Fix for security token missing in newmail plugin (#2919418).
[squirrelmail.git] / plugins / change_password / options.php
CommitLineData
27663afe 1<?php
2
087508d9 3/**
4 * options.php - Change Password HTML page
5 *
30460a05 6 * @copyright 2004-2009 The SquirrelMail Project Team
4b4abf93 7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
882acf90 8 * @version $Id$
087508d9 9 * @package plugins
10 * @subpackage change_password
11 */
12
202bcbcc 13/**
14 * Include the SquirrelMail initialization file.
15 */
16require('../../include/init.php');
27663afe 17
76063016 18include_once (SM_PATH . 'plugins/change_password/functions.php');
19include_once (SM_PATH . 'functions/forms.php');
27663afe 20
76063016 21/** load default config */
22if (file_exists(SM_PATH . 'plugins/change_password/config_default.php')) {
23 include_once (SM_PATH . 'plugins/change_password/config_default.php');
24} else {
25 // somebody decided to remove default config
26 $cpw_backend = 'template';
27 $cpw_pass_min_length = 4;
28 $cpw_pass_max_length = 25;
29 $cpw_require_ssl = FALSE;
30}
31
32/**
c683d87f 33 * prevent possible corruption of configuration overrides in
76063016 34 * register_globals=on and preloaded php scripts.
35 */
36$cpw_ldap=array();
37$cpw_merak=array();
38$cpw_mysql=array();
39$cpw_poppassd=array();
40$cpw_vmailmgrd=array();
41
42/** load site config */
43if (file_exists(SM_PATH . 'config/change_password_config.php')) {
44 include_once (SM_PATH . 'config/change_password_config.php');
45} elseif (file_exists(SM_PATH . 'plugins/change_password/config.php')) {
46 include_once (SM_PATH . 'plugins/change_password/config.php');
47}
48
49// must load backend libraries here in order to get working change_password_init hook.
ebf9211b 50if (file_exists(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php')) {
51 include_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php');
52}
53
27663afe 54/* the form was submitted, go for it */
55if(sqgetGlobalVar('cpw_go', $cpw_go, SQ_POST)) {
ebba902d 56
57 // security check
58 sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
59 sm_validate_security_token($submitted_token, 3600, TRUE);
60
27663afe 61 /* perform basic checks */
62 $Messages = cpw_check_input();
91e0dccc 63
27663afe 64 /* if no errors, go ahead with the actual change */
65 if(count($Messages) == 0) {
66 $Messages = cpw_do_change();
67 }
68}
69
876fdb60 70displayPageHeader($color);
27663afe 71
6e515418 72do_hook('change_password_init', $null);
27663afe 73?>
74
75<br />
76<table align="center" cellpadding="2" cellspacing="2" border="0">
77<tr><td bgcolor="<?php echo $color[0] ?>">
f265009a 78 <div style="text-align: center;"><b><?php echo _("Change Password") ?></b></div>
27663afe 79</td><?php
80
81if (isset($Messages) && count($Messages) > 0) {
82 echo "<tr><td>\n";
83 foreach ($Messages as $line) {
84 echo htmlspecialchars($line) . "<br />\n";
85 }
86 echo "</td></tr>\n";
87}
88
89?><tr><td>
c435f076 90 <?php echo addForm($_SERVER['PHP_SELF'], 'post'); ?>
ebba902d 91 <input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token() ?>" />
27663afe 92 <table>
93 <tr>
94 <th align="right"><?php echo _("Current Password:")?></th>
b11b4108 95 <td><?php echo addPwField('cpw_curpass'); ?></td>
27663afe 96 </tr>
97 <tr>
98 <th align="right"><?php echo _("New Password:")?></th>
b11b4108 99 <td><?php echo addPwField('cpw_newpass'); ?></td>
27663afe 100 </tr>
101 <tr>
102 <th align=right><?php echo _("Verify New Password:")?></th>
b11b4108 103 <td><?php echo addPwField('cpw_verify'); ?></td>
27663afe 104 </tr>
105 <tr>
106 <td align="center" colspan="2">
91e0dccc 107 <?php echo addSubmit(_("Change Password"), 'cpw_go'); ?></td>
27663afe 108 </tr>
109 </table>
110 </form>
111</td></tr>
17546ef4 112</table>
6e515418 113</body></html>