summaryrefslogtreecommitdiff
path: root/plugins/password/drivers
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/password/drivers')
-rw-r--r--plugins/password/drivers/chgsaslpasswd.c29
-rw-r--r--plugins/password/drivers/cpanel.php121
-rw-r--r--plugins/password/drivers/directadmin.php483
-rw-r--r--plugins/password/drivers/ldap.php186
-rw-r--r--plugins/password/drivers/poppassd.php56
-rw-r--r--plugins/password/drivers/sasl.php44
-rw-r--r--plugins/password/drivers/sql.php107
-rw-r--r--plugins/password/drivers/vpopmaild.php51
-rw-r--r--plugins/password/drivers/ximss.php81
9 files changed, 0 insertions, 1158 deletions
diff --git a/plugins/password/drivers/chgsaslpasswd.c b/plugins/password/drivers/chgsaslpasswd.c
deleted file mode 100644
index bcdcb2e0d..000000000
--- a/plugins/password/drivers/chgsaslpasswd.c
+++ /dev/null
@@ -1,29 +0,0 @@
-#include <stdio.h>
-#include <unistd.h>
-
-// set the UID this script will run as (cyrus user)
-#define UID 96
-// set the path to saslpasswd or saslpasswd2
-#define CMD "/usr/sbin/saslpasswd2"
-
-/* INSTALLING:
- gcc -o chgsaslpasswd chgsaslpasswd.c
- chown cyrus.apache chgsaslpasswd
- strip chgsaslpasswd
- chmod 4550 chgsaslpasswd
-*/
-
-main(int argc, char *argv[])
-{
- int rc,cc;
-
- cc = setuid(UID);
- rc = execvp(CMD, argv);
- if ((rc != 0) || (cc != 0))
- {
- fprintf(stderr, "__ %s: failed %d %d\n", argv[0], rc, cc);
- return 1;
- }
-
- return 0;
-}
diff --git a/plugins/password/drivers/cpanel.php b/plugins/password/drivers/cpanel.php
deleted file mode 100644
index 82bfe74d2..000000000
--- a/plugins/password/drivers/cpanel.php
+++ /dev/null
@@ -1,121 +0,0 @@
-<?php
-
-/**
- * cPanel Password Driver
- *
- * Driver that adds functionality to change the users cPanel password.
- * The cPanel PHP API code has been taken from: http://www.phpclasses.org/browse/package/3534.html
- *
- * This driver has been tested with Hostmonster hosting and seems to work fine.
-
- *
- * @version 1.0
- * @author Fulvio Venturelli <fulvio@venturelli.org>
- */
-
-class HTTP
-{
- function HTTP($host, $username, $password, $port, $ssl, $theme)
- {
- $this->ssl = $ssl ? 'ssl://' : '';
- $this->username = $username;
- $this->password = $password;
- $this->theme = $theme;
- $this->auth = base64_encode($username . ':' . $password);
- $this->port = $port;
- $this->host = $host;
- $this->path = '/frontend/' . $theme . '/';
- }
-
- function getData($url, $data = '')
- {
- $url = $this->path . $url;
- if(is_array($data))
- {
- $url = $url . '?';
- foreach($data as $key=>$value)
- {
- $url .= urlencode($key) . '=' . urlencode($value) . '&';
- }
- $url = substr($url, 0, -1);
- }
- $response = '';
- $fp = fsockopen($this->ssl . $this->host, $this->port);
- if(!$fp)
- {
- return false;
- }
- $out = 'GET ' . $url . ' HTTP/1.0' . "\r\n";
- $out .= 'Authorization: Basic ' . $this->auth . "\r\n";
- $out .= 'Connection: Close' . "\r\n\r\n";
- fwrite($fp, $out);
- while (!feof($fp))
- {
- $response .= @fgets($fp);
- }
- fclose($fp);
- return $response;
- }
-}
-
-
-class emailAccount
-{
- function emailAccount($host, $username, $password, $port, $ssl, $theme, $address)
- {
- $this->HTTP = new HTTP($host, $username, $password, $port, $ssl, $theme);
- if(strpos($address, '@'))
- {
- list($this->email, $this->domain) = explode('@', $address);
- }
- else
- {
- list($this->email, $this->domain) = array($address, '');
- }
- }
-
- /*
- * Change email account password
- *
- * Returns true on success or false on failure.
- * @param string $password email account password
- * @return bool
- */
- function setPassword($password)
- {
- $data['email'] = $this->email;
- $data['domain'] = $this->domain;
- $data['password'] = $password;
- $response = $this->HTTP->getData('mail/dopasswdpop.html', $data);
- if(strpos($response, 'success') && !strpos($response, 'failure'))
- {
- return true;
- }
- return false;
- }
-}
-
-
-function password_save($curpas, $newpass)
-{
- $rcmail = rcmail::get_instance();
-
- // Create a cPanel email object
- $cPanel = new emailAccount($rcmail->config->get('password_cpanel_host'),
- $rcmail->config->get('password_cpanel_username'),
- $rcmail->config->get('password_cpanel_password'),
- $rcmail->config->get('password_cpanel_port'),
- $rcmail->config->get('password_cpanel_ssl'),
- $rcmail->config->get('password_cpanel_theme'),
- $_SESSION['username'] );
-
- if ($cPanel->setPassword($newpass)){
- return PASSWORD_SUCCESS;
- }
- else
- {
- return PASSWORD_ERROR;
- }
-}
-
-?>
diff --git a/plugins/password/drivers/directadmin.php b/plugins/password/drivers/directadmin.php
deleted file mode 100644
index d11aae70a..000000000
--- a/plugins/password/drivers/directadmin.php
+++ /dev/null
@@ -1,483 +0,0 @@
-<?php
-
-/**
- * DirectAdmin Password Driver
- *
- * Driver to change passwords via DirectAdmin Control Panel
- *
- * @version 1.0
- * @author Victor Benincasa <vbenincasa@gmail.com>
- *
- */
-
-
-function password_save($curpass, $passwd){
-
- $rcmail = rcmail::get_instance();
- $Socket = new HTTPSocket;
-
- $da_user = $_SESSION['username'];
- $da_curpass = $curpass;
- $da_newpass = $passwd;
- $da_host = $rcmail->config->get('password_directadmin_host');
- $da_port = $rcmail->config->get('password_directadmin_port');
-
- $Socket->connect($da_host,$da_port);
- $Socket->set_method('POST');
- $Socket->query('/CMD_CHANGE_EMAIL_PASSWORD',
- array(
- 'email' => $da_user,
- 'oldpassword' => $da_curpass,
- 'password1' => $da_newpass,
- 'password2' => $da_newpass,
- 'api' => '1'
- ));
- $response = $Socket->fetch_parsed_body();
-
- //console("DA error response: $response[text] [$da_user]");
-
- if($Socket->result_status_code <> 200)
- return PASSWORD_CONNECT_ERROR;
- elseif($response['error'] == 1){ //Error description: $response[text]
- return PASSWORD_ERROR;
- }else
- return PASSWORD_SUCCESS;
-
-}
-
-
-/**
- * Socket communication class.
- *
- * Originally designed for use with DirectAdmin's API, this class will fill any HTTP socket need.
- *
- * Very, very basic usage:
- * $Socket = new HTTPSocket;
- * echo $Socket->get('http://user:pass@somesite.com/somedir/some.file?query=string&this=that');
- *
- * @author Phi1 'l0rdphi1' Stier <l0rdphi1@liquenox.net>
- * @package HTTPSocket
- * @version 2.6
- */
-class HTTPSocket {
-
- var $version = '2.6';
-
- /* all vars are private except $error, $query_cache, and $doFollowLocationHeader */
-
- var $method = 'GET';
-
- var $remote_host;
- var $remote_port;
- var $remote_uname;
- var $remote_passwd;
-
- var $result;
- var $result_header;
- var $result_body;
- var $result_status_code;
-
- var $lastTransferSpeed;
-
- var $bind_host;
-
- var $error = array();
- var $warn = array();
- var $query_cache = array();
-
- var $doFollowLocationHeader = TRUE;
- var $redirectURL;
-
- var $extra_headers = array();
-
- /**
- * Create server "connection".
- *
- */
- function connect($host, $port = '' )
- {
- if (!is_numeric($port))
- {
- $port = 80;
- }
-
- $this->remote_host = $host;
- $this->remote_port = $port;
- }
-
- function bind( $ip = '' )
- {
- if ( $ip == '' )
- {
- $ip = $_SERVER['SERVER_ADDR'];
- }
-
- $this->bind_host = $ip;
- }
-
- /**
- * Change the method being used to communicate.
- *
- * @param string|null request method. supports GET, POST, and HEAD. default is GET
- */
- function set_method( $method = 'GET' )
- {
- $this->method = strtoupper($method);
- }
-
- /**
- * Specify a username and password.
- *
- * @param string|null username. defualt is null
- * @param string|null password. defualt is null
- */
- function set_login( $uname = '', $passwd = '' )
- {
- if ( strlen($uname) > 0 )
- {
- $this->remote_uname = $uname;
- }
-
- if ( strlen($passwd) > 0 )
- {
- $this->remote_passwd = $passwd;
- }
-
- }
-
- /**
- * Query the server
- *
- * @param string containing properly formatted server API. See DA API docs and examples. Http:// URLs O.K. too.
- * @param string|array query to pass to url
- * @param int if connection KB/s drops below value here, will drop connection
- */
- function query( $request, $content = '', $doSpeedCheck = 0 )
- {
- $this->error = $this->warn = array();
- $this->result_status_code = NULL;
-
- // is our request a http:// ... ?
- if (preg_match('!^http://!i',$request))
- {
- $location = parse_url($request);
- $this->connect($location['host'],$location['port']);
- $this->set_login($location['user'],$location['pass']);
-
- $request = $location['path'];
- $content = $location['query'];
-
- if ( strlen($request) < 1 )
- {
- $request = '/';
- }
-
- }
-
- $array_headers = array(
- 'User-Agent' => "HTTPSocket/$this->version",
- 'Host' => ( $this->remote_port == 80 ? $this->remote_host : "$this->remote_host:$this->remote_port" ),
- 'Accept' => '*/*',
- 'Connection' => 'Close' );
-
- foreach ( $this->extra_headers as $key => $value )
- {
- $array_headers[$key] = $value;
- }
-
- $this->result = $this->result_header = $this->result_body = '';
-
- // was content sent as an array? if so, turn it into a string
- if (is_array($content))
- {
- $pairs = array();
-
- foreach ( $content as $key => $value )
- {
- $pairs[] = "$key=".urlencode($value);
- }
-
- $content = join('&',$pairs);
- unset($pairs);
- }
-
- $OK = TRUE;
-
- // instance connection
- if ($this->bind_host)
- {
- $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
- socket_bind($socket,$this->bind_host);
-
- if (!@socket_connect($socket,$this->remote_host,$this->remote_port))
- {
- $OK = FALSE;
- }
-
- }
- else
- {
- $socket = @fsockopen( $this->remote_host, $this->remote_port, $sock_errno, $sock_errstr, 10 );
- }
-
- if ( !$socket || !$OK )
- {
- $this->error[] = "Can't create socket connection to $this->remote_host:$this->remote_port.";
- return 0;
- }
-
- // if we have a username and password, add the header
- if ( isset($this->remote_uname) && isset($this->remote_passwd) )
- {
- $array_headers['Authorization'] = 'Basic '.base64_encode("$this->remote_uname:$this->remote_passwd");
- }
-
- // for DA skins: if $this->remote_passwd is NULL, try to use the login key system
- if ( isset($this->remote_uname) && $this->remote_passwd == NULL )
- {
- $array_headers['Cookie'] = "session={$_SERVER['SESSION_ID']}; key={$_SERVER['SESSION_KEY']}";
- }
-
- // if method is POST, add content length & type headers
- if ( $this->method == 'POST' )
- {
- $array_headers['Content-type'] = 'application/x-www-form-urlencoded';
- $array_headers['Content-length'] = strlen($content);
- }
- // else method is GET or HEAD. we don't support anything else right now.
- else
- {
- if ($content)
- {
- $request .= "?$content";
- }
- }
-
- // prepare query
- $query = "$this->method $request HTTP/1.0\r\n";
- foreach ( $array_headers as $key => $value )
- {
- $query .= "$key: $value\r\n";
- }
- $query .= "\r\n";
-
- // if POST we need to append our content
- if ( $this->method == 'POST' && $content )
- {
- $query .= "$content\r\n\r\n";
- }
-
- // query connection
- if ($this->bind_host)
- {
- socket_write($socket,$query);
-
- // now load results
- while ( $out = socket_read($socket,2048) )
- {
- $this->result .= $out;
- }
- }
- else
- {
- fwrite( $socket, $query, strlen($query) );
-
- // now load results
- $this->lastTransferSpeed = 0;
- $status = socket_get_status($socket);
- $startTime = time();
- $length = 0;
- $prevSecond = 0;
- while ( !feof($socket) && !$status['timed_out'] )
- {
- $chunk = fgets($socket,1024);
- $length += strlen($chunk);
- $this->result .= $chunk;
-
- $elapsedTime = time() - $startTime;
-
- if ( $elapsedTime > 0 )
- {
- $this->lastTransferSpeed = ($length/1024)/$elapsedTime;
- }
-
- if ( $doSpeedCheck > 0 && $elapsedTime > 5 && $this->lastTransferSpeed < $doSpeedCheck )
- {
- $this->warn[] = "kB/s for last 5 seconds is below 50 kB/s (~".( ($length/1024)/$elapsedTime )."), dropping connection...";
- $this->result_status_code = 503;
- break;
- }
-
- }
-
- if ( $this->lastTransferSpeed == 0 )
- {
- $this->lastTransferSpeed = $length/1024;
- }
-
- }
-
- list($this->result_header,$this->result_body) = split("\r\n\r\n",$this->result,2);
-
- if ($this->bind_host)
- {
- socket_close($socket);
- }
- else
- {
- fclose($socket);
- }
-
- $this->query_cache[] = $query;
-
-
- $headers = $this->fetch_header();
-
- // what return status did we get?
- if (!$this->result_status_code)
- {
- preg_match("#HTTP/1\.. (\d+)#",$headers[0],$matches);
- $this->result_status_code = $matches[1];
- }
-
- // did we get the full file?
- if ( !empty($headers['content-length']) && $headers['content-length'] != strlen($this->result_body) )
- {
- $this->result_status_code = 206;
- }
-
- // now, if we're being passed a location header, should we follow it?
- if ($this->doFollowLocationHeader)
- {
- if ($headers['location'])
- {
- $this->redirectURL = $headers['location'];
- $this->query($headers['location']);
- }
- }
-
- }
-
- function getTransferSpeed()
- {
- return $this->lastTransferSpeed;
- }
-
- /**
- * The quick way to get a URL's content :)
- *
- * @param string URL
- * @param boolean return as array? (like PHP's file() command)
- * @return string result body
- */
- function get($location, $asArray = FALSE )
- {
- $this->query($location);
-
- if ( $this->get_status_code() == 200 )
- {
- if ($asArray)
- {
- return split("\n",$this->fetch_body());
- }
-
- return $this->fetch_body();
- }
-
- return FALSE;
- }
-
- /**
- * Returns the last status code.
- * 200 = OK;
- * 403 = FORBIDDEN;
- * etc.
- *
- * @return int status code
- */
- function get_status_code()
- {
- return $this->result_status_code;
- }
-
- /**
- * Adds a header, sent with the next query.
- *
- * @param string header name
- * @param string header value
- */
- function add_header($key,$value)
- {
- $this->extra_headers[$key] = $value;
- }
-
- /**
- * Clears any extra headers.
- *
- */
- function clear_headers()
- {
- $this->extra_headers = array();
- }
-
- /**
- * Return the result of a query.
- *
- * @return string result
- */
- function fetch_result()
- {
- return $this->result;
- }
-
- /**
- * Return the header of result (stuff before body).
- *
- * @param string (optional) header to return
- * @return array result header
- */
- function fetch_header( $header = '' )
- {
- $array_headers = split("\r\n",$this->result_header);
-
- $array_return = array( 0 => $array_headers[0] );
- unset($array_headers[0]);
-
- foreach ( $array_headers as $pair )
- {
- list($key,$value) = split(": ",$pair,2);
- $array_return[strtolower($key)] = $value;
- }
-
- if ( $header != '' )
- {
- return $array_return[strtolower($header)];
- }
-
- return $array_return;
- }
-
- /**
- * Return the body of result (stuff after header).
- *
- * @return string result body
- */
- function fetch_body()
- {
- return $this->result_body;
- }
-
- /**
- * Return parsed body in array format.
- *
- * @return array result parsed
- */
- function fetch_parsed_body()
- {
- parse_str($this->result_body,$x);
- return $x;
- }
-
-}
-
-?>
diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php
deleted file mode 100644
index e38f13f8c..000000000
--- a/plugins/password/drivers/ldap.php
+++ /dev/null
@@ -1,186 +0,0 @@
-<?php
-
-/**
- * LDAP Password Driver
- *
- * Driver for passwords stored in LDAP
- * This driver use the PEAR Net_LDAP2 class (http://pear.php.net/package/Net_LDAP2).
- *
- * @version 1.0 (2009-06-24)
- * @author Edouard MOREAU <edouard.moreau@ensma.fr>
- *
- * function hashPassword based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/).
- * function randomSalt based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/).
- *
- */
-
-function password_save($curpass, $passwd)
-{
- $rcmail = rcmail::get_instance();
- require_once ('Net/LDAP2.php');
-
- // Building user DN
- $userDN = str_replace('%login', $_SESSION['username'], $rcmail->config->get('password_ldap_userDN_mask'));
-
- $parts = explode('@', $_SESSION['username']);
- if (count($parts) == 2)
- {
- $userDN = str_replace('%name', $parts[0], $userDN);
- $userDN = str_replace('%domain', $parts[1], $userDN);
- }
-
- if (empty($userDN)) {return PASSWORD_CONNECT_ERROR;}
-
- // Connection Method
- switch($rcmail->config->get('password_ldap_method')) {
- case 'user': $binddn = $userDN; $bindpw = $curpass; break;
- case 'admin': $binddn = $rcmail->config->get('password_ldap_adminDN'); $bindpw = $rcmail->config->get('password_ldap_adminPW'); break;
- default: $binddn = $userDN; $bindpw = $curpass; break; // default is user mode
- }
-
- // Configuration array
- $ldapConfig = array (
- 'binddn' => $binddn,
- 'bindpw' => $bindpw,
- 'basedn' => $rcmail->config->get('password_ldap_basedn'),
- 'host' => $rcmail->config->get('password_ldap_host'),
- 'port' => $rcmail->config->get('password_ldap_port'),
- 'starttls' => $rcmail->config->get('password_ldap_starttls'),
- 'version' => $rcmail->config->get('password_ldap_version'),
- );
-
- // Connecting using the configuration array
- $ldap = Net_LDAP2::connect($ldapConfig);
-
- // Checking for connection error
- if (PEAR::isError($ldap)) {return PASSWORD_CONNECT_ERROR;}
-
- // Crypting new password
- $newCryptedPassword = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage'));
- if (!$newCryptedPassword) {return PASSWORD_CRYPT_ERROR;}
-
- // Writing new crypted password to LDAP
- $userEntry = $ldap->getEntry($userDN);
- if (Net_LDAP2::isError($userEntry)) {return PASSWORD_CONNECT_ERROR;}
- if (!$userEntry->replace(array($rcmail->config->get('password_ldap_pwattr') => $newCryptedPassword),$rcmail->config->get('password_ldap_force_replace'))) {return PASSWORD_CONNECT_ERROR;}
- if (Net_LDAP2::isError($userEntry->update())) {return PASSWORD_CONNECT_ERROR;}
-
- // All done, no error
- return PASSWORD_SUCCESS;
-}
-
-
-/**
- * Code originaly from the phpLDAPadmin development team
- * http://phpldapadmin.sourceforge.net/
- *
- * Hashes a password and returns the hash based on the specified enc_type.
- *
- * @param string $passwordClear The password to hash in clear text.
- * @param string $encodageType Standard LDAP encryption type which must be one of
- * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
- * @return string The hashed password.
- *
- */
-
-function hashPassword( $passwordClear, $encodageType )
-{
- $encodageType = strtolower( $encodageType );
- switch( $encodageType ) {
- case 'crypt':
- $cryptedPassword = '{CRYPT}' . crypt($passwordClear,randomSalt(2));
- break;
-
- case 'ext_des':
- // extended des crypt. see OpenBSD crypt man page.
- if ( ! defined( 'CRYPT_EXT_DES' ) || CRYPT_EXT_DES == 0 ) {return FALSE;} //Your system crypt library does not support extended DES encryption.
- $cryptedPassword = '{CRYPT}' . crypt( $passwordClear, '_' . randomSalt(8) );
- break;
-
- case 'md5crypt':
- if( ! defined( 'CRYPT_MD5' ) || CRYPT_MD5 == 0 ) {return FALSE;} //Your system crypt library does not support md5crypt encryption.
- $cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$1$' . randomSalt(9) );
- break;
-
- case 'blowfish':
- if( ! defined( 'CRYPT_BLOWFISH' ) || CRYPT_BLOWFISH == 0 ) {return FALSE;} //Your system crypt library does not support blowfish encryption.
- $cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$2a$12$' . randomSalt(13) ); // hardcoded to second blowfish version and set number of rounds
- break;
-
- case 'md5':
- $cryptedPassword = '{MD5}' . base64_encode( pack( 'H*' , md5( $passwordClear) ) );
- break;
-
- case 'sha':
- if( function_exists('sha1') ) {
- // use php 4.3.0+ sha1 function, if it is available.
- $cryptedPassword = '{SHA}' . base64_encode( pack( 'H*' , sha1( $passwordClear) ) );
- } elseif( function_exists( 'mhash' ) ) {
- $cryptedPassword = '{SHA}' . base64_encode( mhash( MHASH_SHA1, $passwordClear) );
- } else {
- return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
- }
- break;
-
- case 'ssha':
- if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) {
- mt_srand( (double) microtime() * 1000000 );
- $salt = mhash_keygen_s2k( MHASH_SHA1, $passwordClear, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
- $cryptedPassword = "{SSHA}".base64_encode( mhash( MHASH_SHA1, $passwordClear.$salt ).$salt );
- } else {
- return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
- }
- break;
-
- case 'smd5':
- if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) {
- mt_srand( (double) microtime() * 1000000 );
- $salt = mhash_keygen_s2k( MHASH_MD5, $passwordClear, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
- $cryptedPassword = "{SMD5}".base64_encode( mhash( MHASH_MD5, $passwordClear.$salt ).$salt );
- } else {
- return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
- }
- break;
-
- case 'clear':
- default:
- $cryptedPassword = $passwordClear;
- }
-
- return $cryptedPassword;
-}
-
-
-
-/**
- * Code originaly from the phpLDAPadmin development team
- * http://phpldapadmin.sourceforge.net/
- *
- * Used to generate a random salt for crypt-style passwords. Salt strings are used
- * to make pre-built hash cracking dictionaries difficult to use as the hash algorithm uses
- * not only the user's password but also a randomly generated string. The string is
- * stored as the first N characters of the hash for reference of hashing algorithms later.
- *
- * --- added 20021125 by bayu irawan <bayuir@divnet.telkom.co.id> ---
- * --- ammended 20030625 by S C Rigler <srigler@houston.rr.com> ---
- *
- * @param int $length The length of the salt string to generate.
- * @return string The generated salt string.
- */
-
-function randomSalt( $length )
-{
- $possible = '0123456789'.
- 'abcdefghijklmnopqrstuvwxyz'.
- 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.
- './';
- $str = "";
- mt_srand((double)microtime() * 1000000);
-
- while( strlen( $str ) < $length )
- $str .= substr( $possible, ( rand() % strlen( $possible ) ), 1 );
-
- return $str;
-}
-
-?>
diff --git a/plugins/password/drivers/poppassd.php b/plugins/password/drivers/poppassd.php
deleted file mode 100644
index 8a54fb7d9..000000000
--- a/plugins/password/drivers/poppassd.php
+++ /dev/null
@@ -1,56 +0,0 @@
-<?php
-
-/**
- * Poppassd Password Driver
- *
- * Driver to change passwords via Poppassd/Courierpassd
- *
- * @version 1.0
- * @author Philip Weir
- *
- */
-
-function password_save($curpass, $passwd)
-{
- $rcmail = rcmail::get_instance();
-// include('Net/Socket.php');
- $poppassd = new Net_Socket();
-
- if (PEAR::isError($poppassd->connect($rcmail->config->get('password_pop_host'), $rcmail->config->get('password_pop_port'), null))) {
- return PASSWORD_CONNECT_ERROR;
- }
- else {
- $result = $poppassd->readLine();
- if(!preg_match('/^2\d\d/', $result)) {
- $poppassd->disconnect();
- return PASSWORD_ERROR;
- }
- else {
- $poppassd->writeLine("user ". $_SESSION['username']);
- $result = $poppassd->readLine();
- if(!preg_match('/^[23]\d\d/', $result) ) {
- $poppassd->disconnect();
- return PASSWORD_CONNECT_ERROR;
- }
- else {
- $poppassd->writeLine("pass ". $curpass);
- $result = $poppassd->readLine();
- if(!preg_match('/^[23]\d\d/', $result) ) {
- $poppassd->disconnect();
- return PASSWORD_ERROR;
- }
- else {
- $poppassd->writeLine("newpass ". $passwd);
- $result = $poppassd->readLine();
- $poppassd->disconnect();
- if (!preg_match('/^2\d\d/', $result))
- return PASSWORD_ERROR;
- else
- return PASSWORD_SUCCESS;
- }
- }
- }
- }
-}
-
-?>
diff --git a/plugins/password/drivers/sasl.php b/plugins/password/drivers/sasl.php
deleted file mode 100644
index b1e9ba487..000000000
--- a/plugins/password/drivers/sasl.php
+++ /dev/null
@@ -1,44 +0,0 @@
-<?php
-
-/**
- * SASL Password Driver
- *
- * Driver that adds functionality to change the users Cyrus/SASL password.
- * The code is derrived from the Squirrelmail "Change SASL Password" Plugin
- * by Galen Johnson.
- *
- * It only works with saslpasswd2 on the same host where RoundCube runs
- * and requires shell access and gcc in order to compile the binary.
- *
- * For installation instructions please read the README file.
- *
- * @version 1.0
- * @author Thomas Bruederli
- */
-
-function password_save($currpass, $newpass)
-{
- $curdir = realpath(dirname(__FILE__));
- $username = escapeshellcmd($_SESSION['username']);
- $args = rcmail::get_instance()->config->get('password_saslpasswd_args', '');
-
- if ($fh = popen("$curdir/chgsaslpasswd -p $args $username", 'w')) {
- fwrite($fh, $newpass."\n");
- $code = pclose($fh);
-
- if ($code == 0)
- return PASSWORD_SUCCESS;
- }
- else {
- raise_error(array(
- 'code' => 600,
- 'type' => 'php',
- 'file' => __FILE__,
- 'message' => "Password plugin: Unable to execute $curdir/chgsaslpasswd"
- ), true, false);
- }
-
- return PASSWORD_ERROR;
-}
-
-?>
diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php
deleted file mode 100644
index 1e737f233..000000000
--- a/plugins/password/drivers/sql.php
+++ /dev/null
@@ -1,107 +0,0 @@
-<?php
-
-/**
- * SQL Password Driver
- *
- * Driver for passwords stored in SQL database
- *
- * @version 1.3
- * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl>
- *
- */
-
-function password_save($curpass, $passwd)
-{
- $rcmail = rcmail::get_instance();
-
- if (!($sql = $rcmail->config->get('password_query')))
- $sql = 'SELECT update_passwd(%c, %u)';
-
- if ($dsn = $rcmail->config->get('password_db_dsn')) {
- // #1486067: enable new_link option
- if (is_array($dsn) && empty($dsn['new_link']))
- $dsn['new_link'] = true;
- else if (!is_array($dsn) && !preg_match('/\?new_link=true/', $dsn))
- $dsn .= '?new_link=true';
-
- $db = new rcube_mdb2($dsn, '', FALSE);
- $db->set_debug((bool)$rcmail->config->get('sql_debug'));
- $db->db_connect('w');
- } else {
- $db = $rcmail->get_dbh();
- }
-
- if ($err = $db->is_error())
- return PASSWORD_ERROR;
-
- // crypted password
- if (strpos($sql, '%c') !== FALSE) {
- $salt = '';
- if (CRYPT_MD5) {
- $len = rand(3, CRYPT_SALT_LENGTH);
- } else if (CRYPT_STD_DES) {
- $len = 2;
- } else {
- return PASSWORD_CRYPT_ERROR;
- }
- for ($i = 0; $i < $len ; $i++) {
- $salt .= chr(rand(ord('.'), ord('z')));
- }
- $sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql);
- }
-
- // hashed passwords
- if (preg_match('/%[n|q]/', $sql)) {
-
- if (!extension_loaded('hash')) {
- raise_error(array(
- 'code' => 600,
- 'type' => 'php',
- 'file' => __FILE__,
- 'message' => "Password plugin: 'hash' extension not loaded!"
- ), true, false);
- return PASSWORD_ERROR;
- }
-
- if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm'))))
- $hash_algo = 'sha1';
-
- $hash_passwd = hash($hash_algo, $passwd);
- $hash_curpass = hash($hash_algo, $curpass);
-
- if ($rcmail->config->get('password_hash_base64')) {
- $hash_passwd = base64_encode(pack('H*', $hash_passwd));
- $hash_curpass = base64_encode(pack('H*', $hash_curpass));
- }
-
- $sql = str_replace('%n', $db->quote($hash_passwd, 'text'), $sql);
- $sql = str_replace('%q', $db->quote($hash_curpass, 'text'), $sql);
- }
-
- $user_info = explode('@', $_SESSION['username']);
- if (count($user_info) >= 2) {
- $sql = str_replace('%l', $db->quote($user_info[0], 'text'), $sql);
- $sql = str_replace('%d', $db->quote($user_info[1], 'text'), $sql);
- }
-
- $sql = str_replace('%u', $db->quote($_SESSION['username'],'text'), $sql);
- $sql = str_replace('%h', $db->quote($_SESSION['imap_host'],'text'), $sql);
- $sql = str_replace('%p', $db->quote($passwd,'text'), $sql);
- $sql = str_replace('%o', $db->quote($curpass,'text'), $sql);
-
- $res = $db->query($sql);
-
- if (!$db->is_error()) {
- if (strtolower(substr(trim($query),0,6))=='select') {
- if ($result = $db->fetch_array($res))
- return PASSWORD_SUCCESS;
- } else {
- if ($db->affected_rows($res) == 1)
- return PASSWORD_SUCCESS; // This is the good case: 1 row updated
- }
- }
-
- return PASSWORD_ERROR;
-}
-
-?>
diff --git a/plugins/password/drivers/vpopmaild.php b/plugins/password/drivers/vpopmaild.php
deleted file mode 100644
index b6fb39343..000000000
--- a/plugins/password/drivers/vpopmaild.php
+++ /dev/null
@@ -1,51 +0,0 @@
-<?php
-
-/**
- * vpopmail Password Driver
- *
- * Driver to change passwords via vpopmaild
- *
- * @version 1.1
- * @author Johannes Hessellund
- *
- */
-
-function password_save($curpass, $passwd)
-{
- $rcmail = rcmail::get_instance();
-// include('Net/Socket.php');
- $vpopmaild = new Net_Socket();
-
- if (PEAR::isError($vpopmaild->connect($rcmail->config->get('password_vpopmaild_host'),
- $rcmail->config->get('password_vpopmaild_port'), null))) {
- return PASSWORD_CONNECT_ERROR;
- }
-
- $result = $vpopmaild->readLine();
- if(!preg_match('/^\+OK/', $result)) {
- $vpopmaild->disconnect();
- return PASSWORD_CONNECT_ERROR;
- }
-
- $vpopmaild->writeLine("slogin ". $_SESSION['username'] . " " . $curpass);
- $result = $vpopmaild->readLine();
- if(!preg_match('/^\+OK/', $result) ) {
- $vpopmaild->writeLine("quit");
- $vpopmaild->disconnect();
- return PASSWORD_ERROR;
- }
-
- $vpopmaild->writeLine("mod_user ". $_SESSION['username']);
- $vpopmaild->writeLine("clear_text_password ". $passwd);
- $vpopmaild->writeLine(".");
- $result = $vpopmaild->readLine();
- $vpopmaild->writeLine("quit");
- $vpopmaild->disconnect();
-
- if (!preg_match('/^\+OK/', $result))
- return PASSWORD_ERROR;
-
- return PASSWORD_SUCCESS;
-}
-
-?>
diff --git a/plugins/password/drivers/ximss.php b/plugins/password/drivers/ximss.php
deleted file mode 100644
index 94aba1874..000000000
--- a/plugins/password/drivers/ximss.php
+++ /dev/null
@@ -1,81 +0,0 @@
-<?php
-/**
- * Communigate driver for the Password Plugin for Roundcube
- *
- * Tested with Communigate Pro 5.1.2
- *
- * Configuration options:
- * password_ximss_host - Host name of Communigate server
- * password_ximss_port - XIMSS port on Communigate server
- *
- *
- * References:
- * http://www.communigate.com/WebGuide/XMLAPI.html
- *
- * @version 1
- * @author Erik Meitner <erik wanderings.us>
- */
-
-function password_save($pass, $newpass)
-{
-
- $rcmail = rcmail::get_instance();
-
- $sock = stream_socket_client("tcp://".$rcmail->config->get('password_ximss_host').":".$rcmail->config->get('password_ximss_port'), $errno, $errstr, 30) ;
- if( $sock === FALSE )
- {
- return PASSWORD_CONNECT_ERROR;
- }
-
- // send all requests at once(pipelined)
- fwrite( $sock, '<login id="A001" authData="'.$_SESSION['username'].'" password="'.$pass.'" />'."\0");
- fwrite( $sock, '<passwordModify id="A002" oldPassword="'.$pass.'" newPassword="'.$newpass.'" />'."\0");
- fwrite( $sock, '<bye id="A003" />'."\0");
-
- //example responses
- // <session id="A001" urlID="4815-vN2Txjkggy7gjHRD10jw" userName="user@example.com"/>\0
- // <response id="A001"/>\0
- // <response id="A002"/>\0
- // <response id="A003"/>\0
- // or an error:
- // <response id="A001" errorText="incorrect password or account name" errorNum="515"/>\0
-
- $responseblob = '';
- while (!feof($sock)) {
- $responseblob .= fgets($sock, 1024);
- }
-
- fclose($sock);
-
- foreach( explode( "\0",$responseblob) as $response )
- {
- $resp = simplexml_load_string("<xml>".$response."</xml>");
-
- if( $resp->response[0]['id'] == 'A001' )
- {
- if( isset( $resp->response[0]['errorNum'] ) )
- {
- return PASSWORD_CONNECT_ERROR;
- }
- }
- else if( $resp->response[0]['id'] == 'A002' )
- {
- if( isset( $resp->response[0]['errorNum'] ))
- {
- return PASSWORD_ERROR;
- }
- }
- else if( $resp->response[0]['id'] == 'A003' )
- {
- if( isset($resp->response[0]['errorNum'] ))
- {
- //There was a problem during logout(This is probably harmless)
- }
- }
- } //foreach
-
- return PASSWORD_SUCCESS;
-
-}
-
-?> \ No newline at end of file