plugins/change_password/backend/merak.php

   1 <?php
   2 /* Merakchange password backend
   3  * Author: Edwin van Elk <Edwin@eve-software.com>
   4  */
   5
   6 /**
   7  * Config vars
   8  */
   9
  10 global $merak_url, $merak_selfpage, $merak_action;
  11
  12 // The Merak Server
  13
  14 $merak_url = "http://localhost:32000/";
  15 $merak_selfpage = "self.html";
  16 $merak_action = "self_edit";
  17
  18 // NO NEED TO CHANGE ANYTHING BELOW THIS LINE
  19
  20 global $squirrelmail_plugin_hooks;
  21 $squirrelmail_plugin_hooks['change_password_dochange']['merak'] =
  22    'cpw_merak_dochange';
  23
  24 /**
  25  * This is the function that is specific to your backend. It takes
  26  * the current password (as supplied by the user) and the desired
  27  * new password. It will return an array of messages. If everything
  28  * was successful, the array will be empty. Else, it will contain
  29  * the errormessage(s).
  30  * Constants to be used for these messages:
  31  * CPW_CURRENT_NOMATCH -> "Your current password is not correct."
  32  * CPW_INVALID_PW -> "Your new password contains invalid characters."
  33  *
  34  * @param array data The username/currentpw/newpw data.
  35  * @return array Array of error messages.
  36  */
  37 function cpw_merak_dochange($data)
  38 {
  39    // unfortunately, we can only pass one parameter to a hook function,
  40    // so we have to pass it as an array.
  41    $username = $data['username'];
  42    $curpw = $data['curpw'];
  43    $newpw = $data['newpw'];
  44
  45    $msgs = array();
  46
  47    global $merak_url, $merak_selfpage, $merak_action, $use_ssl_for_password_change, $debug;
  48
  49    if (!function_exists('curl_init')) {
  50
  51       // user_error('Curl module NOT available!', E_USER_ERROR);
  52       array_push($msgs, _("Curl module NOT available! Unable to change password!"));
  53       return $msgs;
  54    }
  55
  56    $ch = curl_init();
  57    curl_setopt ($ch, CURLOPT_URL, $merak_url . $merak_selfpage);
  58    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  59    curl_setopt ($ch, CURLOPT_TIMEOUT, 10);
  60    curl_setopt ($ch, CURLOPT_USERPWD, "$username:$curpw");
  61    curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  62    $result = curl_exec ($ch);
  63    curl_close ($ch);
  64
  65    if (strpos($result, "401 Access denied") <> 0) {
  66       array_push($msgs, _("Cannot change password! (Is user 'Self Configurable User' ?) (401)"));
  67       return $msgs;
  68    }
  69
  70    // Get URL from: <FORM METHOD="POST" ACTION="success.html?id=a9375ee5e445775e871d5e1401a963aa">
  71
  72    $str = stristr($result, "<FORM");
  73    $str = substr($str, 0, strpos($str, ">") + 1);
  74    $str = stristr($str, "ACTION=");
  75    $str = substr(stristr($str, "\""),1);
  76    $str = substr($str, 0, strpos($str, "\""));
  77
  78    // Extra check to see if the result contains 'html'
  79    if (!stristr($str, "html")) {
  80       array_push($msgs, _("Cannot change password!") . " (1)" );
  81       return $msgs;
  82    }
  83
  84    $newurl = $merak_url . $str;
  85
  86    // Get useraddr from: $useraddr = <INPUT TYPE="HIDDEN" NAME="usraddr" VALUE="mail@hostname.com">
  87
  88    $str = stristr($result, "usraddr");
  89    $str = substr($str, 0, strpos($str, ">") + 1);
  90    $str = stristr($str, "VALUE=");
  91    $str = substr(stristr($str, "\""),1);
  92    $str = substr($str, 0, strpos($str, "\""));
  93
  94    // Extra check to see if the result contains '@'
  95    if (!stristr($str, "@")) {
  96       array_push($msgs, _("Cannot change password!") . " (2)" );
  97       return $msgs;
  98    }
  99
 100    $useraddr = $str;
 101
 102    //Include (almost) all input fields from screen
 103
 104    $contents2 = $result;
 105
 106    $tag = stristr($contents2, "<INPUT");
 107
 108    while ($tag) {
 109       $contents2 = stristr($contents2, "<INPUT");
 110       $tag = substr($contents2, 0, strpos($contents2, ">") + 1);
 111
 112       if (GetSub($tag, "TYPE") == "TEXT" ||
 113           GetSub($tag, "TYPE") == "HIDDEN" ||
 114           GetSub($tag, "TYPE") == "PASSWORD") {
 115          $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
 116       }
 117
 118       if ((GetSub($tag, "TYPE") == "RADIO" ||
 119            GetSub($tag, "TYPE") == "CHECKBOX") &&
 120           IsChecked($tag)) {
 121          $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
 122       }
 123       $contents2 = substr($contents2, 1);
 124    }
 125
 126    $tags["action"]   = $merak_action;
 127    $tags["usraddr"]  = $useraddr;
 128    $tags["usr_pass"] = $newpw;
 129    $tags["usr_conf"] = $newpw;
 130
 131    $str2 = "";
 132    foreach ($tags as $key => $value) {
 133       $str2 .= $key . "=" . urlencode($value) . "&";
 134    }
 135
 136    $str2 = trim($str2, "&");
 137
 138    // Change password!
 139
 140    $ch = curl_init();
 141    curl_setopt ($ch, CURLOPT_URL, $newurl);
 142    curl_setopt ($ch, CURLOPT_POST, 1);
 143    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
 144    curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
 145    curl_setopt ($ch, CURLOPT_POSTFIELDS, $str2);
 146    $result=curl_exec ($ch);
 147    curl_close ($ch);
 148
 149    if (strpos($result, "Failure") <> 0) {
 150      array_push($msgs, _("Cannot change password!") .  " (3)");
 151      return $msgs;
 152    }
 153
 154    return $msgs;
 155 }
 156
 157 function GetSub($tag, $type) {
 158
 159    $str = stristr($tag, $type . "=");
 160    $str = substr($str, strlen($type) + 1);
 161    $str = trim($str, '"');
 162
 163    if (!strpos($str, " ") === false) {
 164       $str = substr($str, 0, strpos($str, " "));
 165       $str = trim($str, '"');
 166    }
 167
 168    if (!(strpos($str, '"') === false)) {
 169       $str = substr($str, 0, strpos($str, '"'));
 170    }
 171
 172    $str = trim($str, '>');
 173
 174    return $str;
 175 }
 176
 177 function IsChecked($tag) {
 178
 179    if (!(strpos(strtolower($tag), 'checked') === false)) {
 180       return true;
 181    }
 182
 183    return false;
 184 }