysql_escape_string($username) .'"'
4165198d 94 . ' AND ' . $mysql_password_field;
95
96 if ($mysql_saslcrypt) {
97 $query_string .= '=password("'.mysql_escape_string($curpw).'")';
98 } elseif ($mysql_unixcrypt) {
76063016 99 // FIXME: why password field name is used for salting
4165198d 100 $query_string .= '=encrypt("'.mysql_escape_string($curpw).'", '.$mysql_password_field . ')';
101 } else {
102 $query_string .= '="' . mysql_escape_string($curpw) . '"';
103 }
104
27663afe 105 $select_result = mysql_query($query_string, $ds);
106 if (!$select_result) {
107 array_push($msgs, _("SQL call failed, try again later."));
91e0dccc 108 return $msgs;
27663afe 109 }
110
111 if (mysql_num_rows($select_result) == 0) {
112 array_push($msgs, CPW_CURRENT_NOMATCH);
113 return $msgs;
114 }
115 if (mysql_num_rows($select_result) > 1) {
116 //make sure we only have 1 uid
117 array_push($msgs, _("Duplicate login entries detected, cannot change password!"));
118 return $msgs;
119 }
120
4165198d 121 $update_string = 'UPDATE '. $mysql_table . ' SET ' . $mysql_password_field;
122
123 if ($mysql_saslcrypt) {
124 $update_string .= '=password("'.mysql_escape_string($newpw).'")';
125 } elseif ($mysql_unixcrypt) {
76063016 126 // FIXME: use random salt when you create new password
4165198d 127 $update_string .= '=encrypt("'.mysql_escape_string($newpw).'", '.$mysql_password_field . ')';
128 } else {
129 $update_string .= '="' . mysql_escape_string($newpw) . '"';
130 }
131 $update_string .= ' WHERE ' . $mysql_userid_field . ' = "' . mysql_escape_string($username) . '"';
132
27663afe 133 if (!mysql_query($update_string, $ds)) {
134 array_push($msgs, _("Password change was not successful!"));
135 }
136
137 return $msgs;
91e0dccc 138}