Add PHP5-style constructor
[squirrelmail.git] / plugins / change_password / functions.php
1 <?php
2
3 /**
4 * functions.php - Change Password plugin
5 *
6 * @copyright 2003-2016 The SquirrelMail Project Team
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8 * @version $Id$
9 * @package plugins
10 * @subpackage change_password
11 */
12
13 /**
14 * Will verify the input against a set of criteria:
15 * is every field supplied, does verify password match,
16 * does current password validate, ..
17 * These criteria are (for now) backend-independent.
18 *
19 * @return array Array with zero or more error messages.
20 */
21 function cpw_check_input()
22 {
23 global $cpw_pass_min_length, $cpw_pass_max_length;
24
25 // formdata
26 sqgetGlobalVar('cpw_curpass', $currentpw, SQ_POST);
27 sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST);
28 sqgetGlobalVar('cpw_verify', $verifypw, SQ_POST);
29 // for decrypting current password
30 sqgetGlobalVar('key', $key, SQ_COOKIE);
31 sqgetGlobalVar('onetimepad', $onetimepad,SQ_SESSION);
32
33 $msg = array();
34
35 if(!$newpw) {
36 $msg[] = _("You must type in a new password.");
37 }
38 if(!$verifypw) {
39 $msg[] = _("You must also type in your new password in the verify box.");
40 } elseif ($verifypw != $newpw) {
41 $msg[] = _("Your new password does not match the verify password.");
42 }
43
44 $orig_pw = OneTimePadDecrypt($key, $onetimepad);
45
46 if(!$currentpw) {
47 $msg[] = _("You must type in your current password.");
48 } elseif ($currentpw != $orig_pw) {
49 $msg[] = _("Your current password is not correct.");
50 }
51
52 if($newpw && (strlen($newpw) < $cpw_pass_min_length ||
53 strlen($newpw) > $cpw_pass_max_length ) ) {
54 $msg[] = sprintf(_("Your new password should be %s to %s characters long."),
55 $cpw_pass_min_length, $cpw_pass_max_length);
56 }
57
58 // do we need to do checks that are backend-specific and should
59 // be handled by a hook? I know of none now, bnd those checks can
60 // also be done in the backend dochange() function. If there turns
61 // out to be a need for it we can add a hook for that here.
62
63 return $msg;
64 }
65
66
67 define('CPW_CURRENT_NOMATCH', _("Your current password is not correct."));
68 define('CPW_INVALID_PW', _("Your new password contains invalid characters."));
69
70 /**
71 * Does the actual password changing (meaning it calls the hook function
72 * from the backend that does this. If something goes wrong, return error
73 * message(s). If everything ok, change the password in the session so the
74 * user doesn't have to log out, and redirect back to the options screen.
75 */
76 function cpw_do_change()
77 {
78 global $cpw_backend;
79 sqgetGlobalVar('cpw_curpass', $curpw, SQ_POST);
80 sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST);
81 sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
82 sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
83 sqgetGlobalVar('key', $key, SQ_COOKIE);
84 sqgetGlobalVar('username', $username, SQ_SESSION);
85
86 require_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php');
87
88 $msgs = do_hook('change_password_dochange',
89 $temp=array (
90 'username' => &$username,
91 'curpw' => &$curpw,
92 'newpw' => &$newpw
93 ) );
94
95 /* something bad happened, return */
96 if(count($msgs) > 0) {
97 return $msgs;
98 }
99
100 /* update our password stored in the session */
101 $onetimepad = OneTimePadCreate(strlen($newpw));
102 sqsession_register($onetimepad,'onetimepad');
103 $key = OneTimePadEncrypt($newpw, $onetimepad);
104 sqsetcookie('key', $key, 0, $base_uri);
105
106 /* make sure we write the session data before we redirect */
107 session_write_close();
108 header('Location: '.SM_PATH. 'src/options.php?optmode=submit&optpage=change_password&plugin_change_password=1&smtoken=' . sm_generate_security_token());
109 exit;
110 }
111