27663afe |
1 | <?php |
2 | |
087508d9 |
3 | /** |
4 | * functions.php - Change Password plugin |
5 | * |
6 | * Copyright (c) 2003-2004 The SquirrelMail Project Team |
7 | * Licensed under the GNU GPL. For full terms see the file COPYING. |
8 | * |
882acf90 |
9 | * @version $Id$ |
087508d9 |
10 | * @package plugins |
11 | * @subpackage change_password |
12 | */ |
13 | |
27663afe |
14 | /** |
15 | * Will verify the input against a set of criteria: |
16 | * is every field supplied, does verify password match, |
17 | * does current password validate, .. |
087508d9 |
18 | * These criteria are (for now) backend-independant. |
19 | * |
27663afe |
20 | * @return array Array with zero or more error messages. |
21 | */ |
22 | function cpw_check_input() |
23 | { |
24 | global $cpw_pass_min_length, $cpw_pass_max_length; |
25 | |
26 | // formdata |
27 | sqgetGlobalVar('cpw_curpass', $currentpw, SQ_POST); |
28 | sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST); |
29 | sqgetGlobalVar('cpw_verify', $verifypw, SQ_POST); |
30 | // for decrypting current password |
31 | sqgetGlobalVar('key', $key, SQ_COOKIE); |
32 | sqgetGlobalVar('onetimepad', $onetimepad,SQ_SESSION); |
33 | |
34 | $msg = array(); |
35 | |
36 | if(!$currentpw) { |
37 | $msg[] = _("You must type in your current password."); |
38 | } elseif($currentpw != OneTimePadDecrypt($key, $onetimepad)) { |
39 | $msg[] = _("Your current password is not correct."); |
40 | } |
41 | if(!$newpw) { |
42 | $msg[] = _("You must type in a new password."); |
43 | } |
44 | if(!$verifypw) { |
45 | $msg[] = _("You must also type in your new password in the verify box."); |
46 | } elseif ($verifypw != $newpw) { |
47 | $msg[] = _("Your new password does not match the verify password."); |
48 | } |
49 | if($newpw && (strlen($newpw) < $cpw_pass_min_length || |
50 | strlen($newpw) > $cpw_pass_max_length ) ) { |
51 | $msg[] = sprintf(_("Your new password should be %s to %s characters long."), |
52 | $cpw_pass_min_length, $cpw_pass_max_length); |
53 | } |
54 | |
55 | // do we need to do checks that are backend-specific and should |
087508d9 |
56 | // be handled by a hook? I know of none now, bnd those checks can |
57 | // also be done in the backend dochange() function. If there turns |
58 | // out to be a need for it we can add a hook for that here. |
27663afe |
59 | |
60 | return $msg; |
61 | } |
62 | |
63 | |
64 | define('CPW_CURRENT_NOMATCH', _("Your current password is not correct.")); |
65 | define('CPW_INVALID_PW', _("Your new password contains invalid characters.")); |
66 | |
67 | /** |
68 | * Does the actual password changing (meaning it calls the hook function |
69 | * from the backend that does this. If something goes wrong, return error |
70 | * message(s). If everything ok, change the password in the session so the |
71 | * user doesn't have to log out, and redirect back to the options screen. |
72 | */ |
73 | function cpw_do_change() |
74 | { |
75 | global $cpw_backend; |
087508d9 |
76 | sqgetGlobalVar('cpw_curpass', $curpw, SQ_POST); |
77 | sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST); |
27663afe |
78 | sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION); |
79 | sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION); |
80 | sqgetGlobalVar('key', $key, SQ_COOKIE); |
81 | sqgetGlobalVar('username', $username, SQ_SESSION); |
82 | |
83 | require_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php'); |
84 | |
85 | $msgs = do_hook_function('change_password_dochange', |
86 | array ( |
87 | 'username' => $username, |
88 | 'curpw' => $curpw, |
89 | 'newpw' => $newpw |
90 | ) ); |
91 | |
92 | /* something bad happened, return */ |
93 | if(count($msgs) > 0) { |
94 | return $msgs; |
95 | } |
96 | |
97 | /* update our password stored in the session */ |
98 | $onetimepad = OneTimePadCreate(strlen($newpw)); |
99 | $_SESSION['onetimepad'] = $onetimepad; |
100 | $key = OneTimePadEncrypt($newpw, $onetimepad); |
101 | setcookie('key', $key, 0, $base_uri); |
102 | |
103 | /* make sure we write the session data before we redirect */ |
104 | session_write_close(); |
5c34b0bb |
105 | header('Location: '.SM_PATH. 'src/options.php?optmode=submit&plugin_change_password=1'); |
27663afe |
106 | exit; |
107 | } |