From 59478e06c25303a790a0840ab2ac30662c4ef781 Mon Sep 17 00:00:00 2001 From: Hugues Hiegel Date: Tue, 5 Aug 2014 16:46:22 +0200 Subject: c'est la merde.. --- plugins/password/drivers/chpasswd.php | 2 +- plugins/password/drivers/cpanel.php | 110 +++++++++++++++++++++---------- plugins/password/drivers/dbmail.php | 2 +- plugins/password/drivers/directadmin.php | 3 +- plugins/password/drivers/expect.php | 2 +- plugins/password/drivers/hmail.php | 12 ++-- plugins/password/drivers/ldap.php | 2 +- plugins/password/drivers/ldap_simple.php | 2 +- plugins/password/drivers/pam.php | 4 +- plugins/password/drivers/pw_usermod.php | 2 +- plugins/password/drivers/sasl.php | 2 +- plugins/password/drivers/smb.php | 14 ++-- plugins/password/drivers/sql.php | 19 +++--- plugins/password/drivers/virtualmin.php | 13 ++-- plugins/password/drivers/xmail.php | 16 ++--- 15 files changed, 124 insertions(+), 81 deletions(-) (limited to 'plugins/password/drivers') diff --git a/plugins/password/drivers/chpasswd.php b/plugins/password/drivers/chpasswd.php index 137275e69..3ea10159c 100644 --- a/plugins/password/drivers/chpasswd.php +++ b/plugins/password/drivers/chpasswd.php @@ -26,7 +26,7 @@ class rcube_chpasswd_password return PASSWORD_SUCCESS; } else { - rcube::raise_error(array( + raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/cpanel.php b/plugins/password/drivers/cpanel.php index b71c33ec1..79887109b 100644 --- a/plugins/password/drivers/cpanel.php +++ b/plugins/password/drivers/cpanel.php @@ -4,43 +4,95 @@ * cPanel Password Driver * * Driver that adds functionality to change the users cPanel password. - * Originally written by Fulvio Venturelli + * The cPanel PHP API code has been taken from: http://www.phpclasses.org/browse/package/3534.html * - * Completely rewritten using the cPanel API2 call Email::passwdpop - * as opposed to the original coding against the UI, which is a fragile method that - * makes the driver to always return a failure message for any language other than English - * see http://trac.roundcube.net/ticket/1487015 + * This driver has been tested with Hostmonster hosting and seems to work fine. * - * This driver has been tested with o2switch hosting and seems to work fine. - * - * @version 3.0 - * @author Christian Chech + * @version 2.0 + * @author Fulvio Venturelli */ class rcube_cpanel_password { public function save($curpas, $newpass) { - require_once 'xmlapi.php'; - $rcmail = rcmail::get_instance(); - $this->cuser = $rcmail->config->get('password_cpanel_username'); - - // Setup the xmlapi connection - $this->xmlapi = new xmlapi($rcmail->config->get('password_cpanel_host')); - $this->xmlapi->set_port($rcmail->config->get('password_cpanel_port')); - $this->xmlapi->password_auth($this->cuser, $rcmail->config->get('password_cpanel_password')); - $this->xmlapi->set_output('json'); - $this->xmlapi->set_debug(0); + // Create a cPanel email object + $cPanel = new emailAccount($rcmail->config->get('password_cpanel_host'), + $rcmail->config->get('password_cpanel_username'), + $rcmail->config->get('password_cpanel_password'), + $rcmail->config->get('password_cpanel_port'), + $rcmail->config->get('password_cpanel_ssl'), + $rcmail->config->get('password_cpanel_theme'), + $_SESSION['username'] ); - if ($this->setPassword($_SESSION['username'], $newpass)) { + if ($cPanel->setPassword($newpass)) { return PASSWORD_SUCCESS; } else { return PASSWORD_ERROR; } } +} + + +class HTTP +{ + function HTTP($host, $username, $password, $port, $ssl, $theme) + { + $this->ssl = $ssl ? 'ssl://' : ''; + $this->username = $username; + $this->password = $password; + $this->theme = $theme; + $this->auth = base64_encode($username . ':' . $password); + $this->port = $port; + $this->host = $host; + $this->path = '/frontend/' . $theme . '/'; + } + + function getData($url, $data = '') + { + $url = $this->path . $url; + if (is_array($data)) { + $url = $url . '?'; + foreach ($data as $key => $value) { + $url .= urlencode($key) . '=' . urlencode($value) . '&'; + } + $url = substr($url, 0, -1); + } + + $response = ''; + $fp = fsockopen($this->ssl . $this->host, $this->port); + if (!$fp) { + return false; + } + + $out = 'GET ' . $url . ' HTTP/1.0' . "\r\n"; + $out .= 'Authorization: Basic ' . $this->auth . "\r\n"; + $out .= 'Connection: Close' . "\r\n\r\n"; + fwrite($fp, $out); + while (!feof($fp)) { + $response .= @fgets($fp); + } + fclose($fp); + return $response; + } +} + + +class emailAccount +{ + function emailAccount($host, $username, $password, $port, $ssl, $theme, $address) + { + $this->HTTP = new HTTP($host, $username, $password, $port, $ssl, $theme); + if (strpos($address, '@')) { + list($this->email, $this->domain) = explode('@', $address); + } + else { + list($this->email, $this->domain) = array($address, ''); + } + } /** * Change email account password @@ -49,24 +101,16 @@ class rcube_cpanel_password * @param string $password email account password * @return bool */ - function setPassword($address, $password) + function setPassword($password) { - if (strpos($address, '@')) { - list($data['email'], $data['domain']) = explode('@', $address); - } - else { - list($data['email'], $data['domain']) = array($address, ''); - } - + $data['email'] = $this->email; + $data['domain'] = $this->domain; $data['password'] = $password; + $response = $this->HTTP->getData('mail/dopasswdpop.html', $data); - $query = $this->xmlapi->api2_query($this->cuser, 'Email', 'passwdpop', $data); - $query = json_decode($query, true); - - if ($query['cpanelresult']['data'][0]['result'] == 1) { + if (strpos($response, 'success') && !strpos($response, 'failure')) { return true; } - return false; } } diff --git a/plugins/password/drivers/dbmail.php b/plugins/password/drivers/dbmail.php index 529027b8d..e4c0d52e3 100644 --- a/plugins/password/drivers/dbmail.php +++ b/plugins/password/drivers/dbmail.php @@ -29,7 +29,7 @@ class rcube_dbmail_password return PASSWORD_SUCCESS; } else { - rcube::raise_error(array( + raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/directadmin.php b/plugins/password/drivers/directadmin.php index 44ecea406..fb156cea9 100644 --- a/plugins/password/drivers/directadmin.php +++ b/plugins/password/drivers/directadmin.php @@ -43,7 +43,7 @@ class rcube_directadmin_password $response = $Socket->fetch_parsed_body(); //DEBUG - //rcube::console("Password Plugin: [USER: $da_user] [HOST: $da_host] - Response: [SOCKET: ".$Socket->result_status_code."] [DA ERROR: ".strip_tags($response['error'])."] [TEXT: ".$response[text]."]"); + //console("Password Plugin: [USER: $da_user] [HOST: $da_host] - Response: [SOCKET: ".$Socket->result_status_code."] [DA ERROR: ".strip_tags($response['error'])."] [TEXT: ".$response[text]."]"); if($Socket->result_status_code != 200) return array('code' => PASSWORD_CONNECT_ERROR, 'message' => $Socket->error[0]); @@ -297,6 +297,7 @@ class HTTPSocket { $status = socket_get_status($socket); $startTime = time(); $length = 0; + $prevSecond = 0; while ( !feof($socket) && !$status['timed_out'] ) { $chunk = fgets($socket,1024); diff --git a/plugins/password/drivers/expect.php b/plugins/password/drivers/expect.php index 1f68924df..7a191e254 100644 --- a/plugins/password/drivers/expect.php +++ b/plugins/password/drivers/expect.php @@ -45,7 +45,7 @@ class rcube_expect_password return PASSWORD_SUCCESS; } else { - rcube::raise_error(array( + raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/hmail.php b/plugins/password/drivers/hmail.php index 650434617..104c851ae 100644 --- a/plugins/password/drivers/hmail.php +++ b/plugins/password/drivers/hmail.php @@ -5,6 +5,7 @@ * * @version 2.0 * @author Roland 'rosali' Liebl + * */ class rcube_hmail_password @@ -25,8 +26,8 @@ class rcube_hmail_password $obApp = new COM("hMailServer.Application"); } catch (Exception $e) { - rcube::write_log('errors', "Plugin password (hmail driver): " . trim(strip_tags($e->getMessage()))); - rcube::write_log('errors', "Plugin password (hmail driver): This problem is often caused by DCOM permissions not being set."); + write_log('errors', "Plugin password (hmail driver): " . trim(strip_tags($e->getMessage()))); + write_log('errors', "Plugin password (hmail driver): This problem is often caused by DCOM permissions not being set."); return PASSWORD_ERROR; } @@ -38,7 +39,8 @@ class rcube_hmail_password else { $domain = $rcmail->config->get('username_domain',false); if (!$domain) { - rcube::write_log('errors','Plugin password (hmail driver): $config[\'username_domain\'] is not defined.'); + write_log('errors','Plugin password (hmail driver): $rcmail_config[\'username_domain\'] is not defined.'); + write_log('errors','Plugin password (hmail driver): Hint: Use hmail_login plugin (http://myroundcube.googlecode.com'); return PASSWORD_ERROR; } $username = $username . "@" . $domain; @@ -53,8 +55,8 @@ class rcube_hmail_password return PASSWORD_SUCCESS; } catch (Exception $e) { - rcube::write_log('errors', "Plugin password (hmail driver): " . trim(strip_tags($e->getMessage()))); - rcube::write_log('errors', "Plugin password (hmail driver): This problem is often caused by DCOM permissions not being set."); + write_log('errors', "Plugin password (hmail driver): " . trim(strip_tags($e->getMessage()))); + write_log('errors', "Plugin password (hmail driver): This problem is often caused by DCOM permissions not being set."); return PASSWORD_ERROR; } } diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php index 548d327e1..f773335ac 100644 --- a/plugins/password/drivers/ldap.php +++ b/plugins/password/drivers/ldap.php @@ -271,7 +271,7 @@ class rcube_ldap_password case 'samba': if (function_exists('hash')) { - $cryptedPassword = hash('md4', rcube_charset::convert($passwordClear, RCUBE_CHARSET, 'UTF-16LE')); + $cryptedPassword = hash('md4', rcube_charset_convert($passwordClear, RCMAIL_CHARSET, 'UTF-16LE')); $cryptedPassword = strtoupper($cryptedPassword); } else { /* Your PHP install does not have the hash() function */ diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php index d47e14492..01385f2d0 100644 --- a/plugins/password/drivers/ldap_simple.php +++ b/plugins/password/drivers/ldap_simple.php @@ -240,7 +240,7 @@ class rcube_ldap_simple_password break; case 'samba': if (function_exists('hash')) { - $crypted_password = hash('md4', rcube_charset::convert($password_clear, RCUBE_CHARSET, 'UTF-16LE')); + $crypted_password = hash('md4', rcube_charset_convert($password_clear, RCMAIL_CHARSET, 'UTF-16LE')); $crypted_password = strtoupper($crypted_password); } else { /* Your PHP install does not have the hash() function */ diff --git a/plugins/password/drivers/pam.php b/plugins/password/drivers/pam.php index 4d0ba1656..15a802c74 100644 --- a/plugins/password/drivers/pam.php +++ b/plugins/password/drivers/pam.php @@ -21,7 +21,7 @@ class rcube_pam_password } } else { - rcube::raise_error(array( + raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, @@ -30,7 +30,7 @@ class rcube_pam_password } } else { - rcube::raise_error(array( + raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/pw_usermod.php b/plugins/password/drivers/pw_usermod.php index 237e275a7..5b92fcbfb 100644 --- a/plugins/password/drivers/pw_usermod.php +++ b/plugins/password/drivers/pw_usermod.php @@ -28,7 +28,7 @@ class rcube_pw_usermod_password return PASSWORD_SUCCESS; } else { - rcube::raise_error(array( + raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/sasl.php b/plugins/password/drivers/sasl.php index 8776eff2e..9380cf838 100644 --- a/plugins/password/drivers/sasl.php +++ b/plugins/password/drivers/sasl.php @@ -32,7 +32,7 @@ class rcube_sasl_password return PASSWORD_SUCCESS; } else { - rcube::raise_error(array( + raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/smb.php b/plugins/password/drivers/smb.php index 9f2b96afa..88021156f 100644 --- a/plugins/password/drivers/smb.php +++ b/plugins/password/drivers/smb.php @@ -26,15 +26,13 @@ class rcube_smb_password public function save($currpass, $newpass) { - $host = rcmail::get_instance()->config->get('password_smb_host','localhost'); - $bin = rcmail::get_instance()->config->get('password_smb_cmd','/usr/bin/smbpasswd'); + $host = rcmail::get_instance()->config->get('password_smb_host','localhost'); + $bin = rcmail::get_instance()->config->get('password_smb_cmd','/usr/bin/smbpasswd'); $username = $_SESSION['username']; - $host = rcube_utils::parse_host($host); - $tmpfile = tempnam(sys_get_temp_dir(),'smb'); - $cmd = $bin . ' -r ' . $host . ' -s -U "' . $username . '" > ' . $tmpfile . ' 2>&1'; - $handle = @popen($cmd, 'w'); - + $tmpfile = tempnam(sys_get_temp_dir(),'smb'); + $cmd = $bin . ' -r ' . $host . ' -s -U "' . $username . '" > ' . $tmpfile . ' 2>&1'; + $handle = @popen($cmd, 'w'); fputs($handle, $currpass."\n"); fputs($handle, $newpass."\n"); fputs($handle, $newpass."\n"); @@ -46,7 +44,7 @@ class rcube_smb_password return PASSWORD_SUCCESS; } else { - rcube::raise_error(array( + raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php index 7a51dfe44..8c8dc87b5 100644 --- a/plugins/password/drivers/sql.php +++ b/plugins/password/drivers/sql.php @@ -34,9 +34,8 @@ class rcube_sql_password $db = $rcmail->get_dbh(); } - if ($db->is_error()) { + if ($err = $db->is_error()) return PASSWORD_ERROR; - } // crypted password if (strpos($sql, '%c') !== FALSE) { @@ -118,7 +117,7 @@ class rcube_sql_password // hashed passwords if (preg_match('/%[n|q]/', $sql)) { if (!extension_loaded('hash')) { - rcube::raise_error(array( + raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, @@ -165,14 +164,14 @@ class rcube_sql_password // convert domains to/from punnycode if ($rcmail->config->get('password_idn_ascii')) { - $domain_part = rcube_utils::idn_to_ascii($domain_part); - $username = rcube_utils::idn_to_ascii($username); - $host = rcube_utils::idn_to_ascii($host); + $domain_part = rcube_idn_to_ascii($domain_part); + $username = rcube_idn_to_ascii($username); + $host = rcube_idn_to_ascii($host); } else { - $domain_part = rcube_utils::idn_to_utf8($domain_part); - $username = rcube_utils::idn_to_utf8($username); - $host = rcube_utils::idn_to_utf8($host); + $domain_part = rcube_idn_to_utf8($domain_part); + $username = rcube_idn_to_utf8($username); + $host = rcube_idn_to_utf8($host); } // at least we should always have the local part @@ -185,7 +184,7 @@ class rcube_sql_password if (!$db->is_error()) { if (strtolower(substr(trim($sql),0,6)) == 'select') { - if ($db->fetch_array($res)) + if ($result = $db->fetch_array($res)) return PASSWORD_SUCCESS; } else { // This is the good case: 1 row updated diff --git a/plugins/password/drivers/virtualmin.php b/plugins/password/drivers/virtualmin.php index 2c7aee617..40f5c2529 100644 --- a/plugins/password/drivers/virtualmin.php +++ b/plugins/password/drivers/virtualmin.php @@ -18,8 +18,7 @@ class rcube_virtualmin_password { function save($currpass, $newpass) { - $rcmail = rcmail::get_instance(); - + $rcmail = rcmail::get_instance(); $format = $rcmail->config->get('password_virtualmin_format', 0); $username = $_SESSION['username']; @@ -48,14 +47,14 @@ class rcube_virtualmin_password $pieces = explode("_", $username); $domain = $pieces[0]; break; - case 8: // domain taken from alias, username left as it was - $email = $rcmail->user->data['alias']; - $domain = substr(strrchr($email, "@"), 1); - break; default: // username@domain $domain = substr(strrchr($username, "@"), 1); } + if (!$domain) { + $domain = $rcmail->user->get_username('domain'); + } + $username = escapeshellcmd($username); $domain = escapeshellcmd($domain); $newpass = escapeshellcmd($newpass); @@ -67,7 +66,7 @@ class rcube_virtualmin_password return PASSWORD_SUCCESS; } else { - rcube::raise_error(array( + raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, diff --git a/plugins/password/drivers/xmail.php b/plugins/password/drivers/xmail.php index 47beb2178..33a49ffe3 100644 --- a/plugins/password/drivers/xmail.php +++ b/plugins/password/drivers/xmail.php @@ -10,10 +10,10 @@ * Setup xmail_host, xmail_user, xmail_pass and xmail_port into * config.inc.php of password plugin as follows: * - * $config['xmail_host'] = 'localhost'; - * $config['xmail_user'] = 'YourXmailControlUser'; - * $config['xmail_pass'] = 'YourXmailControlPass'; - * $config['xmail_port'] = 6017; + * $rcmail_config['xmail_host'] = 'localhost'; + * $rcmail_config['xmail_user'] = 'YourXmailControlUser'; + * $rcmail_config['xmail_pass'] = 'YourXmailControlPass'; + * $rcmail_config['xmail_port'] = 6017; * */ @@ -32,7 +32,7 @@ class rcube_xmail_password $xmail->port = $rcmail->config->get('xmail_port'); if (!$xmail->connect()) { - rcube::raise_error(array( + raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, @@ -42,7 +42,7 @@ class rcube_xmail_password } else if (!$xmail->send("userpasswd\t".$domain."\t".$user."\t".$newpass."\n")) { $xmail->close(); - rcube::raise_error(array( + raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, @@ -67,7 +67,7 @@ class XMail { function send($msg) { socket_write($this->socket,$msg); - if (substr(socket_read($this->socket, 512, PHP_BINARY_READ),0,1) != "+") { + if (substr($in = socket_read($this->socket, 512, PHP_BINARY_READ),0,1) != "+") { return false; } return true; @@ -85,7 +85,7 @@ class XMail { return false; } - if (substr(socket_read($this->socket, 512, PHP_BINARY_READ),0,1) != "+") { + if (substr($in = socket_read($this->socket, 512, PHP_BINARY_READ),0,1) != "+") { socket_close($this->socket); return false; } -- cgit v1.2.3