--- /dev/null
+<?php
+/* Merakchange password backend
+ * Author: Edwin van Elk <Edwin@eve-software.com>
+ */
+
+/**
+ * Config vars
+ */
+
+global $merak_url, $merak_selfpage, $merak_action;
+
+// The Merak Server
+
+$merak_url = "http://localhost:32000/";
+$merak_selfpage = "self.html";
+$merak_action = "self_edit";
+
+// NO NEED TO CHANGE ANYTHING BELOW THIS LINE
+
+global $squirrelmail_plugin_hooks;
+$squirrelmail_plugin_hooks['change_password_dochange']['merak'] =
+ 'cpw_merak_dochange';
+
+/**
+ * This is the function that is specific to your backend. It takes
+ * the current password (as supplied by the user) and the desired
+ * new password. It will return an array of messages. If everything
+ * was successful, the array will be empty. Else, it will contain
+ * the errormessage(s).
+ * Constants to be used for these messages:
+ * CPW_CURRENT_NOMATCH -> "Your current password is not correct."
+ * CPW_INVALID_PW -> "Your new password contains invalid characters."
+ *
+ * @param array data The username/currentpw/newpw data.
+ * @return array Array of error messages.
+ */
+function cpw_merak_dochange($data)
+{
+ // unfortunately, we can only pass one parameter to a hook function,
+ // so we have to pass it as an array.
+ $username = $data['username'];
+ $curpw = $data['curpw'];
+ $newpw = $data['newpw'];
+
+ $msgs = array();
+
+ global $merak_url, $merak_selfpage, $merak_action, $use_ssl_for_password_change, $debug;
+
+ if (!function_exists('curl_init')) {
+
+ // user_error('Curl module NOT available!', E_USER_ERROR);
+ array_push($msgs, _("Curl module NOT available! Unable to change password!"));
+ return $msgs;
+ }
+
+ $ch = curl_init();
+ curl_setopt ($ch, CURLOPT_URL, $merak_url . $merak_selfpage);
+ curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt ($ch, CURLOPT_TIMEOUT, 10);
+ curl_setopt ($ch, CURLOPT_USERPWD, "$username:$curpw");
+ curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
+ $result = curl_exec ($ch);
+ curl_close ($ch);
+
+ if (strpos($result, "401 Access denied") <> 0) {
+ array_push($msgs, _("Cannot change password! (Is user 'Self Configurable User' ?) (401)"));
+ return $msgs;
+ }
+
+ // Get URL from: <FORM METHOD="POST" ACTION="success.html?id=a9375ee5e445775e871d5e1401a963aa">
+
+ $str = stristr($result, "<FORM");
+ $str = substr($str, 0, strpos($str, ">") + 1);
+ $str = stristr($str, "ACTION=");
+ $str = substr(stristr($str, "\""),1);
+ $str = substr($str, 0, strpos($str, "\""));
+
+ // Extra check to see if the result contains 'html'
+ if (!stristr($str, "html")) {
+ array_push($msgs, _("Cannot change password!") . " (1)" );
+ return $msgs;
+ }
+
+ $newurl = $merak_url . $str;
+
+ // Get useraddr from: $useraddr = <INPUT TYPE="HIDDEN" NAME="usraddr" VALUE="mail@hostname.com">
+
+ $str = stristr($result, "usraddr");
+ $str = substr($str, 0, strpos($str, ">") + 1);
+ $str = stristr($str, "VALUE=");
+ $str = substr(stristr($str, "\""),1);
+ $str = substr($str, 0, strpos($str, "\""));
+
+ // Extra check to see if the result contains '@'
+ if (!stristr($str, "@")) {
+ array_push($msgs, _("Cannot change password!") . " (2)" );
+ return $msgs;
+ }
+
+ $useraddr = $str;
+
+ //Include (almost) all input fields from screen
+
+ $contents2 = $result;
+
+ $tag = stristr($contents2, "<INPUT");
+
+ while ($tag) {
+ $contents2 = stristr($contents2, "<INPUT");
+ $tag = substr($contents2, 0, strpos($contents2, ">") + 1);
+
+ if (GetSub($tag, "TYPE") == "TEXT" ||
+ GetSub($tag, "TYPE") == "HIDDEN" ||
+ GetSub($tag, "TYPE") == "PASSWORD") {
+ $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
+ }
+
+ if ((GetSub($tag, "TYPE") == "RADIO" ||
+ GetSub($tag, "TYPE") == "CHECKBOX") &&
+ IsChecked($tag)) {
+ $tags[GetSub($tag, "NAME")] = GetSub($tag, "VALUE");
+ }
+ $contents2 = substr($contents2, 1);
+ }
+
+ $tags["action"] = $merak_action;
+ $tags["usraddr"] = $useraddr;
+ $tags["usr_pass"] = $newpw;
+ $tags["usr_conf"] = $newpw;
+
+ $str2 = "";
+ foreach ($tags as $key => $value) {
+ $str2 .= $key . "=" . urlencode($value) . "&";
+ }
+
+ $str2 = trim($str2, "&");
+
+ // Change password!
+
+ $ch = curl_init();
+ curl_setopt ($ch, CURLOPT_URL, $newurl);
+ curl_setopt ($ch, CURLOPT_POST, 1);
+ curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
+ curl_setopt ($ch, CURLOPT_POSTFIELDS, $str2);
+ $result=curl_exec ($ch);
+ curl_close ($ch);
+
+ if (strpos($result, "Failure") <> 0) {
+ array_push($msgs, _("Cannot change password!") . " (3)");
+ return $msgs;
+ }
+
+ return $msgs;
+}
+
+function GetSub($tag, $type) {
+
+ $str = stristr($tag, $type . "=");
+ $str = substr($str, strlen($type) + 1);
+ $str = trim($str, '"');
+
+ if (!strpos($str, " ") === false) {
+ $str = substr($str, 0, strpos($str, " "));
+ $str = trim($str, '"');
+ }
+
+ if (!(strpos($str, '"') === false)) {
+ $str = substr($str, 0, strpos($str, '"'));
+ }
+
+ $str = trim($str, '>');
+
+ return $str;
+}
+
+function IsChecked($tag) {
+
+ if (!(strpos(strtolower($tag), 'checked') === false)) {
+ return true;
+ }
+
+ return false;
+}
<?php
+/**
+ * functions.php - Change Password plugin
+ *
+ * Copyright (c) 2003-2004 The SquirrelMail Project Team
+ * Licensed under the GNU GPL. For full terms see the file COPYING.
+ *
+ * $Id$
+ * @package plugins
+ * @subpackage change_password
+ */
+
/**
* Will verify the input against a set of criteria:
* is every field supplied, does verify password match,
* does current password validate, ..
- * These criteria are for now backend-independant.
+ * These criteria are (for now) backend-independant.
+ *
* @return array Array with zero or more error messages.
*/
function cpw_check_input()
}
// do we need to do checks that are backend-specific and should
- // be handled by a hook? I know of none now, but if there's a need
- // for it we can add a hook for that here.
- // those checks can also be done in the backend dochange() function.
+ // be handled by a hook? I know of none now, bnd those checks can
+ // also be done in the backend dochange() function. If there turns
+ // out to be a need for it we can add a hook for that here.
return $msg;
}
function cpw_do_change()
{
global $cpw_backend;
- sqgetGlobalVar('cpw_current', $curpw, SQ_POST);
- sqgetGlobalVar('cpw_new', $newpw, SQ_POST);
+ sqgetGlobalVar('cpw_curpass', $curpw, SQ_POST);
+ sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST);
sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
sqgetGlobalVar('key', $key, SQ_COOKIE);