/**
* options.php - Change Password HTML page
*
- * Copyright (c) 2004 The SquirrelMail Project Team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
+ * @copyright 2004-2020 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package plugins
* @subpackage change_password
*/
-/** @ignore */
-define('SM_PATH','../../');
+/**
+ * Include the SquirrelMail initialization file.
+ */
+require('../../include/init.php');
-require_once (SM_PATH . 'include/validate.php');
-require_once (SM_PATH . 'functions/page_header.php');
-require_once (SM_PATH . 'plugins/change_password/functions.php');
-require_once (SM_PATH . 'plugins/change_password/config.php');
-require_once (SM_PATH . 'functions/forms.php');
+include_once (SM_PATH . 'plugins/change_password/functions.php');
+include_once (SM_PATH . 'functions/forms.php');
+
+/** load default config */
+if (file_exists(SM_PATH . 'plugins/change_password/config_default.php')) {
+ include_once (SM_PATH . 'plugins/change_password/config_default.php');
+} else {
+ // somebody decided to remove default config
+ $cpw_backend = 'template';
+ $cpw_pass_min_length = 4;
+ $cpw_pass_max_length = 25;
+ $cpw_require_ssl = FALSE;
+}
+
+/**
+ * prevent possible corruption of configuration overrides in
+ * register_globals=on and preloaded php scripts.
+ */
+$cpw_ldap=array();
+$cpw_merak=array();
+$cpw_mysql=array();
+$cpw_poppassd=array();
+$cpw_vmailmgrd=array();
+
+/** load site config */
+if (file_exists(SM_PATH . 'config/change_password_config.php')) {
+ include_once (SM_PATH . 'config/change_password_config.php');
+} elseif (file_exists(SM_PATH . 'plugins/change_password/config.php')) {
+ include_once (SM_PATH . 'plugins/change_password/config.php');
+}
+
+// must load backend libraries here in order to get working change_password_init hook.
+if (file_exists(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php')) {
+ include_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php');
+}
/* the form was submitted, go for it */
if(sqgetGlobalVar('cpw_go', $cpw_go, SQ_POST)) {
+ // security check
+ sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
/* perform basic checks */
$Messages = cpw_check_input();
}
}
-displayPageHeader($color, 'None');
+displayPageHeader($color);
-do_hook('change_password_init');
+do_hook('change_password_init', $null);
?>
<br />
<table align="center" cellpadding="2" cellspacing="2" border="0">
<tr><td bgcolor="<?php echo $color[0] ?>">
- <center><b><?php echo _("Change Password") ?></b></center>
+ <div style="text-align: center;"><b><?php echo _("Change Password") ?></b></div>
</td><?php
if (isset($Messages) && count($Messages) > 0) {
echo "<tr><td>\n";
foreach ($Messages as $line) {
- echo htmlspecialchars($line) . "<br />\n";
+ echo sm_encode_html_special_chars($line) . "<br />\n";
}
echo "</td></tr>\n";
}
?><tr><td>
<?php echo addForm($_SERVER['PHP_SELF'], 'post'); ?>
+ <input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token() ?>" />
<table>
<tr>
<th align="right"><?php echo _("Current Password:")?></th>
</table>
</form>
</td></tr>
-</tr></table>
-</body></html>
\ No newline at end of file
+</table>
+</body></html>
projects / squirrelmail.git / blobdiff