plugins/change_password/backend/merak.php

   1 <?php
   2
   3 /**
   4  * Merakchange password backend
   5  *
   6  * @author Edwin van Elk <edwin at eve-software.com>
   7  * @copyright &copy; 2004-2006 The SquirrelMail Project Team
   8  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
   9  * @version $Id$
  10  * @package plugins
  11  * @subpackage change_password
  12  */
  13
  14 /**
  15  * Config vars
  16  */
  17
  18 global $merak_url, $merak_selfpage, $merak_action;
  19
  20 // The Merak Server
  21
  22 $merak_url = "http://localhost:32000/";
  23 $merak_selfpage = "self.html";
  24 $merak_action = "self_edit";
  25
  26 // get overrides from config.
  27 if ( isset($cpw_merak) && is_array($cpw_merak) && !empty($cpw_merak) ) {
  28   foreach ( $cpw_merak as $key => $value ) {
  29     if ( isset(${'merak_'.$key}) )
  30       ${'merak_'.$key} = $value;
  31   }
  32 }
  33
  34 global $squirrelmail_plugin_hooks;
  35 $squirrelmail_plugin_hooks['change_password_dochange']['merak'] =
  36    'cpw_merak_dochange';
  37 $squirrelmail_plugin_hooks['change_password_init']['merak'] =
  38    'cpw_merak_init';
  39
  40 /**
  41  * Check if php install has all required extensions.
  42  */
  43 function cpw_merak_init() {
  44     global $color;
  45
  46     /**
  47      * If SM_PATH isn't defined, define it.  Required to include files.
  48      * @ignore
  49      */
  50     if (!defined('SM_PATH'))  {
  51         define('SM_PATH','../../../');
  52     }
  53
  54     // load error_box() function
  55     include_once(SM_PATH . 'functions/display_messages.php');
  56
  57     if (!function_exists('curl_init')) {
  58         // user_error('Curl module NOT available!', E_USER_ERROR);
  59         error_box(_("PHP Curl extension is NOT available! Unable to change password!"),$color);
  60         // close html and stop script execution
  61         echo "</body></html>\n";
  62         exit();
  63     }
  64 }
  65
  66 /**
  67  * This is the function that is specific to your backend. It takes
  68  * the current password (as supplied by the user) and the desired
  69  * new password. It will return an array of messages. If everything
  70  * was successful, the array will be empty. Else, it will contain
  71  * the errormessage(s).
  72  * Constants to be used for these messages:
  73  * CPW_CURRENT_NOMATCH -> "Your current password is not correct."
  74  * CPW_INVALID_PW -> "Your new password contains invalid characters."
  75  *
  76  * @param array data The username/currentpw/newpw data.
  77  * @return array Array of error messages.
  78  */
  79 function cpw_merak_dochange($data)
  80 {
  81    // unfortunately, we can only pass one parameter to a hook function,
  82    // so we have to pass it as an array.
  83    $username = $data['username'];
  84    $curpw = $data['curpw'];
  85    $newpw = $data['newpw'];
  86
  87    $msgs = array();
  88
  89    global $merak_url, $merak_selfpage, $merak_action;
  90
  91    $ch = curl_init();
  92    curl_setopt ($ch, CURLOPT_URL, $merak_url . $merak_selfpage);
  93    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  94    curl_setopt ($ch, CURLOPT_TIMEOUT, 10);
  95    curl_setopt ($ch, CURLOPT_USERPWD, "$username:$curpw");
  96    curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  97    $result = curl_exec ($ch);
  98    curl_close ($ch);
  99
 100    if (strpos($result, "401 Access denied") <> 0) {
 101       array_push($msgs, _("Cannot change password! (Is user 'Self Configurable User' ?) (401)"));
 102       return $msgs;
 103    }
 104
 105    // Get URL from: <FORM METHOD="POST" ACTION="success.html?id=a9375ee5e445775e871d5e1401a963aa">
 106
 107    $str = stristr($result, "<FORM");
 108    $str = substr($str, 0, strpos($str, ">") + 1);
 109    $str = stristr($str, "ACTION=");
 110    $str = substr(stristr($str, "\""),1);
 111    $str = substr($str, 0, strpos($str, "\""));
 112
 113    // Extra check to see if the result contains 'html'
 114    if (!stristr($str, "html")) {
 115       array_push($msgs, _("Cannot change password!") . " (1)" );
 116       return $msgs;
 117    }
 118
 119    $newurl = $merak_url . $str;
 120
 121    // Get useraddr from: $useraddr = <INPUT TYPE="HIDDEN" NAME="usraddr" VALUE="mail@hostname.com">
 122
 123    $str = stristr($result, "usraddr");
 124    $str = substr($str, 0, strpos($str, ">") + 1);
 125    $str = stristr($str, "VALUE=");
 126    $str = substr(stristr($str, "\""),1);
 127    $str = substr($str, 0, strpos($str, "\""));
 128
 129    // Extra check to see if the result contains '@'
 130    if (!stristr($str, "@")) {
 131       array_push($msgs, _("Cannot change password!") . " (2)" );
 132       return $msgs;
 133    }
 134
 135    $useraddr = $str;
 136
 137    //Include (almost) all input fields from screen
 138
 139    $contents2 = $result;
 140
 141    $tag = stristr($contents2, "<INPUT");
 142
 143    while ($tag) {
 144       $contents2 = stristr($contents2, "<INPUT");
 145       $tag = substr($contents2, 0, strpos($contents2, ">") + 1);
 146
 147       if (GetSub($tag, "TYPE") == "TEXT" ||
 148           GetSub($tag, "TYPE") == "HIDDEN" ||
 149           GetSub($tag, "TYPE") == "PASSWORD") {
 150          $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
 151       }
 152
 153       if ((GetSub($tag, "TYPE") == "RADIO" ||
 154            GetSub($tag, "TYPE") == "CHECKBOX") &&
 155           IsChecked($tag)) {
 156          $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
 157       }
 158       $contents2 = substr($contents2, 1);
 159    }
 160
 161    $tags["action"]   = $merak_action;
 162    $tags["usraddr"]  = $useraddr;
 163    $tags["usr_pass"] = $newpw;
 164    $tags["usr_conf"] = $newpw;
 165
 166    $str2 = "";
 167    foreach ($tags as $key => $value) {
 168       $str2 .= $key . "=" . urlencode($value) . "&";
 169    }
 170
 171    $str2 = trim($str2, "&");
 172
 173    // Change password!
 174
 175    $ch = curl_init();
 176    curl_setopt ($ch, CURLOPT_URL, $newurl);
 177    curl_setopt ($ch, CURLOPT_POST, 1);
 178    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
 179    curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
 180    curl_setopt ($ch, CURLOPT_POSTFIELDS, $str2);
 181    $result=curl_exec ($ch);
 182    curl_close ($ch);
 183
 184    if (strpos($result, "Failure") <> 0) {
 185      array_push($msgs, _("Cannot change password!") .  " (3)");
 186      return $msgs;
 187    }
 188
 189    return $msgs;
 190 }
 191
 192 function GetSub($tag, $type) {
 193
 194    $str = stristr($tag, $type . "=");
 195    $str = substr($str, strlen($type) + 1);
 196    $str = trim($str, '"');
 197
 198    if (!strpos($str, " ") === false) {
 199       $str = substr($str, 0, strpos($str, " "));
 200       $str = trim($str, '"');
 201    }
 202
 203    if (!(strpos($str, '"') === false)) {
 204       $str = substr($str, 0, strpos($str, '"'));
 205    }
 206
 207    $str = trim($str, '>');
 208
 209    return $str;
 210 }
 211
 212 function IsChecked($tag) {
 213
 214    if (!(strpos(strtolower($tag), 'checked') === false)) {
 215       return true;
 216    }
 217
 218    return false;
 219 }