Add merak backend by E. van Elk, fix a bug and some cosmetic changes. The
[squirrelmail.git] / plugins / change_password / functions.php
CommitLineData
27663afe 1<?php
2
3/**
087508d9 4 * functions.php - Change Password plugin
5 *
6 * Copyright (c) 2003-2004 The SquirrelMail Project Team
7 * Licensed under the GNU GPL. For full terms see the file COPYING.
8 *
9 * $Id$
10 * @package plugins
11 * @subpackage change_password
12 */
13
14/**
27663afe 15 * Will verify the input against a set of criteria:
16 * is every field supplied, does verify password match,
17 * does current password validate, ..
087508d9 18 * These criteria are (for now) backend-independant.
19 *
27663afe 20 * @return array Array with zero or more error messages.
21 */
22function cpw_check_input()
23{
24 global $cpw_pass_min_length, $cpw_pass_max_length;
25
26 // formdata
27 sqgetGlobalVar('cpw_curpass', $currentpw, SQ_POST);
28 sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST);
29 sqgetGlobalVar('cpw_verify', $verifypw, SQ_POST);
30 // for decrypting current password
31 sqgetGlobalVar('key', $key, SQ_COOKIE);
32 sqgetGlobalVar('onetimepad', $onetimepad,SQ_SESSION);
33
34 $msg = array();
35
36 if(!$currentpw) {
37 $msg[] = _("You must type in your current password.");
38 } elseif($currentpw != OneTimePadDecrypt($key, $onetimepad)) {
39 $msg[] = _("Your current password is not correct.");
40 }
41 if(!$newpw) {
42 $msg[] = _("You must type in a new password.");
43 }
44 if(!$verifypw) {
45 $msg[] = _("You must also type in your new password in the verify box.");
46 } elseif ($verifypw != $newpw) {
47 $msg[] = _("Your new password does not match the verify password.");
48 }
49 if($newpw && (strlen($newpw) < $cpw_pass_min_length ||
50 strlen($newpw) > $cpw_pass_max_length ) ) {
51 $msg[] = sprintf(_("Your new password should be %s to %s characters long."),
52 $cpw_pass_min_length, $cpw_pass_max_length);
53 }
54
55 // do we need to do checks that are backend-specific and should
087508d9 56 // be handled by a hook? I know of none now, bnd those checks can
57 // also be done in the backend dochange() function. If there turns
58 // out to be a need for it we can add a hook for that here.
27663afe 59
60 return $msg;
61}
62
63
64define('CPW_CURRENT_NOMATCH', _("Your current password is not correct."));
65define('CPW_INVALID_PW', _("Your new password contains invalid characters."));
66
67/**
68 * Does the actual password changing (meaning it calls the hook function
69 * from the backend that does this. If something goes wrong, return error
70 * message(s). If everything ok, change the password in the session so the
71 * user doesn't have to log out, and redirect back to the options screen.
72 */
73function cpw_do_change()
74{
75 global $cpw_backend;
087508d9 76 sqgetGlobalVar('cpw_curpass', $curpw, SQ_POST);
77 sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST);
27663afe 78 sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
79 sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
80 sqgetGlobalVar('key', $key, SQ_COOKIE);
81 sqgetGlobalVar('username', $username, SQ_SESSION);
82
83 require_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php');
84
85 $msgs = do_hook_function('change_password_dochange',
86 array (
87 'username' => $username,
88 'curpw' => $curpw,
89 'newpw' => $newpw
90 ) );
91
92 /* something bad happened, return */
93 if(count($msgs) > 0) {
94 return $msgs;
95 }
96
97 /* update our password stored in the session */
98 $onetimepad = OneTimePadCreate(strlen($newpw));
99 $_SESSION['onetimepad'] = $onetimepad;
100 $key = OneTimePadEncrypt($newpw, $onetimepad);
101 setcookie('key', $key, 0, $base_uri);
102
103 /* make sure we write the session data before we redirect */
104 session_write_close();
5c34b0bb 105 header('Location: '.SM_PATH. 'src/options.php?optmode=submit&plugin_change_password=1');
27663afe 106 exit;
107}