Split out functionality that gathers system specs
[squirrelmail.git] / plugins / change_password / backend / mysql.php
1 <?php
2 /**
3 * MySQL change password backend
4 *
5 * @author Thijs Kinkhorst <kink@squirrelmail.org>
6 * @version $Id$
7 * @package plugins
8 * @subpackage change_password
9 */
10
11 /**
12 * Config vars
13 */
14
15 global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
16 $mysql_password_field, $mysql_manager_id, $mysql_manager_pw;
17
18 // The MySQL Server
19 $mysql_server = 'localhost';
20 $mysql_database = 'email';
21 $mysql_table = 'users';
22
23 // The names of the user ID and password columns
24 $mysql_userid_field = 'id';
25 $mysql_password_field ='password';
26
27 // The user to log into MySQL with (must have rights)
28 $mysql_manager_id = 'email_admin';
29 $mysql_manager_pw = 'xxxxxxx';
30
31
32 // NO NEED TO CHANGE ANYTHING BELOW THIS LINE
33
34 global $squirrelmail_plugin_hooks;
35 $squirrelmail_plugin_hooks['change_password_dochange']['mysql'] =
36 'cpw_mysql_dochange';
37
38 /**
39 * This is the function that is specific to your backend. It takes
40 * the current password (as supplied by the user) and the desired
41 * new password. It will return an array of messages. If everything
42 * was successful, the array will be empty. Else, it will contain
43 * the errormessage(s).
44 * Constants to be used for these messages:
45 * CPW_CURRENT_NOMATCH -> "Your current password is not correct."
46 * CPW_INVALID_PW -> "Your new password contains invalid characters."
47 *
48 * @param array data The username/currentpw/newpw data.
49 * @return array Array of error messages.
50 */
51 function cpw_mysql_dochange($data)
52 {
53 // unfortunately, we can only pass one parameter to a hook function,
54 // so we have to pass it as an array.
55 $username = $data['username'];
56 $curpw = $data['curpw'];
57 $newpw = $data['newpw'];
58
59 $msgs = array();
60
61 global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
62 $mysql_password_field, $mysql_manager_id, $mysql_manager_pw;
63
64 $ds = mysql_pconnect($mysql_server, $mysql_manager_id, $mysql_manager_pw);
65 if (! $ds) {
66 array_push($msgs, _("Cannot connect to Database Server, please try later!"));
67 return $msgs;
68 }
69 if (!mysql_select_db($mysql_database, $ds)) {
70 array_push($msgs, _("Database not found on server"));
71 return $msgs;
72 }
73
74 $query_string = 'SELECT ' . $mysql_userid_field . ',' . $mysql_password_field
75 . ' FROM ' . $mysql_table
76 . ' WHERE ' . $mysql_userid_field . '="' . mysql_escape_string($username) .'"'
77 . ' AND ' . $mysql_password_field . '="' . mysql_escape_string($curpw) . '"';
78 $select_result = mysql_query($query_string, $ds);
79 if (!$select_result) {
80 array_push($msgs, _("SQL call failed, try again later."));
81 return $msgs;
82 }
83
84 if (mysql_num_rows($select_result) == 0) {
85 array_push($msgs, CPW_CURRENT_NOMATCH);
86 return $msgs;
87 }
88 if (mysql_num_rows($select_result) > 1) {
89 //make sure we only have 1 uid
90 array_push($msgs, _("Duplicate login entries detected, cannot change password!"));
91 return $msgs;
92 }
93
94 $update_string = 'UPDATE '. $mysql_table . ' SET ' . $mysql_password_field
95 . ' = "' . mysql_escape_string($cp_newpass) . '"'
96 . ' WHERE ' . $mysql_userid_field . ' = "' . mysql_escape_string($username) . '"';
97 if (!mysql_query($update_string, $ds)) {
98 array_push($msgs, _("Password change was not successful!"));
99 }
100
101 return $msgs;
102 }