From 27663afe63c34d8c329a3f1b09070893c7b25d41 Mon Sep 17 00:00:00 2001 From: kink Date: Sun, 16 Nov 2003 14:26:51 +0000 Subject: [PATCH] A start for a new change_password master plugin. This is not finished (and should stay only in devel for now), but I'm committing it so others can take a look and work on it too. Basic functionality is there, now needs existing plugins added as backends, and implementing "extra" features such as forcing SSL. Again, this is a "rough" version, so please change/improve anything you'd like to be changed. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@6163 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- plugins/change_password/README | 27 ++++++ plugins/change_password/backend/index.php | 21 +++++ plugins/change_password/backend/mysql.php | 97 ++++++++++++++++++++ plugins/change_password/backend/template.php | 51 ++++++++++ plugins/change_password/config.php | 17 ++++ plugins/change_password/functions.php | 95 +++++++++++++++++++ plugins/change_password/index.php | 21 +++++ plugins/change_password/options.php | 61 ++++++++++++ plugins/change_password/setup.php | 31 +++++++ plugins/change_password/version | 2 + 10 files changed, 423 insertions(+) create mode 100644 plugins/change_password/README create mode 100644 plugins/change_password/backend/index.php create mode 100644 plugins/change_password/backend/mysql.php create mode 100644 plugins/change_password/backend/template.php create mode 100644 plugins/change_password/config.php create mode 100644 plugins/change_password/functions.php create mode 100644 plugins/change_password/index.php create mode 100644 plugins/change_password/options.php create mode 100644 plugins/change_password/setup.php create mode 100644 plugins/change_password/version diff --git a/plugins/change_password/README b/plugins/change_password/README new file mode 100644 index 00000000..c3ea0793 --- /dev/null +++ b/plugins/change_password/README @@ -0,0 +1,27 @@ +Master Change Password plugin +----------------------------- + +WHAT'S THIS? +This plugin is a general framework for enabling the user to +change his/her password. It allows for different backend +to perform this task on different systems. + +STATUS +Development + +CONFIGURATION +Edit the file config.php to set the backend you want to use. +Probably, you need to set some config vars in the backend too +(backend/.php). + +BACKENDS +- +- +- + + +AUTHORS + + + +$Id$ diff --git a/plugins/change_password/backend/index.php b/plugins/change_password/backend/index.php new file mode 100644 index 00000000..a7a4c21c --- /dev/null +++ b/plugins/change_password/backend/index.php @@ -0,0 +1,21 @@ + diff --git a/plugins/change_password/backend/mysql.php b/plugins/change_password/backend/mysql.php new file mode 100644 index 00000000..bb40be02 --- /dev/null +++ b/plugins/change_password/backend/mysql.php @@ -0,0 +1,97 @@ + + */ + +/** + * Config vars + */ + +global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field, + $mysql_password_field, $mysql_manager_id, $mysql_manager_pw; + +// The MySQL Server +$mysql_server = 'localhost'; +$mysql_database = 'email'; +$mysql_table = 'users'; + +// The names of the user ID and password columns +$mysql_userid_field = 'id'; +$mysql_password_field ='password'; + +// The user to log into MySQL with (must have rights) +$mysql_manager_id = 'email_admin'; +$mysql_manager_pw = 'xxxxxxx'; + + +// NO NEED TO CHANGE ANYTHING BELOW THIS LINE + +global $squirrelmail_plugin_hooks; +$squirrelmail_plugin_hooks['change_password_dochange']['mysql'] = + 'cpw_mysql_dochange'; + +/** + * This is the function that is specific to your backend. It takes + * the current password (as supplied by the user) and the desired + * new password. It will return an array of messages. If everything + * was successful, the array will be empty. Else, it will contain + * the errormessage(s). + * Constants to be used for these messages: + * CPW_CURRENT_NOMATCH -> "Your current password is not correct." + * CPW_INVALID_PW -> "Your new password contains invalid characters." + * + * @param array data The username/currentpw/newpw data. + * @return array Array of error messages. + */ +function cpw_mysql_dochange($data) +{ + // unfortunately, we can only pass one parameter to a hook function, + // so we have to pass it as an array. + $username = $data['username']; + $curpw = $data['curpw']; + $newpw = $data['newpw']; + + $msgs = array(); + + global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field, + $mysql_password_field, $mysql_manager_id, $mysql_manager_pw; + + $ds = mysql_pconnect($mysql_server, $mysql_manager_id, $mysql_manager_pw); + if (! $ds) { + array_push($msgs, _("Cannot connect to Database Server, please try later!")); + return $msgs; + } + if (!mysql_select_db($mysql_database, $ds)) { + array_push($msgs, _("Database not found on server")); + return $msgs; + } + + $query_string = 'SELECT ' . $mysql_userid_field . ',' . $mysql_password_field + . ' FROM ' . $mysql_table + . ' WHERE ' . $mysql_userid_field . '="' . mysql_escape_string($username) .'"' + . ' AND ' . $mysql_password_field . '="' . mysql_escape_string($curpw) . '"'; + $select_result = mysql_query($query_string, $ds); + if (!$select_result) { + array_push($msgs, _("SQL call failed, try again later.")); + return $msgs; + } + + if (mysql_num_rows($select_result) == 0) { + array_push($msgs, CPW_CURRENT_NOMATCH); + return $msgs; + } + if (mysql_num_rows($select_result) > 1) { + //make sure we only have 1 uid + array_push($msgs, _("Duplicate login entries detected, cannot change password!")); + return $msgs; + } + + $update_string = 'UPDATE '. $mysql_table . ' SET ' . $mysql_password_field + . ' = "' . mysql_escape_string($cp_newpass) . '"' + . ' WHERE ' . $mysql_userid_field . ' = "' . mysql_escape_string($username) . '"'; + if (!mysql_query($update_string, $ds)) { + array_push($msgs, _("Password change was not successful!")); + } + + return $msgs; +} diff --git a/plugins/change_password/backend/template.php b/plugins/change_password/backend/template.php new file mode 100644 index 00000000..2669fc22 --- /dev/null +++ b/plugins/change_password/backend/template.php @@ -0,0 +1,51 @@ + "Your current password is not correct." + * CPW_INVALID_PW -> "Your new password contains invalid characters." + * + * @param array data The username/currentpw/newpw data. + * @return array Array of error messages. + */ +function cpw_template_dochange($data) +{ + // unfortunately, we can only pass one parameter to a hook function, + // so we have to pass it as an array. + $username = $data['username']; + $curpw = $data['curpw']; + $newpw = $data['newpw']; + + $msgs = array(); + + // your code here to change the password for $username from + // $currentpw into $newpw. + user_error('No valid backend defined: this is just a template', E_USER_ERROR); + + return $msgs; +} diff --git a/plugins/change_password/config.php b/plugins/change_password/config.php new file mode 100644 index 00000000..484734ea --- /dev/null +++ b/plugins/change_password/config.php @@ -0,0 +1,17 @@ + $cpw_pass_max_length ) ) { + $msg[] = sprintf(_("Your new password should be %s to %s characters long."), + $cpw_pass_min_length, $cpw_pass_max_length); + } + + // do we need to do checks that are backend-specific and should + // be handled by a hook? I know of none now, but if there's a need + // for it we can add a hook for that here. + // those checks can also be done in the backend dochange() function. + + return $msg; +} + + +define('CPW_CURRENT_NOMATCH', _("Your current password is not correct.")); +define('CPW_INVALID_PW', _("Your new password contains invalid characters.")); + +/** + * Does the actual password changing (meaning it calls the hook function + * from the backend that does this. If something goes wrong, return error + * message(s). If everything ok, change the password in the session so the + * user doesn't have to log out, and redirect back to the options screen. + */ +function cpw_do_change() +{ + global $cpw_backend; + sqgetGlobalVar('cpw_current', $curpw, SQ_POST); + sqgetGlobalVar('cpw_new', $newpw, SQ_POST); + sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION); + sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION); + sqgetGlobalVar('key', $key, SQ_COOKIE); + sqgetGlobalVar('username', $username, SQ_SESSION); + + require_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php'); + + $msgs = do_hook_function('change_password_dochange', + array ( + 'username' => $username, + 'curpw' => $curpw, + 'newpw' => $newpw + ) ); + + /* something bad happened, return */ + if(count($msgs) > 0) { + return $msgs; + } + + /* update our password stored in the session */ + $onetimepad = OneTimePadCreate(strlen($newpw)); + $_SESSION['onetimepad'] = $onetimepad; + $key = OneTimePadEncrypt($newpw, $onetimepad); + setcookie('key', $key, 0, $base_uri); + + /* make sure we write the session data before we redirect */ + session_write_close(); + header('Location: '.get_location(). '/options.php?optmode=submit&plugin_change_password=1'); + exit; +} diff --git a/plugins/change_password/index.php b/plugins/change_password/index.php new file mode 100644 index 00000000..a7a4c21c --- /dev/null +++ b/plugins/change_password/index.php @@ -0,0 +1,21 @@ + diff --git a/plugins/change_password/options.php b/plugins/change_password/options.php new file mode 100644 index 00000000..3134c306 --- /dev/null +++ b/plugins/change_password/options.php @@ -0,0 +1,61 @@ + + +
+ + 0) { + echo "\n"; +} + +?> +
+
+
\n"; + foreach ($Messages as $line) { + echo htmlspecialchars($line) . "
\n"; + } + echo "
+
+ + + + + + + + + + + + + + + + +
+ " />
+
+
+ diff --git a/plugins/change_password/setup.php b/plugins/change_password/setup.php new file mode 100644 index 00000000..31b8bde6 --- /dev/null +++ b/plugins/change_password/setup.php @@ -0,0 +1,31 @@ + _("Change Password"), + 'url' => '../plugins/change_password/options.php', + 'desc' => _("Use this to change your email password."), + 'js' => FALSE + ); +} + +function change_password_version() { + return '0.1'; +} diff --git a/plugins/change_password/version b/plugins/change_password/version new file mode 100644 index 00000000..60879d14 --- /dev/null +++ b/plugins/change_password/version @@ -0,0 +1,2 @@ +Change Password +0.1 -- 2.25.1