adding address book block
[squirrelmail.git] / plugins / change_password / functions.php
CommitLineData
27663afe 1<?php
2
3/**
087508d9 4 * functions.php - Change Password plugin
5 *
6 * Copyright (c) 2003-2004 The SquirrelMail Project Team
7 * Licensed under the GNU GPL. For full terms see the file COPYING.
8 *
882acf90 9 * @version $Id$
087508d9 10 * @package plugins
11 * @subpackage change_password
12 */
13
14/**
27663afe 15 * Will verify the input against a set of criteria:
16 * is every field supplied, does verify password match,
17 * does current password validate, ..
087508d9 18 * These criteria are (for now) backend-independant.
19 *
27663afe 20 * @return array Array with zero or more error messages.
21 */
22function cpw_check_input()
23{
24 global $cpw_pass_min_length, $cpw_pass_max_length;
25
26 // formdata
27 sqgetGlobalVar('cpw_curpass', $currentpw, SQ_POST);
28 sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST);
29 sqgetGlobalVar('cpw_verify', $verifypw, SQ_POST);
30 // for decrypting current password
31 sqgetGlobalVar('key', $key, SQ_COOKIE);
32 sqgetGlobalVar('onetimepad', $onetimepad,SQ_SESSION);
33
34 $msg = array();
35
27663afe 36 if(!$newpw) {
37 $msg[] = _("You must type in a new password.");
38 }
39 if(!$verifypw) {
40 $msg[] = _("You must also type in your new password in the verify box.");
41 } elseif ($verifypw != $newpw) {
42 $msg[] = _("Your new password does not match the verify password.");
43 }
4165198d 44
45 $orig_pw = OneTimePadDecrypt($key, $onetimepad);
46
47 if(!$currentpw) {
48 $msg[] = _("You must type in your current password.");
49 } elseif ($currentpw != $orig_pw) {
50 $msg[] = _("Your current password is not correct.");
51 }
52
27663afe 53 if($newpw && (strlen($newpw) < $cpw_pass_min_length ||
54 strlen($newpw) > $cpw_pass_max_length ) ) {
55 $msg[] = sprintf(_("Your new password should be %s to %s characters long."),
56 $cpw_pass_min_length, $cpw_pass_max_length);
57 }
58
59 // do we need to do checks that are backend-specific and should
087508d9 60 // be handled by a hook? I know of none now, bnd those checks can
61 // also be done in the backend dochange() function. If there turns
62 // out to be a need for it we can add a hook for that here.
27663afe 63
64 return $msg;
65}
66
67
68define('CPW_CURRENT_NOMATCH', _("Your current password is not correct."));
69define('CPW_INVALID_PW', _("Your new password contains invalid characters."));
70
71/**
72 * Does the actual password changing (meaning it calls the hook function
73 * from the backend that does this. If something goes wrong, return error
74 * message(s). If everything ok, change the password in the session so the
75 * user doesn't have to log out, and redirect back to the options screen.
76 */
77function cpw_do_change()
78{
79 global $cpw_backend;
087508d9 80 sqgetGlobalVar('cpw_curpass', $curpw, SQ_POST);
81 sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST);
27663afe 82 sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
83 sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
84 sqgetGlobalVar('key', $key, SQ_COOKIE);
85 sqgetGlobalVar('username', $username, SQ_SESSION);
86
87 require_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php');
88
89 $msgs = do_hook_function('change_password_dochange',
90 array (
91 'username' => $username,
4165198d 92 'curpw' => $curpw,
93 'newpw' => $newpw
94 ) );
27663afe 95
96 /* something bad happened, return */
97 if(count($msgs) > 0) {
98 return $msgs;
99 }
100
101 /* update our password stored in the session */
102 $onetimepad = OneTimePadCreate(strlen($newpw));
103 $_SESSION['onetimepad'] = $onetimepad;
104 $key = OneTimePadEncrypt($newpw, $onetimepad);
105 setcookie('key', $key, 0, $base_uri);
106
107 /* make sure we write the session data before we redirect */
108 session_write_close();
5c34b0bb 109 header('Location: '.SM_PATH. 'src/options.php?optmode=submit&plugin_change_password=1');
27663afe 110 exit;
111}