| 1 | <?php |
| 2 | /** |
| 3 | * MySQL change password backend |
| 4 | * |
| 5 | * @author Thijs Kinkhorst <kink@squirrelmail.org> |
| 6 | * @version $Id$ |
| 7 | * @package plugins |
| 8 | * @subpackage change_password |
| 9 | */ |
| 10 | |
| 11 | /** |
| 12 | * Config vars |
| 13 | */ |
| 14 | |
| 15 | global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field, |
| 16 | $mysql_password_field, $mysql_manager_id, $mysql_manager_pw, |
| 17 | $mysql_saslcrypt, $mysql_unixcrypt, $mysql; |
| 18 | |
| 19 | // Initialize defaults |
| 20 | $mysql_server = 'localhost'; |
| 21 | $mysql_database = 'email'; |
| 22 | $mysql_table = 'users'; |
| 23 | |
| 24 | // The names of the user ID and password columns |
| 25 | $mysql_userid_field = 'id'; |
| 26 | $mysql_password_field ='password'; |
| 27 | |
| 28 | // The user to log into MySQL with (must have rights) |
| 29 | $mysql_manager_id = 'email_admin'; |
| 30 | $mysql_manager_pw = 'xxxxxxx'; |
| 31 | |
| 32 | // saslcrypt checked first - if it is 1, UNIX crypt is not used. |
| 33 | $mysql_saslcrypt = 0; // use MySQL password() function |
| 34 | $mysql_unixcrypt = 0; // use UNIX crypt() function |
| 35 | |
| 36 | if ( isset($mysql) && is_array($mysql) && !empty($mysql) ) |
| 37 | { |
| 38 | foreach ( $mysql as $key => $value ) |
| 39 | { |
| 40 | if ( isset(${'mysql_'.$key}) ) |
| 41 | ${'mysql_'.$key} = $value; |
| 42 | } |
| 43 | } |
| 44 | |
| 45 | // NO NEED TO CHANGE ANYTHING BELOW THIS LINE |
| 46 | |
| 47 | global $squirrelmail_plugin_hooks; |
| 48 | $squirrelmail_plugin_hooks['change_password_dochange']['mysql'] = |
| 49 | 'cpw_mysql_dochange'; |
| 50 | |
| 51 | /** |
| 52 | * This is the function that is specific to your backend. It takes |
| 53 | * the current password (as supplied by the user) and the desired |
| 54 | * new password. It will return an array of messages. If everything |
| 55 | * was successful, the array will be empty. Else, it will contain |
| 56 | * the errormessage(s). |
| 57 | * Constants to be used for these messages: |
| 58 | * CPW_CURRENT_NOMATCH -> "Your current password is not correct." |
| 59 | * CPW_INVALID_PW -> "Your new password contains invalid characters." |
| 60 | * |
| 61 | * @param array data The username/currentpw/newpw data. |
| 62 | * @return array Array of error messages. |
| 63 | */ |
| 64 | function cpw_mysql_dochange($data) |
| 65 | { |
| 66 | // unfortunately, we can only pass one parameter to a hook function, |
| 67 | // so we have to pass it as an array. |
| 68 | $username = $data['username']; |
| 69 | $curpw = $data['curpw']; |
| 70 | $newpw = $data['newpw']; |
| 71 | |
| 72 | $msgs = array(); |
| 73 | |
| 74 | global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field, |
| 75 | $mysql_password_field, $mysql_manager_id, $mysql_manager_pw, |
| 76 | $mysql_saslcrypt, $mysql_unixcrypt; |
| 77 | |
| 78 | $ds = mysql_pconnect($mysql_server, $mysql_manager_id, $mysql_manager_pw); |
| 79 | if (! $ds) { |
| 80 | array_push($msgs, _("Cannot connect to Database Server, please try later!")); |
| 81 | return $msgs; |
| 82 | } |
| 83 | if (!mysql_select_db($mysql_database, $ds)) { |
| 84 | array_push($msgs, _("Database not found on server")); |
| 85 | return $msgs; |
| 86 | } |
| 87 | |
| 88 | $query_string = 'SELECT ' . $mysql_userid_field . ',' . $mysql_password_field |
| 89 | . ' FROM ' . $mysql_table |
| 90 | . ' WHERE ' . $mysql_userid_field . '="' . mysql_escape_string($username) .'"' |
| 91 | . ' AND ' . $mysql_password_field; |
| 92 | |
| 93 | if ($mysql_saslcrypt) { |
| 94 | $query_string .= '=password("'.mysql_escape_string($curpw).'")'; |
| 95 | } elseif ($mysql_unixcrypt) { |
| 96 | $query_string .= '=encrypt("'.mysql_escape_string($curpw).'", '.$mysql_password_field . ')'; |
| 97 | } else { |
| 98 | $query_string .= '="' . mysql_escape_string($curpw) . '"'; |
| 99 | } |
| 100 | |
| 101 | $select_result = mysql_query($query_string, $ds); |
| 102 | if (!$select_result) { |
| 103 | array_push($msgs, _("SQL call failed, try again later.")); |
| 104 | return $msgs; |
| 105 | } |
| 106 | |
| 107 | if (mysql_num_rows($select_result) == 0) { |
| 108 | array_push($msgs, CPW_CURRENT_NOMATCH); |
| 109 | return $msgs; |
| 110 | } |
| 111 | if (mysql_num_rows($select_result) > 1) { |
| 112 | //make sure we only have 1 uid |
| 113 | array_push($msgs, _("Duplicate login entries detected, cannot change password!")); |
| 114 | return $msgs; |
| 115 | } |
| 116 | |
| 117 | $update_string = 'UPDATE '. $mysql_table . ' SET ' . $mysql_password_field; |
| 118 | |
| 119 | if ($mysql_saslcrypt) { |
| 120 | $update_string .= '=password("'.mysql_escape_string($newpw).'")'; |
| 121 | } elseif ($mysql_unixcrypt) { |
| 122 | $update_string .= '=encrypt("'.mysql_escape_string($newpw).'", '.$mysql_password_field . ')'; |
| 123 | } else { |
| 124 | $update_string .= '="' . mysql_escape_string($newpw) . '"'; |
| 125 | } |
| 126 | $update_string .= ' WHERE ' . $mysql_userid_field . ' = "' . mysql_escape_string($username) . '"'; |
| 127 | |
| 128 | if (!mysql_query($update_string, $ds)) { |
| 129 | array_push($msgs, _("Password change was not successful!")); |
| 130 | } |
| 131 | |
| 132 | return $msgs; |
| 133 | } |