Replacing tabs with spaces, trimming white space at EOL and newline at EOF
[squirrelmail.git] / plugins / change_password / backend / mysql.php
1 <?php
2 /**
3 * MySQL change password backend
4 *
5 * @author Thijs Kinkhorst <kink@squirrelmail.org>
6 * @version $Id$
7 * @package plugins
8 * @subpackage change_password
9 */
10
11 /**
12 * Config vars
13 */
14
15 global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
16 $mysql_password_field, $mysql_manager_id, $mysql_manager_pw,
17 $mysql_saslcrypt, $mysql_unixcrypt, $mysql;
18
19 // Initialize defaults
20 $mysql_server = 'localhost';
21 $mysql_database = 'email';
22 $mysql_table = 'users';
23
24 // The names of the user ID and password columns
25 $mysql_userid_field = 'id';
26 $mysql_password_field ='password';
27
28 // The user to log into MySQL with (must have rights)
29 $mysql_manager_id = 'email_admin';
30 $mysql_manager_pw = 'xxxxxxx';
31
32 // saslcrypt checked first - if it is 1, UNIX crypt is not used.
33 $mysql_saslcrypt = 0; // use MySQL password() function
34 $mysql_unixcrypt = 0; // use UNIX crypt() function
35
36 if ( isset($mysql) && is_array($mysql) && !empty($mysql) )
37 {
38 foreach ( $mysql as $key => $value )
39 {
40 if ( isset(${'mysql_'.$key}) )
41 ${'mysql_'.$key} = $value;
42 }
43 }
44
45 // NO NEED TO CHANGE ANYTHING BELOW THIS LINE
46
47 global $squirrelmail_plugin_hooks;
48 $squirrelmail_plugin_hooks['change_password_dochange']['mysql'] =
49 'cpw_mysql_dochange';
50
51 /**
52 * This is the function that is specific to your backend. It takes
53 * the current password (as supplied by the user) and the desired
54 * new password. It will return an array of messages. If everything
55 * was successful, the array will be empty. Else, it will contain
56 * the errormessage(s).
57 * Constants to be used for these messages:
58 * CPW_CURRENT_NOMATCH -> "Your current password is not correct."
59 * CPW_INVALID_PW -> "Your new password contains invalid characters."
60 *
61 * @param array data The username/currentpw/newpw data.
62 * @return array Array of error messages.
63 */
64 function cpw_mysql_dochange($data)
65 {
66 // unfortunately, we can only pass one parameter to a hook function,
67 // so we have to pass it as an array.
68 $username = $data['username'];
69 $curpw = $data['curpw'];
70 $newpw = $data['newpw'];
71
72 $msgs = array();
73
74 global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
75 $mysql_password_field, $mysql_manager_id, $mysql_manager_pw,
76 $mysql_saslcrypt, $mysql_unixcrypt;
77
78 $ds = mysql_pconnect($mysql_server, $mysql_manager_id, $mysql_manager_pw);
79 if (! $ds) {
80 array_push($msgs, _("Cannot connect to Database Server, please try later!"));
81 return $msgs;
82 }
83 if (!mysql_select_db($mysql_database, $ds)) {
84 array_push($msgs, _("Database not found on server"));
85 return $msgs;
86 }
87
88 $query_string = 'SELECT ' . $mysql_userid_field . ',' . $mysql_password_field
89 . ' FROM ' . $mysql_table
90 . ' WHERE ' . $mysql_userid_field . '="' . mysql_escape_string($username) .'"'
91 . ' AND ' . $mysql_password_field;
92
93 if ($mysql_saslcrypt) {
94 $query_string .= '=password("'.mysql_escape_string($curpw).'")';
95 } elseif ($mysql_unixcrypt) {
96 $query_string .= '=encrypt("'.mysql_escape_string($curpw).'", '.$mysql_password_field . ')';
97 } else {
98 $query_string .= '="' . mysql_escape_string($curpw) . '"';
99 }
100
101 $select_result = mysql_query($query_string, $ds);
102 if (!$select_result) {
103 array_push($msgs, _("SQL call failed, try again later."));
104 return $msgs;
105 }
106
107 if (mysql_num_rows($select_result) == 0) {
108 array_push($msgs, CPW_CURRENT_NOMATCH);
109 return $msgs;
110 }
111 if (mysql_num_rows($select_result) > 1) {
112 //make sure we only have 1 uid
113 array_push($msgs, _("Duplicate login entries detected, cannot change password!"));
114 return $msgs;
115 }
116
117 $update_string = 'UPDATE '. $mysql_table . ' SET ' . $mysql_password_field;
118
119 if ($mysql_saslcrypt) {
120 $update_string .= '=password("'.mysql_escape_string($newpw).'")';
121 } elseif ($mysql_unixcrypt) {
122 $update_string .= '=encrypt("'.mysql_escape_string($newpw).'", '.$mysql_password_field . ')';
123 } else {
124 $update_string .= '="' . mysql_escape_string($newpw) . '"';
125 }
126 $update_string .= ' WHERE ' . $mysql_userid_field . ' = "' . mysql_escape_string($username) . '"';
127
128 if (!mysql_query($update_string, $ds)) {
129 array_push($msgs, _("Password change was not successful!"));
130 }
131
132 return $msgs;
133 }