27663afe |
1 | <?php |
2 | |
087508d9 |
3 | /** |
4 | * functions.php - Change Password plugin |
5 | * |
6c84ba1e |
6 | * Copyright (c) 2003-2005 The SquirrelMail Project Team |
087508d9 |
7 | * Licensed under the GNU GPL. For full terms see the file COPYING. |
8 | * |
882acf90 |
9 | * @version $Id$ |
087508d9 |
10 | * @package plugins |
11 | * @subpackage change_password |
12 | */ |
13 | |
27663afe |
14 | /** |
15 | * Will verify the input against a set of criteria: |
16 | * is every field supplied, does verify password match, |
17 | * does current password validate, .. |
1f4dadde |
18 | * These criteria are (for now) backend-independent. |
087508d9 |
19 | * |
27663afe |
20 | * @return array Array with zero or more error messages. |
21 | */ |
22 | function cpw_check_input() |
23 | { |
24 | global $cpw_pass_min_length, $cpw_pass_max_length; |
25 | |
26 | // formdata |
27 | sqgetGlobalVar('cpw_curpass', $currentpw, SQ_POST); |
28 | sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST); |
29 | sqgetGlobalVar('cpw_verify', $verifypw, SQ_POST); |
30 | // for decrypting current password |
31 | sqgetGlobalVar('key', $key, SQ_COOKIE); |
32 | sqgetGlobalVar('onetimepad', $onetimepad,SQ_SESSION); |
33 | |
34 | $msg = array(); |
35 | |
27663afe |
36 | if(!$newpw) { |
37 | $msg[] = _("You must type in a new password."); |
38 | } |
39 | if(!$verifypw) { |
40 | $msg[] = _("You must also type in your new password in the verify box."); |
41 | } elseif ($verifypw != $newpw) { |
42 | $msg[] = _("Your new password does not match the verify password."); |
43 | } |
4165198d |
44 | |
45 | $orig_pw = OneTimePadDecrypt($key, $onetimepad); |
46 | |
47 | if(!$currentpw) { |
48 | $msg[] = _("You must type in your current password."); |
49 | } elseif ($currentpw != $orig_pw) { |
50 | $msg[] = _("Your current password is not correct."); |
51 | } |
52 | |
27663afe |
53 | if($newpw && (strlen($newpw) < $cpw_pass_min_length || |
54 | strlen($newpw) > $cpw_pass_max_length ) ) { |
55 | $msg[] = sprintf(_("Your new password should be %s to %s characters long."), |
56 | $cpw_pass_min_length, $cpw_pass_max_length); |
57 | } |
58 | |
59 | // do we need to do checks that are backend-specific and should |
087508d9 |
60 | // be handled by a hook? I know of none now, bnd those checks can |
61 | // also be done in the backend dochange() function. If there turns |
62 | // out to be a need for it we can add a hook for that here. |
27663afe |
63 | |
64 | return $msg; |
65 | } |
66 | |
67 | |
68 | define('CPW_CURRENT_NOMATCH', _("Your current password is not correct.")); |
69 | define('CPW_INVALID_PW', _("Your new password contains invalid characters.")); |
70 | |
71 | /** |
72 | * Does the actual password changing (meaning it calls the hook function |
73 | * from the backend that does this. If something goes wrong, return error |
74 | * message(s). If everything ok, change the password in the session so the |
75 | * user doesn't have to log out, and redirect back to the options screen. |
76 | */ |
77 | function cpw_do_change() |
78 | { |
79 | global $cpw_backend; |
087508d9 |
80 | sqgetGlobalVar('cpw_curpass', $curpw, SQ_POST); |
81 | sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST); |
27663afe |
82 | sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION); |
83 | sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION); |
84 | sqgetGlobalVar('key', $key, SQ_COOKIE); |
85 | sqgetGlobalVar('username', $username, SQ_SESSION); |
86 | |
87 | require_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php'); |
88 | |
89 | $msgs = do_hook_function('change_password_dochange', |
90 | array ( |
91 | 'username' => $username, |
4165198d |
92 | 'curpw' => $curpw, |
93 | 'newpw' => $newpw |
94 | ) ); |
27663afe |
95 | |
96 | /* something bad happened, return */ |
97 | if(count($msgs) > 0) { |
98 | return $msgs; |
99 | } |
100 | |
101 | /* update our password stored in the session */ |
102 | $onetimepad = OneTimePadCreate(strlen($newpw)); |
775edf4f |
103 | sqsession_register($onetimepad,'onetimepad'); |
27663afe |
104 | $key = OneTimePadEncrypt($newpw, $onetimepad); |
105 | setcookie('key', $key, 0, $base_uri); |
106 | |
107 | /* make sure we write the session data before we redirect */ |
108 | session_write_close(); |
75adae57 |
109 | header('Location: '.SM_PATH. 'src/options.php?optmode=submit&optpage=change_password&plugin_change_password=1'); |
27663afe |
110 | exit; |
1f4dadde |
111 | } |
aaa01018 |
112 | |
113 | ?> |