From 63a3dc5fde5a3ceed4f03c19c5015aab19050bee Mon Sep 17 00:00:00 2001 From: till Date: Sat, 20 Mar 2010 14:20:01 +0000 Subject: moved plugins --- plugins/password/README | 200 ------------- plugins/password/config.inc.php.dist | 191 ------------ plugins/password/drivers/chgsaslpasswd.c | 29 -- plugins/password/drivers/cpanel.php | 121 -------- plugins/password/drivers/directadmin.php | 483 ------------------------------- plugins/password/drivers/ldap.php | 186 ------------ plugins/password/drivers/poppassd.php | 56 ---- plugins/password/drivers/sasl.php | 44 --- plugins/password/drivers/sql.php | 107 ------- plugins/password/drivers/vpopmaild.php | 51 ---- plugins/password/drivers/ximss.php | 81 ------ plugins/password/localization/bg_BG.inc | 18 -- plugins/password/localization/ca_ES.inc | 20 -- plugins/password/localization/cs_CZ.inc | 26 -- plugins/password/localization/da_DK.inc | 18 -- plugins/password/localization/de_CH.inc | 19 -- plugins/password/localization/de_DE.inc | 19 -- plugins/password/localization/en_US.inc | 21 -- plugins/password/localization/es_ES.inc | 20 -- plugins/password/localization/et_EE.inc | 17 -- plugins/password/localization/fr_FR.inc | 18 -- plugins/password/localization/hu_HU.inc | 17 -- plugins/password/localization/it_IT.inc | 18 -- plugins/password/localization/lv_LV.inc | 20 -- plugins/password/localization/nl_NL.inc | 17 -- plugins/password/localization/pl_PL.inc | 21 -- plugins/password/localization/pt_BR.inc | 18 -- plugins/password/localization/pt_PT.inc | 18 -- plugins/password/localization/sl_SI.inc | 18 -- plugins/password/localization/sv_SE.inc | 18 -- plugins/password/localization/zh_TW.inc | 20 -- plugins/password/password.js | 36 --- plugins/password/password.php | 248 ---------------- 33 files changed, 2214 deletions(-) delete mode 100644 plugins/password/README delete mode 100644 plugins/password/config.inc.php.dist delete mode 100644 plugins/password/drivers/chgsaslpasswd.c delete mode 100644 plugins/password/drivers/cpanel.php delete mode 100644 plugins/password/drivers/directadmin.php delete mode 100644 plugins/password/drivers/ldap.php delete mode 100644 plugins/password/drivers/poppassd.php delete mode 100644 plugins/password/drivers/sasl.php delete mode 100644 plugins/password/drivers/sql.php delete mode 100644 plugins/password/drivers/vpopmaild.php delete mode 100644 plugins/password/drivers/ximss.php delete mode 100644 plugins/password/localization/bg_BG.inc delete mode 100644 plugins/password/localization/ca_ES.inc delete mode 100644 plugins/password/localization/cs_CZ.inc delete mode 100644 plugins/password/localization/da_DK.inc delete mode 100644 plugins/password/localization/de_CH.inc delete mode 100644 plugins/password/localization/de_DE.inc delete mode 100644 plugins/password/localization/en_US.inc delete mode 100644 plugins/password/localization/es_ES.inc delete mode 100644 plugins/password/localization/et_EE.inc delete mode 100644 plugins/password/localization/fr_FR.inc delete mode 100644 plugins/password/localization/hu_HU.inc delete mode 100644 plugins/password/localization/it_IT.inc delete mode 100644 plugins/password/localization/lv_LV.inc delete mode 100644 plugins/password/localization/nl_NL.inc delete mode 100644 plugins/password/localization/pl_PL.inc delete mode 100644 plugins/password/localization/pt_BR.inc delete mode 100644 plugins/password/localization/pt_PT.inc delete mode 100644 plugins/password/localization/sl_SI.inc delete mode 100644 plugins/password/localization/sv_SE.inc delete mode 100644 plugins/password/localization/zh_TW.inc delete mode 100644 plugins/password/password.js delete mode 100644 plugins/password/password.php (limited to 'plugins/password') diff --git a/plugins/password/README b/plugins/password/README deleted file mode 100644 index c7e8203ad..000000000 --- a/plugins/password/README +++ /dev/null @@ -1,200 +0,0 @@ - ----------------------------------------------------------------------- - Password Plugin for Roundcube - ----------------------------------------------------------------------- - - Plugin that adds a possibility to change user password using many - methods (drivers) via Settings/Password tab. - - ----------------------------------------------------------------------- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License version 2 - as published by the Free Software Foundation. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - @version 1.2 - @author Aleksander 'A.L.E.C' Machniak - @author - ----------------------------------------------------------------------- - - 1. Configuration - 2. Drivers - 2.1. Database (sql) - 2.2. Cyrus/SASL (sasl) - 2.3. Poppassd/Courierpassd (poppassd) - 2.4. LDAP (ldap) - 2.5. DirectAdmin Control Panel - 2.6. cPanel - 2.7. XIMSS (Communigate) - 3. Driver API - - - 1. Configuration - ---------------- - - Copy config.inc.php.dist to config.inc.php and set the options as described - within the file. - - - 2. Drivers - ---------- - - Password plugin supports many password change mechanisms which are - handled by included drivers. Just pass driver name in 'password_driver' option. - - - 2.1. Database (sql) - ------------------- - - You can specify which database to connect by 'password_db_dsn' option and - what SQL query to execute by 'password_query'. See main.inc.php file for - more info. - - Example implementations of an update_passwd function: - - - This is for use with LMS (http://lms.org.pl) database and postgres: - - CREATE OR REPLACE FUNCTION update_passwd(hash text, account text) RETURNS integer AS $$ - DECLARE - res integer; - BEGIN - UPDATE passwd SET password = hash - WHERE login = split_part(account, '@', 1) - AND domainid = (SELECT id FROM domains WHERE name = split_part(account, '@', 2)) - RETURNING id INTO res; - RETURN res; - END; - $$ LANGUAGE plpgsql SECURITY DEFINER; - - - This is for use with a SELECT update_passwd(%o,%c,%u) query - Updates the password only when the old password matches the MD5 password - in the database - - CREATE FUNCTION update_password (oldpass text, cryptpass text, user text) RETURNS text - MODIFIES SQL DATA - BEGIN - DECLARE currentsalt varchar(20); - DECLARE error text; - SET error = 'incorrect current password'; - SELECT substring_index(substr(user.password,4),_latin1'$',1) INTO currentsalt FROM users WHERE username=user; - SELECT '' INTO error FROM users WHERE username=user AND password=ENCRYPT(oldpass,currentsalt); - UPDATE users SET password=cryptpass WHERE username=user AND password=ENCRYPT(oldpass,currentsalt); - RETURN error; - END - - Example SQL UPDATEs: - - - Plain text passwords: - UPDATE users SET password=%p WHERE username=%u AND password=%o AND domain=%h LIMIT 1 - - - Crypt text passwords: - UPDATE users SET password=%c WHERE username=%u LIMIT 1 - - - Use a MYSQL crypt function (*nix only) with random 8 character salt - UPDATE users SET password=ENCRYPT(%p,concat(_utf8'$1$',right(md5(rand()),8),_utf8'$')) WHERE username=%u LIMIT 1 - - - MD5 stored passwords: - UPDATE users SET password=MD5(%p) WHERE username=%u AND password=MD5(%o) LIMIT 1 - - - 2.2. Cyrus/SASL (sasl) - ---------------------- - - Cyrus SASL database authentication allows your Cyrus+RoundCube - installation to host mail users without requiring a Unix Shell account! - - This driver only covers the "sasldb" case when using Cyrus SASL. Kerberos - and PAM authentication mechanisms will require other techniques to enable - user password manipulations. - - Cyrus SASL includes a shell utility called "saslpasswd" for manipulating - user passwords in the "sasldb" database. This plugin attempts to use - this utility to perform password manipulations required by your webmail - users without any administrative interaction. Unfortunately, this - scheme requires that the "saslpasswd" utility be run as the "cyrus" - user - kind of a security problem since we have chosen to SUID a small - script which will allow this to happen. - - This driver is based on the Squirrelmail Change SASL Password Plugin. - See http://www.squirrelmail.org/plugin_view.php?id=107 for details. - - Installation: - - Change into the drivers directory. Edit the chgsaslpasswd.c file as is - documented within it. - - Compile the wrapper program: - gcc -o chgsaslpasswd chgsaslpasswd.c - - Chown the compiled chgsaslpasswd binary to the cyrus user and group - that your browser runs as, then chmod them to 4550. - - For example, if your cyrus user is 'cyrus' and the apache server group is - 'nobody' (I've been told Redhat runs Apache as user 'apache'): - - chown cyrus:nobody chgsaslpasswd - chmod 4550 chgsaslpasswd - - Stephen Carr has suggested users should try to run the scripts on a test - account as the cyrus user eg; - - su cyrus -c "./chgsaslpasswd -p test_account" - - This will allow you to make sure that the script will work for your setup. - Should the script not work, make sure that: - 1) the user the script runs as has access to the saslpasswd|saslpasswd2 - file and proper permissions - 2) make sure the user in the chgsaslpasswd.c file is set correctly. - This could save you some headaches if you are the paranoid type. - - - 2.3. Poppassd/Courierpassd (poppassd) - ------------------------------------- - - You can specify which host to connect to via 'password_pop_host' and - what port via 'password_pop_port'. See config.inc.php file for more info. - - - 2.4. LDAP (ldap) - ---------------- - - See config.inc.php file. Requires PEAR::Net_LDAP2 package. - - - 2.5. DirectAdmin Control Panel - ------------------------------------- - - You can specify which host to connect to via 'password_directadmin_host' - and what port via 'password_direactadmin_port'. See config.inc.php file - for more info. - - - 2.6. cPanel - ----------- - - You can specify parameters for HTTP connection to cPanel's admin - interface. See config.inc.php file for more info. - - - 2.7. XIMSS (Communigate) - ------------------------------------- - - You can specify which host and port to connect to via 'password_ximss_host' - and 'password_ximss_port'. See config.inc.php file for more info. - - - 3. Driver API - ------------- - - Driver file (.php) must define 'password_save' function with - two arguments. First - current password, second - new password. Function - may return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR, - PASSWORD_CRYPT_ERROR, PASSWORD_ERROR when driver was unable to change password. - See existing drivers in drivers/ directory for examples. diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist deleted file mode 100644 index b9e3b9102..000000000 --- a/plugins/password/config.inc.php.dist +++ /dev/null @@ -1,191 +0,0 @@ - diff --git a/plugins/password/drivers/chgsaslpasswd.c b/plugins/password/drivers/chgsaslpasswd.c deleted file mode 100644 index bcdcb2e0d..000000000 --- a/plugins/password/drivers/chgsaslpasswd.c +++ /dev/null @@ -1,29 +0,0 @@ -#include -#include - -// set the UID this script will run as (cyrus user) -#define UID 96 -// set the path to saslpasswd or saslpasswd2 -#define CMD "/usr/sbin/saslpasswd2" - -/* INSTALLING: - gcc -o chgsaslpasswd chgsaslpasswd.c - chown cyrus.apache chgsaslpasswd - strip chgsaslpasswd - chmod 4550 chgsaslpasswd -*/ - -main(int argc, char *argv[]) -{ - int rc,cc; - - cc = setuid(UID); - rc = execvp(CMD, argv); - if ((rc != 0) || (cc != 0)) - { - fprintf(stderr, "__ %s: failed %d %d\n", argv[0], rc, cc); - return 1; - } - - return 0; -} diff --git a/plugins/password/drivers/cpanel.php b/plugins/password/drivers/cpanel.php deleted file mode 100644 index 82bfe74d2..000000000 --- a/plugins/password/drivers/cpanel.php +++ /dev/null @@ -1,121 +0,0 @@ - - */ - -class HTTP -{ - function HTTP($host, $username, $password, $port, $ssl, $theme) - { - $this->ssl = $ssl ? 'ssl://' : ''; - $this->username = $username; - $this->password = $password; - $this->theme = $theme; - $this->auth = base64_encode($username . ':' . $password); - $this->port = $port; - $this->host = $host; - $this->path = '/frontend/' . $theme . '/'; - } - - function getData($url, $data = '') - { - $url = $this->path . $url; - if(is_array($data)) - { - $url = $url . '?'; - foreach($data as $key=>$value) - { - $url .= urlencode($key) . '=' . urlencode($value) . '&'; - } - $url = substr($url, 0, -1); - } - $response = ''; - $fp = fsockopen($this->ssl . $this->host, $this->port); - if(!$fp) - { - return false; - } - $out = 'GET ' . $url . ' HTTP/1.0' . "\r\n"; - $out .= 'Authorization: Basic ' . $this->auth . "\r\n"; - $out .= 'Connection: Close' . "\r\n\r\n"; - fwrite($fp, $out); - while (!feof($fp)) - { - $response .= @fgets($fp); - } - fclose($fp); - return $response; - } -} - - -class emailAccount -{ - function emailAccount($host, $username, $password, $port, $ssl, $theme, $address) - { - $this->HTTP = new HTTP($host, $username, $password, $port, $ssl, $theme); - if(strpos($address, '@')) - { - list($this->email, $this->domain) = explode('@', $address); - } - else - { - list($this->email, $this->domain) = array($address, ''); - } - } - - /* - * Change email account password - * - * Returns true on success or false on failure. - * @param string $password email account password - * @return bool - */ - function setPassword($password) - { - $data['email'] = $this->email; - $data['domain'] = $this->domain; - $data['password'] = $password; - $response = $this->HTTP->getData('mail/dopasswdpop.html', $data); - if(strpos($response, 'success') && !strpos($response, 'failure')) - { - return true; - } - return false; - } -} - - -function password_save($curpas, $newpass) -{ - $rcmail = rcmail::get_instance(); - - // Create a cPanel email object - $cPanel = new emailAccount($rcmail->config->get('password_cpanel_host'), - $rcmail->config->get('password_cpanel_username'), - $rcmail->config->get('password_cpanel_password'), - $rcmail->config->get('password_cpanel_port'), - $rcmail->config->get('password_cpanel_ssl'), - $rcmail->config->get('password_cpanel_theme'), - $_SESSION['username'] ); - - if ($cPanel->setPassword($newpass)){ - return PASSWORD_SUCCESS; - } - else - { - return PASSWORD_ERROR; - } -} - -?> diff --git a/plugins/password/drivers/directadmin.php b/plugins/password/drivers/directadmin.php deleted file mode 100644 index d11aae70a..000000000 --- a/plugins/password/drivers/directadmin.php +++ /dev/null @@ -1,483 +0,0 @@ - - * - */ - - -function password_save($curpass, $passwd){ - - $rcmail = rcmail::get_instance(); - $Socket = new HTTPSocket; - - $da_user = $_SESSION['username']; - $da_curpass = $curpass; - $da_newpass = $passwd; - $da_host = $rcmail->config->get('password_directadmin_host'); - $da_port = $rcmail->config->get('password_directadmin_port'); - - $Socket->connect($da_host,$da_port); - $Socket->set_method('POST'); - $Socket->query('/CMD_CHANGE_EMAIL_PASSWORD', - array( - 'email' => $da_user, - 'oldpassword' => $da_curpass, - 'password1' => $da_newpass, - 'password2' => $da_newpass, - 'api' => '1' - )); - $response = $Socket->fetch_parsed_body(); - - //console("DA error response: $response[text] [$da_user]"); - - if($Socket->result_status_code <> 200) - return PASSWORD_CONNECT_ERROR; - elseif($response['error'] == 1){ //Error description: $response[text] - return PASSWORD_ERROR; - }else - return PASSWORD_SUCCESS; - -} - - -/** - * Socket communication class. - * - * Originally designed for use with DirectAdmin's API, this class will fill any HTTP socket need. - * - * Very, very basic usage: - * $Socket = new HTTPSocket; - * echo $Socket->get('http://user:pass@somesite.com/somedir/some.file?query=string&this=that'); - * - * @author Phi1 'l0rdphi1' Stier - * @package HTTPSocket - * @version 2.6 - */ -class HTTPSocket { - - var $version = '2.6'; - - /* all vars are private except $error, $query_cache, and $doFollowLocationHeader */ - - var $method = 'GET'; - - var $remote_host; - var $remote_port; - var $remote_uname; - var $remote_passwd; - - var $result; - var $result_header; - var $result_body; - var $result_status_code; - - var $lastTransferSpeed; - - var $bind_host; - - var $error = array(); - var $warn = array(); - var $query_cache = array(); - - var $doFollowLocationHeader = TRUE; - var $redirectURL; - - var $extra_headers = array(); - - /** - * Create server "connection". - * - */ - function connect($host, $port = '' ) - { - if (!is_numeric($port)) - { - $port = 80; - } - - $this->remote_host = $host; - $this->remote_port = $port; - } - - function bind( $ip = '' ) - { - if ( $ip == '' ) - { - $ip = $_SERVER['SERVER_ADDR']; - } - - $this->bind_host = $ip; - } - - /** - * Change the method being used to communicate. - * - * @param string|null request method. supports GET, POST, and HEAD. default is GET - */ - function set_method( $method = 'GET' ) - { - $this->method = strtoupper($method); - } - - /** - * Specify a username and password. - * - * @param string|null username. defualt is null - * @param string|null password. defualt is null - */ - function set_login( $uname = '', $passwd = '' ) - { - if ( strlen($uname) > 0 ) - { - $this->remote_uname = $uname; - } - - if ( strlen($passwd) > 0 ) - { - $this->remote_passwd = $passwd; - } - - } - - /** - * Query the server - * - * @param string containing properly formatted server API. See DA API docs and examples. Http:// URLs O.K. too. - * @param string|array query to pass to url - * @param int if connection KB/s drops below value here, will drop connection - */ - function query( $request, $content = '', $doSpeedCheck = 0 ) - { - $this->error = $this->warn = array(); - $this->result_status_code = NULL; - - // is our request a http:// ... ? - if (preg_match('!^http://!i',$request)) - { - $location = parse_url($request); - $this->connect($location['host'],$location['port']); - $this->set_login($location['user'],$location['pass']); - - $request = $location['path']; - $content = $location['query']; - - if ( strlen($request) < 1 ) - { - $request = '/'; - } - - } - - $array_headers = array( - 'User-Agent' => "HTTPSocket/$this->version", - 'Host' => ( $this->remote_port == 80 ? $this->remote_host : "$this->remote_host:$this->remote_port" ), - 'Accept' => '*/*', - 'Connection' => 'Close' ); - - foreach ( $this->extra_headers as $key => $value ) - { - $array_headers[$key] = $value; - } - - $this->result = $this->result_header = $this->result_body = ''; - - // was content sent as an array? if so, turn it into a string - if (is_array($content)) - { - $pairs = array(); - - foreach ( $content as $key => $value ) - { - $pairs[] = "$key=".urlencode($value); - } - - $content = join('&',$pairs); - unset($pairs); - } - - $OK = TRUE; - - // instance connection - if ($this->bind_host) - { - $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); - socket_bind($socket,$this->bind_host); - - if (!@socket_connect($socket,$this->remote_host,$this->remote_port)) - { - $OK = FALSE; - } - - } - else - { - $socket = @fsockopen( $this->remote_host, $this->remote_port, $sock_errno, $sock_errstr, 10 ); - } - - if ( !$socket || !$OK ) - { - $this->error[] = "Can't create socket connection to $this->remote_host:$this->remote_port."; - return 0; - } - - // if we have a username and password, add the header - if ( isset($this->remote_uname) && isset($this->remote_passwd) ) - { - $array_headers['Authorization'] = 'Basic '.base64_encode("$this->remote_uname:$this->remote_passwd"); - } - - // for DA skins: if $this->remote_passwd is NULL, try to use the login key system - if ( isset($this->remote_uname) && $this->remote_passwd == NULL ) - { - $array_headers['Cookie'] = "session={$_SERVER['SESSION_ID']}; key={$_SERVER['SESSION_KEY']}"; - } - - // if method is POST, add content length & type headers - if ( $this->method == 'POST' ) - { - $array_headers['Content-type'] = 'application/x-www-form-urlencoded'; - $array_headers['Content-length'] = strlen($content); - } - // else method is GET or HEAD. we don't support anything else right now. - else - { - if ($content) - { - $request .= "?$content"; - } - } - - // prepare query - $query = "$this->method $request HTTP/1.0\r\n"; - foreach ( $array_headers as $key => $value ) - { - $query .= "$key: $value\r\n"; - } - $query .= "\r\n"; - - // if POST we need to append our content - if ( $this->method == 'POST' && $content ) - { - $query .= "$content\r\n\r\n"; - } - - // query connection - if ($this->bind_host) - { - socket_write($socket,$query); - - // now load results - while ( $out = socket_read($socket,2048) ) - { - $this->result .= $out; - } - } - else - { - fwrite( $socket, $query, strlen($query) ); - - // now load results - $this->lastTransferSpeed = 0; - $status = socket_get_status($socket); - $startTime = time(); - $length = 0; - $prevSecond = 0; - while ( !feof($socket) && !$status['timed_out'] ) - { - $chunk = fgets($socket,1024); - $length += strlen($chunk); - $this->result .= $chunk; - - $elapsedTime = time() - $startTime; - - if ( $elapsedTime > 0 ) - { - $this->lastTransferSpeed = ($length/1024)/$elapsedTime; - } - - if ( $doSpeedCheck > 0 && $elapsedTime > 5 && $this->lastTransferSpeed < $doSpeedCheck ) - { - $this->warn[] = "kB/s for last 5 seconds is below 50 kB/s (~".( ($length/1024)/$elapsedTime )."), dropping connection..."; - $this->result_status_code = 503; - break; - } - - } - - if ( $this->lastTransferSpeed == 0 ) - { - $this->lastTransferSpeed = $length/1024; - } - - } - - list($this->result_header,$this->result_body) = split("\r\n\r\n",$this->result,2); - - if ($this->bind_host) - { - socket_close($socket); - } - else - { - fclose($socket); - } - - $this->query_cache[] = $query; - - - $headers = $this->fetch_header(); - - // what return status did we get? - if (!$this->result_status_code) - { - preg_match("#HTTP/1\.. (\d+)#",$headers[0],$matches); - $this->result_status_code = $matches[1]; - } - - // did we get the full file? - if ( !empty($headers['content-length']) && $headers['content-length'] != strlen($this->result_body) ) - { - $this->result_status_code = 206; - } - - // now, if we're being passed a location header, should we follow it? - if ($this->doFollowLocationHeader) - { - if ($headers['location']) - { - $this->redirectURL = $headers['location']; - $this->query($headers['location']); - } - } - - } - - function getTransferSpeed() - { - return $this->lastTransferSpeed; - } - - /** - * The quick way to get a URL's content :) - * - * @param string URL - * @param boolean return as array? (like PHP's file() command) - * @return string result body - */ - function get($location, $asArray = FALSE ) - { - $this->query($location); - - if ( $this->get_status_code() == 200 ) - { - if ($asArray) - { - return split("\n",$this->fetch_body()); - } - - return $this->fetch_body(); - } - - return FALSE; - } - - /** - * Returns the last status code. - * 200 = OK; - * 403 = FORBIDDEN; - * etc. - * - * @return int status code - */ - function get_status_code() - { - return $this->result_status_code; - } - - /** - * Adds a header, sent with the next query. - * - * @param string header name - * @param string header value - */ - function add_header($key,$value) - { - $this->extra_headers[$key] = $value; - } - - /** - * Clears any extra headers. - * - */ - function clear_headers() - { - $this->extra_headers = array(); - } - - /** - * Return the result of a query. - * - * @return string result - */ - function fetch_result() - { - return $this->result; - } - - /** - * Return the header of result (stuff before body). - * - * @param string (optional) header to return - * @return array result header - */ - function fetch_header( $header = '' ) - { - $array_headers = split("\r\n",$this->result_header); - - $array_return = array( 0 => $array_headers[0] ); - unset($array_headers[0]); - - foreach ( $array_headers as $pair ) - { - list($key,$value) = split(": ",$pair,2); - $array_return[strtolower($key)] = $value; - } - - if ( $header != '' ) - { - return $array_return[strtolower($header)]; - } - - return $array_return; - } - - /** - * Return the body of result (stuff after header). - * - * @return string result body - */ - function fetch_body() - { - return $this->result_body; - } - - /** - * Return parsed body in array format. - * - * @return array result parsed - */ - function fetch_parsed_body() - { - parse_str($this->result_body,$x); - return $x; - } - -} - -?> diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php deleted file mode 100644 index e38f13f8c..000000000 --- a/plugins/password/drivers/ldap.php +++ /dev/null @@ -1,186 +0,0 @@ - - * - * function hashPassword based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/). - * function randomSalt based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/). - * - */ - -function password_save($curpass, $passwd) -{ - $rcmail = rcmail::get_instance(); - require_once ('Net/LDAP2.php'); - - // Building user DN - $userDN = str_replace('%login', $_SESSION['username'], $rcmail->config->get('password_ldap_userDN_mask')); - - $parts = explode('@', $_SESSION['username']); - if (count($parts) == 2) - { - $userDN = str_replace('%name', $parts[0], $userDN); - $userDN = str_replace('%domain', $parts[1], $userDN); - } - - if (empty($userDN)) {return PASSWORD_CONNECT_ERROR;} - - // Connection Method - switch($rcmail->config->get('password_ldap_method')) { - case 'user': $binddn = $userDN; $bindpw = $curpass; break; - case 'admin': $binddn = $rcmail->config->get('password_ldap_adminDN'); $bindpw = $rcmail->config->get('password_ldap_adminPW'); break; - default: $binddn = $userDN; $bindpw = $curpass; break; // default is user mode - } - - // Configuration array - $ldapConfig = array ( - 'binddn' => $binddn, - 'bindpw' => $bindpw, - 'basedn' => $rcmail->config->get('password_ldap_basedn'), - 'host' => $rcmail->config->get('password_ldap_host'), - 'port' => $rcmail->config->get('password_ldap_port'), - 'starttls' => $rcmail->config->get('password_ldap_starttls'), - 'version' => $rcmail->config->get('password_ldap_version'), - ); - - // Connecting using the configuration array - $ldap = Net_LDAP2::connect($ldapConfig); - - // Checking for connection error - if (PEAR::isError($ldap)) {return PASSWORD_CONNECT_ERROR;} - - // Crypting new password - $newCryptedPassword = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage')); - if (!$newCryptedPassword) {return PASSWORD_CRYPT_ERROR;} - - // Writing new crypted password to LDAP - $userEntry = $ldap->getEntry($userDN); - if (Net_LDAP2::isError($userEntry)) {return PASSWORD_CONNECT_ERROR;} - if (!$userEntry->replace(array($rcmail->config->get('password_ldap_pwattr') => $newCryptedPassword),$rcmail->config->get('password_ldap_force_replace'))) {return PASSWORD_CONNECT_ERROR;} - if (Net_LDAP2::isError($userEntry->update())) {return PASSWORD_CONNECT_ERROR;} - - // All done, no error - return PASSWORD_SUCCESS; -} - - -/** - * Code originaly from the phpLDAPadmin development team - * http://phpldapadmin.sourceforge.net/ - * - * Hashes a password and returns the hash based on the specified enc_type. - * - * @param string $passwordClear The password to hash in clear text. - * @param string $encodageType Standard LDAP encryption type which must be one of - * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear. - * @return string The hashed password. - * - */ - -function hashPassword( $passwordClear, $encodageType ) -{ - $encodageType = strtolower( $encodageType ); - switch( $encodageType ) { - case 'crypt': - $cryptedPassword = '{CRYPT}' . crypt($passwordClear,randomSalt(2)); - break; - - case 'ext_des': - // extended des crypt. see OpenBSD crypt man page. - if ( ! defined( 'CRYPT_EXT_DES' ) || CRYPT_EXT_DES == 0 ) {return FALSE;} //Your system crypt library does not support extended DES encryption. - $cryptedPassword = '{CRYPT}' . crypt( $passwordClear, '_' . randomSalt(8) ); - break; - - case 'md5crypt': - if( ! defined( 'CRYPT_MD5' ) || CRYPT_MD5 == 0 ) {return FALSE;} //Your system crypt library does not support md5crypt encryption. - $cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$1$' . randomSalt(9) ); - break; - - case 'blowfish': - if( ! defined( 'CRYPT_BLOWFISH' ) || CRYPT_BLOWFISH == 0 ) {return FALSE;} //Your system crypt library does not support blowfish encryption. - $cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$2a$12$' . randomSalt(13) ); // hardcoded to second blowfish version and set number of rounds - break; - - case 'md5': - $cryptedPassword = '{MD5}' . base64_encode( pack( 'H*' , md5( $passwordClear) ) ); - break; - - case 'sha': - if( function_exists('sha1') ) { - // use php 4.3.0+ sha1 function, if it is available. - $cryptedPassword = '{SHA}' . base64_encode( pack( 'H*' , sha1( $passwordClear) ) ); - } elseif( function_exists( 'mhash' ) ) { - $cryptedPassword = '{SHA}' . base64_encode( mhash( MHASH_SHA1, $passwordClear) ); - } else { - return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. - } - break; - - case 'ssha': - if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) { - mt_srand( (double) microtime() * 1000000 ); - $salt = mhash_keygen_s2k( MHASH_SHA1, $passwordClear, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 ); - $cryptedPassword = "{SSHA}".base64_encode( mhash( MHASH_SHA1, $passwordClear.$salt ).$salt ); - } else { - return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. - } - break; - - case 'smd5': - if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) { - mt_srand( (double) microtime() * 1000000 ); - $salt = mhash_keygen_s2k( MHASH_MD5, $passwordClear, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 ); - $cryptedPassword = "{SMD5}".base64_encode( mhash( MHASH_MD5, $passwordClear.$salt ).$salt ); - } else { - return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. - } - break; - - case 'clear': - default: - $cryptedPassword = $passwordClear; - } - - return $cryptedPassword; -} - - - -/** - * Code originaly from the phpLDAPadmin development team - * http://phpldapadmin.sourceforge.net/ - * - * Used to generate a random salt for crypt-style passwords. Salt strings are used - * to make pre-built hash cracking dictionaries difficult to use as the hash algorithm uses - * not only the user's password but also a randomly generated string. The string is - * stored as the first N characters of the hash for reference of hashing algorithms later. - * - * --- added 20021125 by bayu irawan --- - * --- ammended 20030625 by S C Rigler --- - * - * @param int $length The length of the salt string to generate. - * @return string The generated salt string. - */ - -function randomSalt( $length ) -{ - $possible = '0123456789'. - 'abcdefghijklmnopqrstuvwxyz'. - 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'. - './'; - $str = ""; - mt_srand((double)microtime() * 1000000); - - while( strlen( $str ) < $length ) - $str .= substr( $possible, ( rand() % strlen( $possible ) ), 1 ); - - return $str; -} - -?> diff --git a/plugins/password/drivers/poppassd.php b/plugins/password/drivers/poppassd.php deleted file mode 100644 index 8a54fb7d9..000000000 --- a/plugins/password/drivers/poppassd.php +++ /dev/null @@ -1,56 +0,0 @@ -connect($rcmail->config->get('password_pop_host'), $rcmail->config->get('password_pop_port'), null))) { - return PASSWORD_CONNECT_ERROR; - } - else { - $result = $poppassd->readLine(); - if(!preg_match('/^2\d\d/', $result)) { - $poppassd->disconnect(); - return PASSWORD_ERROR; - } - else { - $poppassd->writeLine("user ". $_SESSION['username']); - $result = $poppassd->readLine(); - if(!preg_match('/^[23]\d\d/', $result) ) { - $poppassd->disconnect(); - return PASSWORD_CONNECT_ERROR; - } - else { - $poppassd->writeLine("pass ". $curpass); - $result = $poppassd->readLine(); - if(!preg_match('/^[23]\d\d/', $result) ) { - $poppassd->disconnect(); - return PASSWORD_ERROR; - } - else { - $poppassd->writeLine("newpass ". $passwd); - $result = $poppassd->readLine(); - $poppassd->disconnect(); - if (!preg_match('/^2\d\d/', $result)) - return PASSWORD_ERROR; - else - return PASSWORD_SUCCESS; - } - } - } - } -} - -?> diff --git a/plugins/password/drivers/sasl.php b/plugins/password/drivers/sasl.php deleted file mode 100644 index b1e9ba487..000000000 --- a/plugins/password/drivers/sasl.php +++ /dev/null @@ -1,44 +0,0 @@ -config->get('password_saslpasswd_args', ''); - - if ($fh = popen("$curdir/chgsaslpasswd -p $args $username", 'w')) { - fwrite($fh, $newpass."\n"); - $code = pclose($fh); - - if ($code == 0) - return PASSWORD_SUCCESS; - } - else { - raise_error(array( - 'code' => 600, - 'type' => 'php', - 'file' => __FILE__, - 'message' => "Password plugin: Unable to execute $curdir/chgsaslpasswd" - ), true, false); - } - - return PASSWORD_ERROR; -} - -?> diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php deleted file mode 100644 index 1e737f233..000000000 --- a/plugins/password/drivers/sql.php +++ /dev/null @@ -1,107 +0,0 @@ - - * - */ - -function password_save($curpass, $passwd) -{ - $rcmail = rcmail::get_instance(); - - if (!($sql = $rcmail->config->get('password_query'))) - $sql = 'SELECT update_passwd(%c, %u)'; - - if ($dsn = $rcmail->config->get('password_db_dsn')) { - // #1486067: enable new_link option - if (is_array($dsn) && empty($dsn['new_link'])) - $dsn['new_link'] = true; - else if (!is_array($dsn) && !preg_match('/\?new_link=true/', $dsn)) - $dsn .= '?new_link=true'; - - $db = new rcube_mdb2($dsn, '', FALSE); - $db->set_debug((bool)$rcmail->config->get('sql_debug')); - $db->db_connect('w'); - } else { - $db = $rcmail->get_dbh(); - } - - if ($err = $db->is_error()) - return PASSWORD_ERROR; - - // crypted password - if (strpos($sql, '%c') !== FALSE) { - $salt = ''; - if (CRYPT_MD5) { - $len = rand(3, CRYPT_SALT_LENGTH); - } else if (CRYPT_STD_DES) { - $len = 2; - } else { - return PASSWORD_CRYPT_ERROR; - } - for ($i = 0; $i < $len ; $i++) { - $salt .= chr(rand(ord('.'), ord('z'))); - } - $sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql); - } - - // hashed passwords - if (preg_match('/%[n|q]/', $sql)) { - - if (!extension_loaded('hash')) { - raise_error(array( - 'code' => 600, - 'type' => 'php', - 'file' => __FILE__, - 'message' => "Password plugin: 'hash' extension not loaded!" - ), true, false); - return PASSWORD_ERROR; - } - - if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) - $hash_algo = 'sha1'; - - $hash_passwd = hash($hash_algo, $passwd); - $hash_curpass = hash($hash_algo, $curpass); - - if ($rcmail->config->get('password_hash_base64')) { - $hash_passwd = base64_encode(pack('H*', $hash_passwd)); - $hash_curpass = base64_encode(pack('H*', $hash_curpass)); - } - - $sql = str_replace('%n', $db->quote($hash_passwd, 'text'), $sql); - $sql = str_replace('%q', $db->quote($hash_curpass, 'text'), $sql); - } - - $user_info = explode('@', $_SESSION['username']); - if (count($user_info) >= 2) { - $sql = str_replace('%l', $db->quote($user_info[0], 'text'), $sql); - $sql = str_replace('%d', $db->quote($user_info[1], 'text'), $sql); - } - - $sql = str_replace('%u', $db->quote($_SESSION['username'],'text'), $sql); - $sql = str_replace('%h', $db->quote($_SESSION['imap_host'],'text'), $sql); - $sql = str_replace('%p', $db->quote($passwd,'text'), $sql); - $sql = str_replace('%o', $db->quote($curpass,'text'), $sql); - - $res = $db->query($sql); - - if (!$db->is_error()) { - if (strtolower(substr(trim($query),0,6))=='select') { - if ($result = $db->fetch_array($res)) - return PASSWORD_SUCCESS; - } else { - if ($db->affected_rows($res) == 1) - return PASSWORD_SUCCESS; // This is the good case: 1 row updated - } - } - - return PASSWORD_ERROR; -} - -?> diff --git a/plugins/password/drivers/vpopmaild.php b/plugins/password/drivers/vpopmaild.php deleted file mode 100644 index b6fb39343..000000000 --- a/plugins/password/drivers/vpopmaild.php +++ /dev/null @@ -1,51 +0,0 @@ -connect($rcmail->config->get('password_vpopmaild_host'), - $rcmail->config->get('password_vpopmaild_port'), null))) { - return PASSWORD_CONNECT_ERROR; - } - - $result = $vpopmaild->readLine(); - if(!preg_match('/^\+OK/', $result)) { - $vpopmaild->disconnect(); - return PASSWORD_CONNECT_ERROR; - } - - $vpopmaild->writeLine("slogin ". $_SESSION['username'] . " " . $curpass); - $result = $vpopmaild->readLine(); - if(!preg_match('/^\+OK/', $result) ) { - $vpopmaild->writeLine("quit"); - $vpopmaild->disconnect(); - return PASSWORD_ERROR; - } - - $vpopmaild->writeLine("mod_user ". $_SESSION['username']); - $vpopmaild->writeLine("clear_text_password ". $passwd); - $vpopmaild->writeLine("."); - $result = $vpopmaild->readLine(); - $vpopmaild->writeLine("quit"); - $vpopmaild->disconnect(); - - if (!preg_match('/^\+OK/', $result)) - return PASSWORD_ERROR; - - return PASSWORD_SUCCESS; -} - -?> diff --git a/plugins/password/drivers/ximss.php b/plugins/password/drivers/ximss.php deleted file mode 100644 index 94aba1874..000000000 --- a/plugins/password/drivers/ximss.php +++ /dev/null @@ -1,81 +0,0 @@ - - */ - -function password_save($pass, $newpass) -{ - - $rcmail = rcmail::get_instance(); - - $sock = stream_socket_client("tcp://".$rcmail->config->get('password_ximss_host').":".$rcmail->config->get('password_ximss_port'), $errno, $errstr, 30) ; - if( $sock === FALSE ) - { - return PASSWORD_CONNECT_ERROR; - } - - // send all requests at once(pipelined) - fwrite( $sock, ''."\0"); - fwrite( $sock, ''."\0"); - fwrite( $sock, ''."\0"); - - //example responses - // \0 - // \0 - // \0 - // \0 - // or an error: - // \0 - - $responseblob = ''; - while (!feof($sock)) { - $responseblob .= fgets($sock, 1024); - } - - fclose($sock); - - foreach( explode( "\0",$responseblob) as $response ) - { - $resp = simplexml_load_string("".$response.""); - - if( $resp->response[0]['id'] == 'A001' ) - { - if( isset( $resp->response[0]['errorNum'] ) ) - { - return PASSWORD_CONNECT_ERROR; - } - } - else if( $resp->response[0]['id'] == 'A002' ) - { - if( isset( $resp->response[0]['errorNum'] )) - { - return PASSWORD_ERROR; - } - } - else if( $resp->response[0]['id'] == 'A003' ) - { - if( isset($resp->response[0]['errorNum'] )) - { - //There was a problem during logout(This is probably harmless) - } - } - } //foreach - - return PASSWORD_SUCCESS; - -} - -?> \ No newline at end of file diff --git a/plugins/password/localization/bg_BG.inc b/plugins/password/localization/bg_BG.inc deleted file mode 100644 index b4576a0dc..000000000 --- a/plugins/password/localization/bg_BG.inc +++ /dev/null @@ -1,18 +0,0 @@ - diff --git a/plugins/password/localization/ca_ES.inc b/plugins/password/localization/ca_ES.inc deleted file mode 100644 index 18c10c80e..000000000 --- a/plugins/password/localization/ca_ES.inc +++ /dev/null @@ -1,20 +0,0 @@ - diff --git a/plugins/password/localization/cs_CZ.inc b/plugins/password/localization/cs_CZ.inc deleted file mode 100644 index 18270db96..000000000 --- a/plugins/password/localization/cs_CZ.inc +++ /dev/null @@ -1,26 +0,0 @@ - - * - */ - -$labels = array(); -$labels['changepasswd'] = 'Změna hesla'; -$labels['curpasswd'] = 'Aktuální heslo:'; -$labels['newpasswd'] = 'Nové heslo:'; -$labels['confpasswd'] = 'Nové heslo (pro kontrolu):'; - -$messages = array(); -$messages['nopassword'] = 'Prosím zadejte nové heslo.'; -$messages['nocurpassword'] = 'Prosím zadejte aktuální heslo.'; -$messages['passwordincorrect'] = 'Zadané aktuální heslo není správné.'; -$messages['passwordinconsistency'] = 'Zadaná hesla se neshodují. Prosím zkuste to znovu.'; -$messages['crypterror'] = 'Heslo se nepodařilo uložit. Chybí šifrovací funkce.'; -$messages['connecterror'] = 'Heslo se nepodařilo uložit. Problém s připojením.'; -$messages['internalerror'] = 'Heslo se nepodařilo uložit.'; - -?> diff --git a/plugins/password/localization/da_DK.inc b/plugins/password/localization/da_DK.inc deleted file mode 100644 index 5d1d0c9cc..000000000 --- a/plugins/password/localization/da_DK.inc +++ /dev/null @@ -1,18 +0,0 @@ - diff --git a/plugins/password/localization/de_CH.inc b/plugins/password/localization/de_CH.inc deleted file mode 100644 index a28990d67..000000000 --- a/plugins/password/localization/de_CH.inc +++ /dev/null @@ -1,19 +0,0 @@ - \ No newline at end of file diff --git a/plugins/password/localization/de_DE.inc b/plugins/password/localization/de_DE.inc deleted file mode 100644 index a28990d67..000000000 --- a/plugins/password/localization/de_DE.inc +++ /dev/null @@ -1,19 +0,0 @@ - \ No newline at end of file diff --git a/plugins/password/localization/en_US.inc b/plugins/password/localization/en_US.inc deleted file mode 100644 index 1ae2158b0..000000000 --- a/plugins/password/localization/en_US.inc +++ /dev/null @@ -1,21 +0,0 @@ - diff --git a/plugins/password/localization/es_ES.inc b/plugins/password/localization/es_ES.inc deleted file mode 100644 index b7e293efb..000000000 --- a/plugins/password/localization/es_ES.inc +++ /dev/null @@ -1,20 +0,0 @@ - diff --git a/plugins/password/localization/et_EE.inc b/plugins/password/localization/et_EE.inc deleted file mode 100644 index 0f351d77b..000000000 --- a/plugins/password/localization/et_EE.inc +++ /dev/null @@ -1,17 +0,0 @@ - diff --git a/plugins/password/localization/fr_FR.inc b/plugins/password/localization/fr_FR.inc deleted file mode 100644 index 8ba37b148..000000000 --- a/plugins/password/localization/fr_FR.inc +++ /dev/null @@ -1,18 +0,0 @@ - diff --git a/plugins/password/localization/hu_HU.inc b/plugins/password/localization/hu_HU.inc deleted file mode 100644 index c8c3015a1..000000000 --- a/plugins/password/localization/hu_HU.inc +++ /dev/null @@ -1,17 +0,0 @@ - diff --git a/plugins/password/localization/it_IT.inc b/plugins/password/localization/it_IT.inc deleted file mode 100644 index b33d8d54f..000000000 --- a/plugins/password/localization/it_IT.inc +++ /dev/null @@ -1,18 +0,0 @@ - diff --git a/plugins/password/localization/lv_LV.inc b/plugins/password/localization/lv_LV.inc deleted file mode 100644 index 8f5f4c2c2..000000000 --- a/plugins/password/localization/lv_LV.inc +++ /dev/null @@ -1,20 +0,0 @@ - diff --git a/plugins/password/localization/nl_NL.inc b/plugins/password/localization/nl_NL.inc deleted file mode 100644 index 6d7c401ac..000000000 --- a/plugins/password/localization/nl_NL.inc +++ /dev/null @@ -1,17 +0,0 @@ - diff --git a/plugins/password/localization/pl_PL.inc b/plugins/password/localization/pl_PL.inc deleted file mode 100644 index 687ca9383..000000000 --- a/plugins/password/localization/pl_PL.inc +++ /dev/null @@ -1,21 +0,0 @@ - diff --git a/plugins/password/localization/pt_BR.inc b/plugins/password/localization/pt_BR.inc deleted file mode 100644 index c196d7541..000000000 --- a/plugins/password/localization/pt_BR.inc +++ /dev/null @@ -1,18 +0,0 @@ - diff --git a/plugins/password/localization/pt_PT.inc b/plugins/password/localization/pt_PT.inc deleted file mode 100644 index 5307ad69f..000000000 --- a/plugins/password/localization/pt_PT.inc +++ /dev/null @@ -1,18 +0,0 @@ - diff --git a/plugins/password/localization/sl_SI.inc b/plugins/password/localization/sl_SI.inc deleted file mode 100644 index df17583be..000000000 --- a/plugins/password/localization/sl_SI.inc +++ /dev/null @@ -1,18 +0,0 @@ - diff --git a/plugins/password/localization/sv_SE.inc b/plugins/password/localization/sv_SE.inc deleted file mode 100644 index 5d9398e5c..000000000 --- a/plugins/password/localization/sv_SE.inc +++ /dev/null @@ -1,18 +0,0 @@ - \ No newline at end of file diff --git a/plugins/password/localization/zh_TW.inc b/plugins/password/localization/zh_TW.inc deleted file mode 100644 index 1198f29fc..000000000 --- a/plugins/password/localization/zh_TW.inc +++ /dev/null @@ -1,20 +0,0 @@ - diff --git a/plugins/password/password.js b/plugins/password/password.js deleted file mode 100644 index 8a079de2d..000000000 --- a/plugins/password/password.js +++ /dev/null @@ -1,36 +0,0 @@ -/* Password change interface (tab) */ - -if (window.rcmail) { - rcmail.addEventListener('init', function(evt) { - // - var tab = $('').attr('id', 'settingstabpluginpassword').addClass('tablink'); - - var button = $('').attr('href', rcmail.env.comm_path+'&_action=plugin.password').html(rcmail.gettext('password')).appendTo(tab); - button.bind('click', function(e){ return rcmail.command('plugin.password', this) }); - - // add button and register commands - rcmail.add_element(tab, 'tabs'); - rcmail.register_command('plugin.password', function() { rcmail.goto_url('plugin.password') }, true); - rcmail.register_command('plugin.password-save', function() { - var input_curpasswd = rcube_find_object('_curpasswd'); - var input_newpasswd = rcube_find_object('_newpasswd'); - var input_confpasswd = rcube_find_object('_confpasswd'); - - if (input_curpasswd && input_curpasswd.value=='') { - alert(rcmail.gettext('nocurpassword', 'password')); - input_curpasswd.focus(); - } else if (input_newpasswd && input_newpasswd.value=='') { - alert(rcmail.gettext('nopassword', 'password')); - input_newpasswd.focus(); - } else if (input_confpasswd && input_confpasswd.value=='') { - alert(rcmail.gettext('nopassword', 'password')); - input_confpasswd.focus(); - } else if (input_newpasswd && input_confpasswd && input_newpasswd.value != input_confpasswd.value) { - alert(rcmail.gettext('passwordinconsistency', 'password')); - input_newpasswd.focus(); - } else { - rcmail.gui_objects.passform.submit(); - } - }, true); - }) -} diff --git a/plugins/password/password.php b/plugins/password/password.php deleted file mode 100644 index 3121eb6fe..000000000 --- a/plugins/password/password.php +++ /dev/null @@ -1,248 +0,0 @@ - | - +-------------------------------------------------------------------------+ - - $Id: index.php 2645 2009-06-15 07:01:36Z alec $ - -*/ - -define('PASSWORD_CRYPT_ERROR', 1); -define('PASSWORD_ERROR', 2); -define('PASSWORD_CONNECT_ERROR', 3); -define('PASSWORD_SUCCESS', 0); - -/** - * Change password plugin - * - * Plugin that adds functionality to change a users password. - * It provides common functionality and user interface and supports - * several backends to finally update the password. - * - * For installation and configuration instructions please read the README file. - * - * @author Aleksander Machniak - */ -class password extends rcube_plugin -{ - public $task = 'settings'; - - function init() - { - $rcmail = rcmail::get_instance(); - // add Tab label - $rcmail->output->add_label('password'); - $this->register_action('plugin.password', array($this, 'password_init')); - $this->register_action('plugin.password-save', array($this, 'password_save')); - $this->include_script('password.js'); - } - - function password_init() - { - $this->add_texts('localization/'); - $this->register_handler('plugin.body', array($this, 'password_form')); - - $rcmail = rcmail::get_instance(); - $rcmail->output->set_pagetitle($this->gettext('changepasswd')); - $rcmail->output->send('plugin'); - } - - function password_save() - { - $rcmail = rcmail::get_instance(); - $this->load_config(); - - $this->add_texts('localization/'); - $this->register_handler('plugin.body', array($this, 'password_form')); - $rcmail->output->set_pagetitle($this->gettext('changepasswd')); - - $confirm = $rcmail->config->get('password_confirm_current'); - $required_length = intval($rcmail->config->get('password_minimum_length')); - $check_strength = $rcmail->config->get('password_require_nonalpha'); - - if (($confirm && !isset($_POST['_curpasswd'])) || !isset($_POST['_newpasswd'])) { - $rcmail->output->command('display_message', $this->gettext('nopassword'), 'error'); - } - else { - - $charset = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1')); - $rc_charset = strtoupper($rcmail->output->get_charset()); - - $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset); - $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST, true); - $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST, true); - - // check allowed characters according to the configured 'password_charset' option - // by converting the password entered by the user to this charset and back to UTF-8 - $orig_pwd = $newpwd; - $chk_pwd = rcube_charset_convert($orig_pwd, $rc_charset, $charset); - $chk_pwd = rcube_charset_convert($chk_pwd, $charset, $rc_charset); - - // WARNING: Default password_charset is ISO-8859-1, so conversion will - // change national characters. This may disable possibility of using - // the same password in other MUA's. - // We're doing this for consistence with Roundcube core - $newpwd = rcube_charset_convert($newpwd, $rc_charset, $charset); - $conpwd = rcube_charset_convert($conpwd, $rc_charset, $charset); - - if ($chk_pwd != $orig_pwd) { - $rcmail->output->command('display_message', $this->gettext('passwordforbidden'), 'error'); - } - // other passwords validity checks - else if ($conpwd != $newpwd) { - $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error'); - } - else if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) { - $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error'); - } - else if ($required_length && strlen($newpwd) < $required_length) { - $rcmail->output->command('display_message', $this->gettext( - array('name' => 'passwordshort', 'vars' => array('length' => $required_length))), 'error'); - } - else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) { - $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error'); - } - // try to save the password - else if (!($res = $this->_save($curpwd,$newpwd))) { - $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); - $_SESSION['password'] = $rcmail->encrypt($newpwd); - } - else - $rcmail->output->command('display_message', $res, 'error'); - } - - rcmail_overwrite_action('plugin.password'); - $rcmail->output->send('plugin'); - } - - function password_form() - { - $rcmail = rcmail::get_instance(); - $this->load_config(); - - // add some labels to client - $rcmail->output->add_label( - 'password.nopassword', - 'password.nocurpassword', - 'password.passwordinconsistency' - ); - - $rcmail->output->set_env('product_name', $rcmail->config->get('product_name')); - - $table = new html_table(array('cols' => 2)); - - if ($rcmail->config->get('password_confirm_current')) { - // show current password selection - $field_id = 'curpasswd'; - $input_curpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => $field_id, - 'size' => 20, 'autocomplete' => 'off')); - - $table->add('title', html::label($field_id, Q($this->gettext('curpasswd')))); - $table->add(null, $input_curpasswd->show()); - } - - // show new password selection - $field_id = 'newpasswd'; - $input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => $field_id, - 'size' => 20, 'autocomplete' => 'off')); - - $table->add('title', html::label($field_id, Q($this->gettext('newpasswd')))); - $table->add(null, $input_newpasswd->show()); - - // show confirm password selection - $field_id = 'confpasswd'; - $input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => $field_id, - 'size' => 20, 'autocomplete' => 'off')); - - $table->add('title', html::label($field_id, Q($this->gettext('confpasswd')))); - $table->add(null, $input_confpasswd->show()); - - $out = html::div(array('class' => 'settingsbox', 'style' => 'margin:0'), - html::div(array('id' => 'prefs-title', 'class' => 'boxtitle'), $this->gettext('changepasswd')) . - html::div(array('class' => 'boxcontent'), $table->show() . - html::p(null, - $rcmail->output->button(array( - 'command' => 'plugin.password-save', - 'type' => 'input', - 'class' => 'button mainaction', - 'label' => 'save' - ))) - ) - ); - - $rcmail->output->add_gui_object('passform', 'password-form'); - - return $rcmail->output->form_tag(array( - 'id' => 'password-form', - 'name' => 'password-form', - 'method' => 'post', - 'action' => './?_task=settings&_action=plugin.password-save', - ), $out); - } - - private function _save($curpass, $passwd) - { - $config = rcmail::get_instance()->config; - $driver = $this->home.'/drivers/'.$config->get('password_driver', 'sql').'.php'; - - if (!is_readable($driver)) { - raise_error(array( - 'code' => 600, - 'type' => 'php', - 'file' => __FILE__, - 'message' => "Password plugin: Unable to open driver file $driver" - ), true, false); - return $this->gettext('internalerror'); - } - - include($driver); - - if (!function_exists('password_save')) { - raise_error(array( - 'code' => 600, - 'type' => 'php', - 'file' => __FILE__, - 'message' => "Password plugin: Broken driver: $driver" - ), true, false); - return $this->gettext('internalerror'); - } - - $result = password_save($curpass, $passwd); - - switch ($result) { - case PASSWORD_SUCCESS: - return; - case PASSWORD_CRYPT_ERROR; - return $this->gettext('crypterror'); - case PASSWORD_CONNECT_ERROR; - return $this->gettext('connecterror'); - case PASSWORD_ERROR: - default: - return $this->gettext('internalerror'); - } - } - -} - -?> -- cgit v1.2.3