diff options
Diffstat (limited to 'plugins/password/drivers')
| -rw-r--r-- | plugins/password/drivers/sasl.php | 41 | ||||
| -rw-r--r-- | plugins/password/drivers/sql.php | 66 |
2 files changed, 107 insertions, 0 deletions
diff --git a/plugins/password/drivers/sasl.php b/plugins/password/drivers/sasl.php new file mode 100644 index 000000000..361333403 --- /dev/null +++ b/plugins/password/drivers/sasl.php @@ -0,0 +1,41 @@ +<?php + +/** + * SASL Password Driver + * + * Driver that adds functionality to change the users Cyrus/SASL password. + * The code is derrived from the Squirrelmail "Change SASL Password" Plugin + * by Galen Johnson. + * + * It only works with saslpasswd2 on the same host where RoundCube runs + * and requires shell access and gcc in order to compile the binary. + * + * For installation instructions please read the README file. + * + * @version 1.0 + * @author Thomas Bruederli + */ + +function password_save($currpass, $newpass) +{ + $curdir = realpath(dirname(__FILE__)); + $username = escapeshellcmd($_SESSION['username']); + + if ($fh = popen("$curdir/chgsaslpasswd -p $username", 'w')) { + fwrite($fh, $newpass."\n"); + $code = pclose($fh); + + if($code == 0) + return PASSWORD_SUCCESS; + } else + raise_error(array( + 'code' => 600, + 'type' => 'php', + 'file' = __FILE__, + 'message' => "Password plugin: Unable to execute $curdir/chgsaslpasswd" + ), true, false); + + return PASSWORD_ERROR; +} + +?> diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php new file mode 100644 index 000000000..3cac8d4dc --- /dev/null +++ b/plugins/password/drivers/sql.php @@ -0,0 +1,66 @@ +<?php + +/** + * SQL Password Driver + * + * Driver for passwords stored in SQL database + * + * @version 1.0 + * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl> + * + */ + +function password_save($curpass, $passwd) +{ + $rcmail = rcmail::get_instance(); + + if (!($sql = $rcmail->config->get('password_query'))) + $sql = 'SELECT update_passwd(%c, %u)'; + + if ($dsn = $rcmail->config->get('password_db_dsn')) { + $db = new rcube_mdb2($dsn, '', FALSE); + $db->set_debug((bool)$rcmail->config->get('sql_debug')); + $db->db_connect('w'); + } else { + $db = $rcmail->get_dbh(); + } + + if ($err = $db->is_error()) + return PASSWORD_ERROR; + + if (strpos($sql, '%c') !== FALSE) { + $salt = ''; + if (CRYPT_MD5) { + $len = rand(3, CRYPT_SALT_LENGTH); + } else if (CRYPT_STD_DES) { + $len = 2; + } else { + return PASSWORD_CRYPT_ERROR; + } + for ($i = 0; $i < $len ; $i++) { + $salt .= chr(rand(ord('.'), ord('z'))); + } + $sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql); + } + + $sql = str_replace('%u', $db->quote($_SESSION['username'],'text'), $sql); + $sql = str_replace('%p', $db->quote($passwd,'text'), $sql); + $sql = str_replace('%o', $db->quote($curpass,'text'), $sql); + $sql = str_replace('%h', $db->quote($_SESSION['imap_host'],'text'), $sql); + + $res = $db->query($sql); + + if (!$db->is_error()) { + if (strtolower(substr(trim($query),0,6))=='select') { + if ($result = $db->fetch_array($res)) + return PASSWORD_SUCCESS; + } else { + if ($db->affected_rows($res) == 1) + return PASSWORD_SUCCESS; // This is the good case: 1 row updated + } + } + + return PASSWORD_ERROR; +} + +?> |