| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * functions.php - Change Password plugin |
| 5 | * |
| 6 | * Copyright (c) 2003-2004 The SquirrelMail Project Team |
| 7 | * Licensed under the GNU GPL. For full terms see the file COPYING. |
| 8 | * |
| 9 | * @version $Id$ |
| 10 | * @package plugins |
| 11 | * @subpackage change_password |
| 12 | */ |
| 13 | |
| 14 | /** |
| 15 | * Will verify the input against a set of criteria: |
| 16 | * is every field supplied, does verify password match, |
| 17 | * does current password validate, .. |
| 18 | * These criteria are (for now) backend-independant. |
| 19 | * |
| 20 | * @return array Array with zero or more error messages. |
| 21 | */ |
| 22 | function cpw_check_input() |
| 23 | { |
| 24 | global $cpw_pass_min_length, $cpw_pass_max_length; |
| 25 | |
| 26 | // formdata |
| 27 | sqgetGlobalVar('cpw_curpass', $currentpw, SQ_POST); |
| 28 | sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST); |
| 29 | sqgetGlobalVar('cpw_verify', $verifypw, SQ_POST); |
| 30 | // for decrypting current password |
| 31 | sqgetGlobalVar('key', $key, SQ_COOKIE); |
| 32 | sqgetGlobalVar('onetimepad', $onetimepad,SQ_SESSION); |
| 33 | |
| 34 | $msg = array(); |
| 35 | |
| 36 | if(!$newpw) { |
| 37 | $msg[] = _("You must type in a new password."); |
| 38 | } |
| 39 | if(!$verifypw) { |
| 40 | $msg[] = _("You must also type in your new password in the verify box."); |
| 41 | } elseif ($verifypw != $newpw) { |
| 42 | $msg[] = _("Your new password does not match the verify password."); |
| 43 | } |
| 44 | |
| 45 | $orig_pw = OneTimePadDecrypt($key, $onetimepad); |
| 46 | |
| 47 | if(!$currentpw) { |
| 48 | $msg[] = _("You must type in your current password."); |
| 49 | } elseif ($currentpw != $orig_pw) { |
| 50 | $msg[] = _("Your current password is not correct."); |
| 51 | } |
| 52 | |
| 53 | if($newpw && (strlen($newpw) < $cpw_pass_min_length || |
| 54 | strlen($newpw) > $cpw_pass_max_length ) ) { |
| 55 | $msg[] = sprintf(_("Your new password should be %s to %s characters long."), |
| 56 | $cpw_pass_min_length, $cpw_pass_max_length); |
| 57 | } |
| 58 | |
| 59 | // do we need to do checks that are backend-specific and should |
| 60 | // be handled by a hook? I know of none now, bnd those checks can |
| 61 | // also be done in the backend dochange() function. If there turns |
| 62 | // out to be a need for it we can add a hook for that here. |
| 63 | |
| 64 | return $msg; |
| 65 | } |
| 66 | |
| 67 | |
| 68 | define('CPW_CURRENT_NOMATCH', _("Your current password is not correct.")); |
| 69 | define('CPW_INVALID_PW', _("Your new password contains invalid characters.")); |
| 70 | |
| 71 | /** |
| 72 | * Does the actual password changing (meaning it calls the hook function |
| 73 | * from the backend that does this. If something goes wrong, return error |
| 74 | * message(s). If everything ok, change the password in the session so the |
| 75 | * user doesn't have to log out, and redirect back to the options screen. |
| 76 | */ |
| 77 | function cpw_do_change() |
| 78 | { |
| 79 | global $cpw_backend; |
| 80 | sqgetGlobalVar('cpw_curpass', $curpw, SQ_POST); |
| 81 | sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST); |
| 82 | sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION); |
| 83 | sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION); |
| 84 | sqgetGlobalVar('key', $key, SQ_COOKIE); |
| 85 | sqgetGlobalVar('username', $username, SQ_SESSION); |
| 86 | |
| 87 | require_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php'); |
| 88 | |
| 89 | $msgs = do_hook_function('change_password_dochange', |
| 90 | array ( |
| 91 | 'username' => $username, |
| 92 | 'curpw' => $curpw, |
| 93 | 'newpw' => $newpw |
| 94 | ) ); |
| 95 | |
| 96 | /* something bad happened, return */ |
| 97 | if(count($msgs) > 0) { |
| 98 | return $msgs; |
| 99 | } |
| 100 | |
| 101 | /* update our password stored in the session */ |
| 102 | $onetimepad = OneTimePadCreate(strlen($newpw)); |
| 103 | $_SESSION['onetimepad'] = $onetimepad; |
| 104 | $key = OneTimePadEncrypt($newpw, $onetimepad); |
| 105 | setcookie('key', $key, 0, $base_uri); |
| 106 | |
| 107 | /* make sure we write the session data before we redirect */ |
| 108 | session_write_close(); |
| 109 | header('Location: '.SM_PATH. 'src/options.php?optmode=submit&plugin_change_password=1'); |
| 110 | exit; |
| 111 | } |