6 files changed, 48 insertions, 89 deletions
diff --git a/plugins/password/drivers/cpanel.php b/plugins/password/drivers/cpanel.php
index 79887109b..b71c33ec1 100644
--- a/plugins/password/drivers/cpanel.php
+++ b/plugins/password/drivers/cpanel.php
@@ -4,95 +4,43 @@
  * cPanel Password Driver
  *
  * Driver that adds functionality to change the users cPanel password.
- * The cPanel PHP API code has been taken from: http://www.phpclasses.org/browse/package/3534.html
+ * Originally written by Fulvio Venturelli <fulvio@venturelli.org>
  *
- * This driver has been tested with Hostmonster hosting and seems to work fine.
+ * Completely rewritten using the cPanel API2 call Email::passwdpop
+ * as opposed to the original coding against the UI, which is a fragile method that
+ * makes the driver to always return a failure message for any language other than English
+ * see http://trac.roundcube.net/ticket/1487015
  *
- * @version 2.0
- * @author Fulvio Venturelli <fulvio@venturelli.org>
+ * This driver has been tested with o2switch hosting and seems to work fine.
+ *
+ * @version 3.0
+ * @author Christian Chech <christian@chech.fr>
  */
 
 class rcube_cpanel_password
 {
     public function save($curpas, $newpass)
     {
+        require_once 'xmlapi.php';
+
         $rcmail = rcmail::get_instance();
 
-        // Create a cPanel email object
-        $cPanel = new emailAccount($rcmail->config->get('password_cpanel_host'),
-        $rcmail->config->get('password_cpanel_username'),
-        $rcmail->config->get('password_cpanel_password'),
-        $rcmail->config->get('password_cpanel_port'),
-        $rcmail->config->get('password_cpanel_ssl'),
-        $rcmail->config->get('password_cpanel_theme'),
-        $_SESSION['username'] );
+        $this->cuser = $rcmail->config->get('password_cpanel_username');
+
+        // Setup the xmlapi connection
+        $this->xmlapi = new xmlapi($rcmail->config->get('password_cpanel_host'));
+        $this->xmlapi->set_port($rcmail->config->get('password_cpanel_port'));
+        $this->xmlapi->password_auth($this->cuser, $rcmail->config->get('password_cpanel_password'));
+        $this->xmlapi->set_output('json');
+        $this->xmlapi->set_debug(0);
 
-        if ($cPanel->setPassword($newpass)) {
+        if ($this->setPassword($_SESSION['username'], $newpass)) {
             return PASSWORD_SUCCESS;
         }
         else {
             return PASSWORD_ERROR;
         }
     }
-}
-
-
-class HTTP
-{
-    function HTTP($host, $username, $password, $port, $ssl, $theme)
-    {
-        $this->ssl = $ssl ? 'ssl://' : '';
-        $this->username = $username;
-        $this->password = $password;
-        $this->theme = $theme;
-        $this->auth = base64_encode($username . ':' . $password);
-        $this->port = $port;
-        $this->host = $host;
-        $this->path = '/frontend/' . $theme . '/';
-    }
-
-    function getData($url, $data = '')
-    {
-        $url = $this->path . $url;
-        if (is_array($data)) {
-            $url = $url . '?';
-            foreach ($data as $key => $value) {
-                $url .= urlencode($key) . '=' . urlencode($value) . '&';
-            }
-            $url = substr($url, 0, -1);
-        }
-
-        $response = '';
-        $fp = fsockopen($this->ssl . $this->host, $this->port);
-        if (!$fp) {
-            return false;
-        }
-
-        $out = 'GET ' . $url . ' HTTP/1.0' . "\r\n";
-        $out .= 'Authorization: Basic ' . $this->auth . "\r\n";
-        $out .= 'Connection: Close' . "\r\n\r\n";
-        fwrite($fp, $out);
-        while (!feof($fp)) {
-            $response .= @fgets($fp);
-        }
-        fclose($fp);
-        return $response;
-    }
-}
-
-
-class emailAccount
-{
-    function emailAccount($host, $username, $password, $port, $ssl, $theme, $address)
-    {
-        $this->HTTP = new HTTP($host, $username, $password, $port, $ssl, $theme);
-        if (strpos($address, '@')) {
-            list($this->email, $this->domain) = explode('@', $address);
-        }
-        else {
-            list($this->email, $this->domain) = array($address, '');
-        }
-    }
 
     /**
      * Change email account password
@@ -101,16 +49,24 @@ class emailAccount
      * @param string $password email account password
      * @return bool
      */
-    function setPassword($password)
+    function setPassword($address, $password)
     {
-        $data['email'] = $this->email;
-        $data['domain'] = $this->domain;
+        if (strpos($address, '@')) {
+            list($data['email'], $data['domain']) = explode('@', $address);
+        }
+        else {
+            list($data['email'], $data['domain']) = array($address, '');
+        }
+
         $data['password'] = $password;
-        $response = $this->HTTP->getData('mail/dopasswdpop.html', $data);
 
-        if (strpos($response, 'success') && !strpos($response, 'failure')) {
+        $query = $this->xmlapi->api2_query($this->cuser, 'Email', 'passwdpop', $data);
+        $query = json_decode($query, true);
+
+        if ($query['cpanelresult']['data'][0]['result'] == 1) {
             return true;
         }
+
         return false;
     }
 }
diff --git a/plugins/password/drivers/directadmin.php b/plugins/password/drivers/directadmin.php
index 8bf0dc613..44ecea406 100644
--- a/plugins/password/drivers/directadmin.php
+++ b/plugins/password/drivers/directadmin.php
@@ -297,7 +297,6 @@ class HTTPSocket {
             $status = socket_get_status($socket);
             $startTime = time();
             $length = 0;
-            $prevSecond = 0;
             while ( !feof($socket) && !$status['timed_out'] )
             {
                 $chunk = fgets($socket,1024);
diff --git a/plugins/password/drivers/pam.php b/plugins/password/drivers/pam.php
index 8cd94c737..4d0ba1656 100644
--- a/plugins/password/drivers/pam.php
+++ b/plugins/password/drivers/pam.php
@@ -11,7 +11,8 @@ class rcube_pam_password
 {
     function save($currpass, $newpass)
     {
-        $user = $_SESSION['username'];
+        $user  = $_SESSION['username'];
+        $error = '';
 
         if (extension_loaded('pam') || extension_loaded('pam_auth')) {
             if (pam_auth($user, $currpass, $error, false)) {
diff --git a/plugins/password/drivers/smb.php b/plugins/password/drivers/smb.php
index d56924eee..9f2b96afa 100644
--- a/plugins/password/drivers/smb.php
+++ b/plugins/password/drivers/smb.php
@@ -26,13 +26,15 @@ class rcube_smb_password
 
     public function save($currpass, $newpass)
     {
-        $host = rcmail::get_instance()->config->get('password_smb_host','localhost');
-        $bin = rcmail::get_instance()->config->get('password_smb_cmd','/usr/bin/smbpasswd');
+        $host     = rcmail::get_instance()->config->get('password_smb_host','localhost');
+        $bin      = rcmail::get_instance()->config->get('password_smb_cmd','/usr/bin/smbpasswd');
         $username = $_SESSION['username'];
 
-        $tmpfile = tempnam(sys_get_temp_dir(),'smb');
-        $cmd = $bin . ' -r ' . $host . ' -s -U "' . $username . '" > ' . $tmpfile . ' 2>&1';
-        $handle = @popen($cmd, 'w');
+        $host     = rcube_utils::parse_host($host);
+        $tmpfile  = tempnam(sys_get_temp_dir(),'smb');
+        $cmd      = $bin . ' -r ' . $host . ' -s -U "' . $username . '" > ' . $tmpfile . ' 2>&1';
+        $handle   = @popen($cmd, 'w');
+
         fputs($handle, $currpass."\n");
         fputs($handle, $newpass."\n");
         fputs($handle, $newpass."\n");
diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php
index e02bff146..7a51dfe44 100644
--- a/plugins/password/drivers/sql.php
+++ b/plugins/password/drivers/sql.php
@@ -34,8 +34,9 @@ class rcube_sql_password
             $db = $rcmail->get_dbh();
         }
 
-        if ($err = $db->is_error())
+        if ($db->is_error()) {
             return PASSWORD_ERROR;
+        }
 
         // crypted password
         if (strpos($sql, '%c') !== FALSE) {
@@ -183,8 +184,8 @@ class rcube_sql_password
         $res = $db->query($sql, $sql_vars);
 
         if (!$db->is_error()) {
-            if (strtolower(substr(trim($query),0,6))=='select') {
-                if ($result = $db->fetch_array($res))
+            if (strtolower(substr(trim($sql),0,6)) == 'select') {
+                if ($db->fetch_array($res))
                     return PASSWORD_SUCCESS;
             } else {
                 // This is the good case: 1 row updated
diff --git a/plugins/password/drivers/xmail.php b/plugins/password/drivers/xmail.php
index 37abc3001..59e467c5b 100644
--- a/plugins/password/drivers/xmail.php
+++ b/plugins/password/drivers/xmail.php
@@ -67,7 +67,7 @@ class XMail {
     function send($msg)
     {
         socket_write($this->socket,$msg);
-        if (substr($in = socket_read($this->socket, 512, PHP_BINARY_READ),0,1) != "+") {
+        if (substr(socket_read($this->socket, 512, PHP_BINARY_READ),0,1) != "+") {
             return false;
         }
         return true;
@@ -85,7 +85,7 @@ class XMail {
             return false;
         }
 
-        if (substr($in = socket_read($this->socket, 512, PHP_BINARY_READ),0,1) != "+") {
+        if (substr(socket_read($this->socket, 512, PHP_BINARY_READ),0,1) != "+") {
             socket_close($this->socket);
             return false;
         }