[squirrelmail.git] / plugins / change_password / backend / merak.php

<?php
/* Merakchange password backend
 * Author: Edwin van Elk <Edwin@eve-software.com>
 */

/**
 * Config vars
 */

global $merak_url, $merak_selfpage, $merak_action;

// The Merak Server

$merak_url = "http://localhost:32000/";
$merak_selfpage = "self.html";
$merak_action = "self_edit";

// NO NEED TO CHANGE ANYTHING BELOW THIS LINE

global $squirrelmail_plugin_hooks;
$squirrelmail_plugin_hooks['change_password_dochange']['merak'] = 
   'cpw_merak_dochange';

/**
 * This is the function that is specific to your backend. It takes
 * the current password (as supplied by the user) and the desired
 * new password. It will return an array of messages. If everything
 * was successful, the array will be empty. Else, it will contain
 * the errormessage(s).
 * Constants to be used for these messages:
 * CPW_CURRENT_NOMATCH -> "Your current password is not correct."
 * CPW_INVALID_PW -> "Your new password contains invalid characters."
 *
 * @param array data The username/currentpw/newpw data. 
 * @return array Array of error messages.
 */
function cpw_merak_dochange($data)
{
   // unfortunately, we can only pass one parameter to a hook function,
   // so we have to pass it as an array.
   $username = $data['username'];
   $curpw = $data['curpw'];
   $newpw = $data['newpw'];

   $msgs = array();

   global $merak_url, $merak_selfpage, $merak_action, $use_ssl_for_password_change, $debug;

   if (!function_exists('curl_init')) {

      // user_error('Curl module NOT available!', E_USER_ERROR);
      array_push($msgs, _("Curl module NOT available! Unable to change password!"));
      return $msgs;
   }

   $ch = curl_init();
   curl_setopt ($ch, CURLOPT_URL, $merak_url . $merak_selfpage);
   curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt ($ch, CURLOPT_TIMEOUT, 10);
   curl_setopt ($ch, CURLOPT_USERPWD, "$username:$curpw");
   curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
   $result = curl_exec ($ch);
   curl_close ($ch);

   if (strpos($result, "401 Access denied") <> 0) {
      array_push($msgs, _("Cannot change password! (Is user 'Self Configurable User' ?) (401)"));
      return $msgs;
   }

   // Get URL from: <FORM METHOD="POST" ACTION="success.html?id=a9375ee5e445775e871d5e1401a963aa">

   $str = stristr($result, "<FORM");
   $str = substr($str, 0, strpos($str, ">") + 1);
   $str = stristr($str, "ACTION=");
   $str = substr(stristr($str, "\""),1);
   $str = substr($str, 0, strpos($str, "\""));

   // Extra check to see if the result contains 'html'
   if (!stristr($str, "html")) {
      array_push($msgs, _("Cannot change password!") . " (1)" );
      return $msgs;
   }

   $newurl = $merak_url . $str;

   // Get useraddr from: $useraddr = <INPUT TYPE="HIDDEN" NAME="usraddr" VALUE="mail@hostname.com">

   $str = stristr($result, "usraddr");
   $str = substr($str, 0, strpos($str, ">") + 1);
   $str = stristr($str, "VALUE=");
   $str = substr(stristr($str, "\""),1);
   $str = substr($str, 0, strpos($str, "\""));

   // Extra check to see if the result contains '@'
   if (!stristr($str, "@")) {
      array_push($msgs, _("Cannot change password!") . " (2)" );
      return $msgs;
   }

   $useraddr = $str;

   //Include (almost) all input fields from screen

   $contents2 = $result;

   $tag = stristr($contents2, "<INPUT");

   while ($tag) {
      $contents2 = stristr($contents2, "<INPUT");
      $tag = substr($contents2, 0, strpos($contents2, ">") + 1);

      if (GetSub($tag, "TYPE") == "TEXT" ||
          GetSub($tag, "TYPE") == "HIDDEN" ||
          GetSub($tag, "TYPE") == "PASSWORD") {
         $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
      }

      if ((GetSub($tag, "TYPE") == "RADIO" ||
           GetSub($tag, "TYPE") == "CHECKBOX") &&
          IsChecked($tag)) {
         $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
      }
      $contents2 = substr($contents2, 1);
   }

   $tags["action"]   = $merak_action;
   $tags["usraddr"]  = $useraddr;
   $tags["usr_pass"] = $newpw;
   $tags["usr_conf"] = $newpw;

   $str2 = "";
   foreach ($tags as $key => $value) {
      $str2 .= $key . "=" . urlencode($value) . "&";
   }

   $str2 = trim($str2, "&");

   // Change password!

   $ch = curl_init();
   curl_setopt ($ch, CURLOPT_URL, $newurl);
   curl_setopt ($ch, CURLOPT_POST, 1);
   curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
   curl_setopt ($ch, CURLOPT_POSTFIELDS, $str2);
   $result=curl_exec ($ch);
   curl_close ($ch);

   if (strpos($result, "Failure") <> 0) {
     array_push($msgs, _("Cannot change password!") .  " (3)");
     return $msgs;
   }

   return $msgs;
}

function GetSub($tag, $type) {

   $str = stristr($tag, $type . "=");
   $str = substr($str, strlen($type) + 1);
   $str = trim($str, '"');

   if (!strpos($str, " ") === false) {
      $str = substr($str, 0, strpos($str, " "));
      $str = trim($str, '"');
   }

   if (!(strpos($str, '"') === false)) {
      $str = substr($str, 0, strpos($str, '"'));
   }

   $str = trim($str, '>');

   return $str;
}

function IsChecked($tag) {

   if (!(strpos(strtolower($tag), 'checked') === false)) {
      return true;
   }

   return false;
}
Commit	Line	Data
	1	<?php
	2	/* Merakchange password backend
	3	* Author: Edwin van Elk <Edwin@eve-software.com>
	4	*/
	5
	6	/**
	7	* Config vars
	8	*/
	9
	10	global $merak_url, $merak_selfpage, $merak_action;
	11
	12	// The Merak Server
	13
	14	$merak_url = "http://localhost:32000/";
	15	$merak_selfpage = "self.html";
	16	$merak_action = "self_edit";
	17
	18	// NO NEED TO CHANGE ANYTHING BELOW THIS LINE
	19
	20	global $squirrelmail_plugin_hooks;
	21	$squirrelmail_plugin_hooks['change_password_dochange']['merak'] =
	22	'cpw_merak_dochange';
	23
	24	/**
	25	* This is the function that is specific to your backend. It takes
	26	* the current password (as supplied by the user) and the desired
	27	* new password. It will return an array of messages. If everything
	28	* was successful, the array will be empty. Else, it will contain
	29	* the errormessage(s).
	30	* Constants to be used for these messages:
	31	* CPW_CURRENT_NOMATCH -> "Your current password is not correct."
	32	* CPW_INVALID_PW -> "Your new password contains invalid characters."
	33	*
	34	* @param array data The username/currentpw/newpw data.
	35	* @return array Array of error messages.
	36	*/
	37	function cpw_merak_dochange($data)
	38	{
	39	// unfortunately, we can only pass one parameter to a hook function,
	40	// so we have to pass it as an array.
	41	$username = $data['username'];
	42	$curpw = $data['curpw'];
	43	$newpw = $data['newpw'];
	44
	45	$msgs = array();
	46
	47	global $merak_url, $merak_selfpage, $merak_action, $use_ssl_for_password_change, $debug;
	48
	49	if (!function_exists('curl_init')) {
	50
	51	// user_error('Curl module NOT available!', E_USER_ERROR);
	52	array_push($msgs, _("Curl module NOT available! Unable to change password!"));
	53	return $msgs;
	54	}
	55
	56	$ch = curl_init();
	57	curl_setopt ($ch, CURLOPT_URL, $merak_url . $merak_selfpage);
	58	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
	59	curl_setopt ($ch, CURLOPT_TIMEOUT, 10);
	60	curl_setopt ($ch, CURLOPT_USERPWD, "$username:$curpw");
	61	curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
	62	$result = curl_exec ($ch);
	63	curl_close ($ch);
	64
	65	if (strpos($result, "401 Access denied") <> 0) {
	66	array_push($msgs, _("Cannot change password! (Is user 'Self Configurable User' ?) (401)"));
	67	return $msgs;
	68	}
	69
	70	// Get URL from: <FORM METHOD="POST" ACTION="success.html?id=a9375ee5e445775e871d5e1401a963aa">
	71
	72	$str = stristr($result, "<FORM");
	73	$str = substr($str, 0, strpos($str, ">") + 1);
	74	$str = stristr($str, "ACTION=");
	75	$str = substr(stristr($str, "\""),1);
	76	$str = substr($str, 0, strpos($str, "\""));
	77
	78	// Extra check to see if the result contains 'html'
	79	if (!stristr($str, "html")) {
	80	array_push($msgs, _("Cannot change password!") . " (1)" );
	81	return $msgs;
	82	}
	83
	84	$newurl = $merak_url . $str;
	85
	86	// Get useraddr from: $useraddr = <INPUT TYPE="HIDDEN" NAME="usraddr" VALUE="mail@hostname.com">
	87
	88	$str = stristr($result, "usraddr");
	89	$str = substr($str, 0, strpos($str, ">") + 1);
	90	$str = stristr($str, "VALUE=");
	91	$str = substr(stristr($str, "\""),1);
	92	$str = substr($str, 0, strpos($str, "\""));
	93
	94	// Extra check to see if the result contains '@'
	95	if (!stristr($str, "@")) {
	96	array_push($msgs, _("Cannot change password!") . " (2)" );
	97	return $msgs;
	98	}
	99
	100	$useraddr = $str;
	101
	102	//Include (almost) all input fields from screen
	103
	104	$contents2 = $result;
	105
	106	$tag = stristr($contents2, "<INPUT");
	107
	108	while ($tag) {
	109	$contents2 = stristr($contents2, "<INPUT");
	110	$tag = substr($contents2, 0, strpos($contents2, ">") + 1);
	111
	112	if (GetSub($tag, "TYPE") == "TEXT" \|\|
	113	GetSub($tag, "TYPE") == "HIDDEN" \|\|
	114	GetSub($tag, "TYPE") == "PASSWORD") {
	115	$tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
	116	}
	117
	118	if ((GetSub($tag, "TYPE") == "RADIO" \|\|
	119	GetSub($tag, "TYPE") == "CHECKBOX") &&
	120	IsChecked($tag)) {
	121	$tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
	122	}
	123	$contents2 = substr($contents2, 1);
	124	}
	125
	126	$tags["action"] = $merak_action;
	127	$tags["usraddr"] = $useraddr;
	128	$tags["usr_pass"] = $newpw;
	129	$tags["usr_conf"] = $newpw;
	130
	131	$str2 = "";
	132	foreach ($tags as $key => $value) {
	133	$str2 .= $key . "=" . urlencode($value) . "&";
	134	}
	135
	136	$str2 = trim($str2, "&");
	137
	138	// Change password!
	139
	140	$ch = curl_init();
	141	curl_setopt ($ch, CURLOPT_URL, $newurl);
	142	curl_setopt ($ch, CURLOPT_POST, 1);
	143	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
	144	curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
	145	curl_setopt ($ch, CURLOPT_POSTFIELDS, $str2);
	146	$result=curl_exec ($ch);
	147	curl_close ($ch);
	148
	149	if (strpos($result, "Failure") <> 0) {
	150	array_push($msgs, _("Cannot change password!") . " (3)");
	151	return $msgs;
	152	}
	153
	154	return $msgs;
	155	}
	156
	157	function GetSub($tag, $type) {
	158
	159	$str = stristr($tag, $type . "=");
	160	$str = substr($str, strlen($type) + 1);
	161	$str = trim($str, '"');
	162
	163	if (!strpos($str, " ") === false) {
	164	$str = substr($str, 0, strpos($str, " "));
	165	$str = trim($str, '"');
	166	}
	167
	168	if (!(strpos($str, '"') === false)) {
	169	$str = substr($str, 0, strpos($str, '"'));
	170	}
	171
	172	$str = trim($str, '>');
	173
	174	return $str;
	175	}
	176
	177	function IsChecked($tag) {
	178
	179	if (!(strpos(strtolower($tag), 'checked') === false)) {
	180	return true;
	181	}
	182
	183	return false;
	184	}