[squirrelmail.git] / plugins / change_password / backend / mysql.php

<?php
/**
 * MySQL change password backend
 *
 * @author Thijs Kinkhorst <kink@squirrelmail.org>
 * @version $Id$
 * @package plugins
 * @subpackage change_password
 */

/**
 * Config vars
 */

global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
       $mysql_password_field, $mysql_manager_id, $mysql_manager_pw,
       $mysql_saslcrypt, $mysql_unixcrypt, $mysql;

// Initialize defaults
$mysql_server = 'localhost';
$mysql_database = 'email';
$mysql_table = 'users';

// The names of the user ID and password columns
$mysql_userid_field = 'id';
$mysql_password_field ='password';

// The user to log into MySQL with (must have rights)
$mysql_manager_id = 'email_admin';
$mysql_manager_pw = 'xxxxxxx';

// saslcrypt checked first - if it is 1, UNIX crypt is not used.
$mysql_saslcrypt = 0; // use MySQL password() function
$mysql_unixcrypt = 0; // use UNIX crypt() function

if ( isset($mysql) && is_array($mysql) && !empty($mysql) )
{
  foreach ( $mysql as $key => $value )
  {
    if ( isset(${'mysql_'.$key}) )
      ${'mysql_'.$key} = $value;
  }   
}

// NO NEED TO CHANGE ANYTHING BELOW THIS LINE

global $squirrelmail_plugin_hooks;
$squirrelmail_plugin_hooks['change_password_dochange']['mysql'] = 
	'cpw_mysql_dochange';

/**
 * This is the function that is specific to your backend. It takes
 * the current password (as supplied by the user) and the desired
 * new password. It will return an array of messages. If everything
 * was successful, the array will be empty. Else, it will contain
 * the errormessage(s).
 * Constants to be used for these messages:
 * CPW_CURRENT_NOMATCH -> "Your current password is not correct."
 * CPW_INVALID_PW -> "Your new password contains invalid characters."
 *
 * @param array data The username/currentpw/newpw data. 
 * @return array Array of error messages.
 */
function cpw_mysql_dochange($data)
{
    // unfortunately, we can only pass one parameter to a hook function,
    // so we have to pass it as an array.
    $username = $data['username'];
    $curpw = $data['curpw'];
    $newpw = $data['newpw'];

    $msgs = array();

    global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
           $mysql_password_field, $mysql_manager_id, $mysql_manager_pw,
           $mysql_saslcrypt, $mysql_unixcrypt;

    $ds = mysql_pconnect($mysql_server, $mysql_manager_id, $mysql_manager_pw);
    if (! $ds) {
        array_push($msgs, _("Cannot connect to Database Server, please try later!"));
        return $msgs;
    }
    if (!mysql_select_db($mysql_database, $ds)) {
        array_push($msgs, _("Database not found on server"));
        return $msgs;
    }

    $query_string = 'SELECT ' . $mysql_userid_field . ',' . $mysql_password_field
                  . ' FROM '  . $mysql_table
                  . ' WHERE ' . $mysql_userid_field . '="' . mysql_escape_string($username) .'"'
                  . ' AND ' . $mysql_password_field;

    if ($mysql_saslcrypt) {
        $query_string  .= '=password("'.mysql_escape_string($curpw).'")';
    } elseif ($mysql_unixcrypt) {
        $query_string  .= '=encrypt("'.mysql_escape_string($curpw).'", '.$mysql_password_field . ')';
    } else {
        $query_string  .= '="' . mysql_escape_string($curpw) . '"';
    }

    $select_result = mysql_query($query_string, $ds);
    if (!$select_result) {
        array_push($msgs, _("SQL call failed, try again later."));
	return $msgs;
    }

    if (mysql_num_rows($select_result) == 0) {
        array_push($msgs, CPW_CURRENT_NOMATCH);
        return $msgs;
    }
    if (mysql_num_rows($select_result) > 1) {
        //make sure we only have 1 uid
        array_push($msgs, _("Duplicate login entries detected, cannot change password!"));
        return $msgs;
    }

    $update_string = 'UPDATE '. $mysql_table . ' SET ' . $mysql_password_field;

    if ($mysql_saslcrypt) {
        $update_string  .= '=password("'.mysql_escape_string($newpw).'")';
    } elseif ($mysql_unixcrypt) {
        $update_string  .= '=encrypt("'.mysql_escape_string($newpw).'", '.$mysql_password_field . ')';
    } else {
        $update_string  .= '="' . mysql_escape_string($newpw) . '"';
    }
    $update_string .= ' WHERE ' . $mysql_userid_field . ' = "' . mysql_escape_string($username) . '"';

    if (!mysql_query($update_string, $ds)) {
        array_push($msgs, _("Password change was not successful!"));
    }

    return $msgs;
}
Commit	Line	Data
	1	<?php
	2	/**
	3	* MySQL change password backend
	4	*
	5	* @author Thijs Kinkhorst <kink@squirrelmail.org>
	6	* @version $Id$
	7	* @package plugins
	8	* @subpackage change_password
	9	*/
	10
	11	/**
	12	* Config vars
	13	*/
	14
	15	global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
	16	$mysql_password_field, $mysql_manager_id, $mysql_manager_pw,
	17	$mysql_saslcrypt, $mysql_unixcrypt, $mysql;
	18
	19	// Initialize defaults
	20	$mysql_server = 'localhost';
	21	$mysql_database = 'email';
	22	$mysql_table = 'users';
	23
	24	// The names of the user ID and password columns
	25	$mysql_userid_field = 'id';
	26	$mysql_password_field ='password';
	27
	28	// The user to log into MySQL with (must have rights)
	29	$mysql_manager_id = 'email_admin';
	30	$mysql_manager_pw = 'xxxxxxx';
	31
	32	// saslcrypt checked first - if it is 1, UNIX crypt is not used.
	33	$mysql_saslcrypt = 0; // use MySQL password() function
	34	$mysql_unixcrypt = 0; // use UNIX crypt() function
	35
	36	if ( isset($mysql) && is_array($mysql) && !empty($mysql) )
	37	{
	38	foreach ( $mysql as $key => $value )
	39	{
	40	if ( isset(${'mysql_'.$key}) )
	41	${'mysql_'.$key} = $value;
	42	}
	43	}
	44
	45	// NO NEED TO CHANGE ANYTHING BELOW THIS LINE
	46
	47	global $squirrelmail_plugin_hooks;
	48	$squirrelmail_plugin_hooks['change_password_dochange']['mysql'] =
	49	'cpw_mysql_dochange';
	50
	51	/**
	52	* This is the function that is specific to your backend. It takes
	53	* the current password (as supplied by the user) and the desired
	54	* new password. It will return an array of messages. If everything
	55	* was successful, the array will be empty. Else, it will contain
	56	* the errormessage(s).
	57	* Constants to be used for these messages:
	58	* CPW_CURRENT_NOMATCH -> "Your current password is not correct."
	59	* CPW_INVALID_PW -> "Your new password contains invalid characters."
	60	*
	61	* @param array data The username/currentpw/newpw data.
	62	* @return array Array of error messages.
	63	*/
	64	function cpw_mysql_dochange($data)
	65	{
	66	// unfortunately, we can only pass one parameter to a hook function,
	67	// so we have to pass it as an array.
	68	$username = $data['username'];
	69	$curpw = $data['curpw'];
	70	$newpw = $data['newpw'];
	71
	72	$msgs = array();
	73
	74	global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
	75	$mysql_password_field, $mysql_manager_id, $mysql_manager_pw,
	76	$mysql_saslcrypt, $mysql_unixcrypt;
	77
	78	$ds = mysql_pconnect($mysql_server, $mysql_manager_id, $mysql_manager_pw);
	79	if (! $ds) {
	80	array_push($msgs, _("Cannot connect to Database Server, please try later!"));
	81	return $msgs;
	82	}
	83	if (!mysql_select_db($mysql_database, $ds)) {
	84	array_push($msgs, _("Database not found on server"));
	85	return $msgs;
	86	}
	87
	88	$query_string = 'SELECT ' . $mysql_userid_field . ',' . $mysql_password_field
	89	. ' FROM ' . $mysql_table
	90	. ' WHERE ' . $mysql_userid_field . '="' . mysql_escape_string($username) .'"'
	91	. ' AND ' . $mysql_password_field;
	92
	93	if ($mysql_saslcrypt) {
	94	$query_string .= '=password("'.mysql_escape_string($curpw).'")';
	95	} elseif ($mysql_unixcrypt) {
	96	$query_string .= '=encrypt("'.mysql_escape_string($curpw).'", '.$mysql_password_field . ')';
	97	} else {
	98	$query_string .= '="' . mysql_escape_string($curpw) . '"';
	99	}
	100
	101	$select_result = mysql_query($query_string, $ds);
	102	if (!$select_result) {
	103	array_push($msgs, _("SQL call failed, try again later."));
	104	return $msgs;
	105	}
	106
	107	if (mysql_num_rows($select_result) == 0) {
	108	array_push($msgs, CPW_CURRENT_NOMATCH);
	109	return $msgs;
	110	}
	111	if (mysql_num_rows($select_result) > 1) {
	112	//make sure we only have 1 uid
	113	array_push($msgs, _("Duplicate login entries detected, cannot change password!"));
	114	return $msgs;
	115	}
	116
	117	$update_string = 'UPDATE '. $mysql_table . ' SET ' . $mysql_password_field;
	118
	119	if ($mysql_saslcrypt) {
	120	$update_string .= '=password("'.mysql_escape_string($newpw).'")';
	121	} elseif ($mysql_unixcrypt) {
	122	$update_string .= '=encrypt("'.mysql_escape_string($newpw).'", '.$mysql_password_field . ')';
	123	} else {
	124	$update_string .= '="' . mysql_escape_string($newpw) . '"';
	125	}
	126	$update_string .= ' WHERE ' . $mysql_userid_field . ' = "' . mysql_escape_string($username) . '"';
	127
	128	if (!mysql_query($update_string, $ds)) {
	129	array_push($msgs, _("Password change was not successful!"));
	130	}
	131
	132	return $msgs;
	133	}