fsf changes, meant to be rebased on upstream
[squirrelmail.git] / plugins / change_password / backend / merak.php
1 <?php
2
3 /**
4 * Merakchange password backend
5 *
6 * @author Edwin van Elk <edwin at eve-software.com>
7 * @copyright 2004-2021 The SquirrelMail Project Team
8 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
9 * @version $Id$
10 * @package plugins
11 * @subpackage change_password
12 */
13
14 /**
15 * Config vars
16 */
17
18 global $merak_url, $merak_selfpage, $merak_action;
19
20 // The Merak Server
21
22 $merak_url = "http://localhost:32000/";
23 $merak_selfpage = "self.html";
24 $merak_action = "self_edit";
25
26 // get overrides from config.
27 if ( isset($cpw_merak) && is_array($cpw_merak) && !empty($cpw_merak) ) {
28 foreach ( $cpw_merak as $key => $value ) {
29 if ( isset(${'merak_'.$key}) )
30 ${'merak_'.$key} = $value;
31 }
32 }
33
34 global $squirrelmail_plugin_hooks;
35 $squirrelmail_plugin_hooks['change_password_dochange']['merak'] =
36 'cpw_merak_dochange';
37 $squirrelmail_plugin_hooks['change_password_init']['merak'] =
38 'cpw_merak_init';
39
40 /**
41 * Check if php install has all required extensions.
42 */
43 function cpw_merak_init() {
44 global $oTemplate;
45
46 if (!function_exists('curl_init')) {
47 // user_error('Curl module NOT available!', E_USER_ERROR);
48 error_box(_("PHP Curl extension is NOT available! Unable to change password!"));
49 // close html and stop script execution
50 $oTemplate->display('footer.tpl');
51 exit();
52 }
53 }
54
55 /**
56 * This is the function that is specific to your backend. It takes
57 * the current password (as supplied by the user) and the desired
58 * new password. It will return an array of messages. If everything
59 * was successful, the array will be empty. Else, it will contain
60 * the errormessage(s).
61 * Constants to be used for these messages:
62 * CPW_CURRENT_NOMATCH -> "Your current password is not correct."
63 * CPW_INVALID_PW -> "Your new password contains invalid characters."
64 *
65 * @param array data The username/currentpw/newpw data.
66 * @return array Array of error messages.
67 */
68 function cpw_merak_dochange($data)
69 {
70 // unfortunately, we can only pass one parameter to a hook function,
71 // so we have to pass it as an array.
72 $username = $data['username'];
73 $curpw = $data['curpw'];
74 $newpw = $data['newpw'];
75
76 $msgs = array();
77
78 global $merak_url, $merak_selfpage, $merak_action;
79
80 $ch = curl_init();
81 curl_setopt ($ch, CURLOPT_URL, $merak_url . $merak_selfpage);
82 curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
83 curl_setopt ($ch, CURLOPT_TIMEOUT, 10);
84 curl_setopt ($ch, CURLOPT_USERPWD, "$username:$curpw");
85 curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
86 $result = curl_exec ($ch);
87 curl_close ($ch);
88
89 if (strpos($result, "401 Access denied") <> 0) {
90 array_push($msgs, _("Cannot change password! (Is user 'Self Configurable User' ?) (401)"));
91 return $msgs;
92 }
93
94 // Get URL from: <FORM METHOD="POST" ACTION="success.html?id=a9375ee5e445775e871d5e1401a963aa">
95
96 $str = stristr($result, "<FORM");
97 $str = substr($str, 0, strpos($str, ">") + 1);
98 $str = stristr($str, "ACTION=");
99 $str = substr(stristr($str, "\""),1);
100 $str = substr($str, 0, strpos($str, "\""));
101
102 // Extra check to see if the result contains 'html'
103 if (!stristr($str, "html")) {
104 array_push($msgs, _("Cannot change password!") . " (1)" );
105 return $msgs;
106 }
107
108 $newurl = $merak_url . $str;
109
110 // Get useraddr from: $useraddr = <INPUT TYPE="HIDDEN" NAME="usraddr" VALUE="mail@hostname.com">
111
112 $str = stristr($result, "usraddr");
113 $str = substr($str, 0, strpos($str, ">") + 1);
114 $str = stristr($str, "VALUE=");
115 $str = substr(stristr($str, "\""),1);
116 $str = substr($str, 0, strpos($str, "\""));
117
118 // Extra check to see if the result contains '@'
119 if (!stristr($str, "@")) {
120 array_push($msgs, _("Cannot change password!") . " (2)" );
121 return $msgs;
122 }
123
124 $useraddr = $str;
125
126 //Include (almost) all input fields from screen
127
128 $contents2 = $result;
129
130 $tag = stristr($contents2, "<INPUT");
131
132 while ($tag) {
133 $contents2 = stristr($contents2, "<INPUT");
134 $tag = substr($contents2, 0, strpos($contents2, ">") + 1);
135
136 if (GetSub($tag, "TYPE") == "TEXT" ||
137 GetSub($tag, "TYPE") == "HIDDEN" ||
138 GetSub($tag, "TYPE") == "PASSWORD") {
139 $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
140 }
141
142 if ((GetSub($tag, "TYPE") == "RADIO" ||
143 GetSub($tag, "TYPE") == "CHECKBOX") &&
144 IsChecked($tag)) {
145 $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
146 }
147 $contents2 = substr($contents2, 1);
148 }
149
150 $tags["action"] = $merak_action;
151 $tags["usraddr"] = $useraddr;
152 $tags["usr_pass"] = $newpw;
153 $tags["usr_conf"] = $newpw;
154
155 $str2 = "";
156 foreach ($tags as $key => $value) {
157 $str2 .= $key . "=" . urlencode($value) . "&";
158 }
159
160 $str2 = trim($str2, "&");
161
162 // Change password!
163
164 $ch = curl_init();
165 curl_setopt ($ch, CURLOPT_URL, $newurl);
166 curl_setopt ($ch, CURLOPT_POST, 1);
167 curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
168 curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
169 curl_setopt ($ch, CURLOPT_POSTFIELDS, $str2);
170 $result=curl_exec ($ch);
171 curl_close ($ch);
172
173 if (strpos($result, "Failure") <> 0) {
174 array_push($msgs, _("Cannot change password!") . " (3)");
175 return $msgs;
176 }
177
178 return $msgs;
179 }
180
181 function GetSub($tag, $type) {
182
183 $str = stristr($tag, $type . "=");
184 $str = substr($str, strlen($type) + 1);
185 $str = trim($str, '"');
186
187 if (!strpos($str, " ") === false) {
188 $str = substr($str, 0, strpos($str, " "));
189 $str = trim($str, '"');
190 }
191
192 if (!(strpos($str, '"') === false)) {
193 $str = substr($str, 0, strpos($str, '"'));
194 }
195
196 $str = trim($str, '>');
197
198 return $str;
199 }
200
201 function IsChecked($tag) {
202
203 if (!(strpos(strtolower($tag), 'checked') === false)) {
204 return true;
205 }
206
207 return false;
208 }