Massive update to plugin system architecture. Please test! Not all core plugins...
[squirrelmail.git] / plugins / change_password / functions.php
CommitLineData
27663afe 1<?php
2
3/**
087508d9 4 * functions.php - Change Password plugin
5 *
47ccfad4 6 * @copyright &copy; 2003-2006 The SquirrelMail Project Team
4b4abf93 7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
882acf90 8 * @version $Id$
087508d9 9 * @package plugins
10 * @subpackage change_password
11 */
12
13/**
27663afe 14 * Will verify the input against a set of criteria:
15 * is every field supplied, does verify password match,
16 * does current password validate, ..
1f4dadde 17 * These criteria are (for now) backend-independent.
087508d9 18 *
27663afe 19 * @return array Array with zero or more error messages.
20 */
21function cpw_check_input()
22{
23 global $cpw_pass_min_length, $cpw_pass_max_length;
24
25 // formdata
26 sqgetGlobalVar('cpw_curpass', $currentpw, SQ_POST);
27 sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST);
28 sqgetGlobalVar('cpw_verify', $verifypw, SQ_POST);
29 // for decrypting current password
30 sqgetGlobalVar('key', $key, SQ_COOKIE);
31 sqgetGlobalVar('onetimepad', $onetimepad,SQ_SESSION);
32
33 $msg = array();
34
27663afe 35 if(!$newpw) {
36 $msg[] = _("You must type in a new password.");
37 }
38 if(!$verifypw) {
39 $msg[] = _("You must also type in your new password in the verify box.");
40 } elseif ($verifypw != $newpw) {
41 $msg[] = _("Your new password does not match the verify password.");
42 }
4165198d 43
44 $orig_pw = OneTimePadDecrypt($key, $onetimepad);
45
46 if(!$currentpw) {
47 $msg[] = _("You must type in your current password.");
48 } elseif ($currentpw != $orig_pw) {
49 $msg[] = _("Your current password is not correct.");
50 }
51
27663afe 52 if($newpw && (strlen($newpw) < $cpw_pass_min_length ||
53 strlen($newpw) > $cpw_pass_max_length ) ) {
54 $msg[] = sprintf(_("Your new password should be %s to %s characters long."),
55 $cpw_pass_min_length, $cpw_pass_max_length);
56 }
57
58 // do we need to do checks that are backend-specific and should
087508d9 59 // be handled by a hook? I know of none now, bnd those checks can
60 // also be done in the backend dochange() function. If there turns
61 // out to be a need for it we can add a hook for that here.
27663afe 62
63 return $msg;
64}
65
66
67define('CPW_CURRENT_NOMATCH', _("Your current password is not correct."));
68define('CPW_INVALID_PW', _("Your new password contains invalid characters."));
69
70/**
71 * Does the actual password changing (meaning it calls the hook function
72 * from the backend that does this. If something goes wrong, return error
73 * message(s). If everything ok, change the password in the session so the
74 * user doesn't have to log out, and redirect back to the options screen.
75 */
76function cpw_do_change()
77{
78 global $cpw_backend;
087508d9 79 sqgetGlobalVar('cpw_curpass', $curpw, SQ_POST);
80 sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST);
27663afe 81 sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
82 sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
83 sqgetGlobalVar('key', $key, SQ_COOKIE);
84 sqgetGlobalVar('username', $username, SQ_SESSION);
85
86 require_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php');
87
88 $msgs = do_hook_function('change_password_dochange',
89 array (
90 'username' => $username,
4165198d 91 'curpw' => $curpw,
92 'newpw' => $newpw
93 ) );
27663afe 94
95 /* something bad happened, return */
96 if(count($msgs) > 0) {
97 return $msgs;
98 }
99
100 /* update our password stored in the session */
101 $onetimepad = OneTimePadCreate(strlen($newpw));
775edf4f 102 sqsession_register($onetimepad,'onetimepad');
27663afe 103 $key = OneTimePadEncrypt($newpw, $onetimepad);
104 setcookie('key', $key, 0, $base_uri);
105
106 /* make sure we write the session data before we redirect */
107 session_write_close();
75adae57 108 header('Location: '.SM_PATH. 'src/options.php?optmode=submit&optpage=change_password&plugin_change_password=1');
27663afe 109 exit;
1f4dadde 110}
aaa01018 111