2012-08-30 12:51:17 +00:00
< ? php
2012-08-30 15:56:35 +00:00
@ include_once ( " /etc/squirrelmail/alternc-changepass.conf " );
2012-10-16 14:29:36 +00:00
if ( ! defined ( " ALTERNC_CHANGEPASS_LOC " )) {
error_log ( " No configuration for squirrelmail plugin at /etc/squirrelmail/alternc-changepass.conf, please check " );
2012-08-30 15:56:35 +00:00
exit ();
}
2012-10-16 14:42:37 +00:00
bindtextdomain ( " alternc " , ALTERNC_CHANGEPASS_LOC . " /bureau/locales " );
if ( ! function_exists ( " __ " )) {
function __ ( $str ) { echo _ ( $str ); }
}
/* ----------------------------------------------------------------- */
/** Hashe un mot de passe en clair en MD5 avec un salt aléatoire
* @ param string $pass Mot de passe à crypter ( max 32 caractères )
* @ return string Retourne le mot de passe crypté
* @ access private
*/
function _md5cr ( $pass , $salt = " " ) {
if ( ! $salt ) {
$chars = " ./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ " ;
for ( $i = 0 ; $i < 12 ; $i ++ ) {
$salt .= substr ( $chars ,( mt_rand ( 0 , strlen ( $chars ))), 1 );
}
$salt = " $ 1 $ " . $salt ;
}
return crypt ( $pass , $salt );
}
2012-08-30 15:56:35 +00:00
$link = mysql_connect (
ALTERNC_CHANGEPASS_MYSQL_HOST ,
ALTERNC_CHANGEPASS_MYSQL_USER ,
ALTERNC_CHANGEPASS_MYSQL_PASSWORD
);
if ( $link ) {
2012-10-16 14:29:36 +00:00
mysql_select_db ( ALTERNC_CHANGEPASS_MYSQL_DB );
2012-08-30 15:56:35 +00:00
} else {
__ ( " Can't connect to MySQL server on AlternC! " );
}
define ( 'SM_PATH' , '../../' );
2012-08-30 12:51:17 +00:00
2012-08-30 15:56:35 +00:00
/* SquirrelMail required files. */
require_once ( SM_PATH . 'include/validate.php' );
require_once ( SM_PATH . 'functions/page_header.php' );
require_once ( SM_PATH . 'functions/imap.php' );
require_once ( SM_PATH . 'include/load_prefs.php' );
2012-08-30 12:51:17 +00:00
/* get globals */
2012-08-30 15:56:35 +00:00
sqgetGlobalVar ( 'username' , $username , SQ_SESSION );
2012-10-16 14:42:37 +00:00
//require_once (SM_PATH . "plugins/alternc_changepass/config.php");
//session_start();
2012-08-30 12:51:17 +00:00
2012-10-16 14:42:37 +00:00
textdomain ( " alternc " );
2012-08-30 15:56:35 +00:00
global $username , $base_uri , $key , $onetimepad ;
list ( $login , $domain ) = explode ( " @ " , $username , 2 );
2012-10-16 14:42:37 +00:00
$errstr = " " ;
2012-08-30 12:51:17 +00:00
if ( $_POST [ 'acp_oldpass' ] && $_POST [ 'acp_newpass' ] && $_POST [ 'acp_verify' ]) {
if ( $_POST [ 'acp_newpass' ] != $_POST [ 'acp_verify' ]) {
$errstr = _ ( " Your new passwords are differents, pleasy try again. " );
} else {
// Check the old password
2012-10-16 14:42:37 +00:00
$r = mysql_query ( " SELECT a.password, a.id FROM address a,domaines d WHERE a.address=' " . addslashes ( $login ) . " ' AND a.domain_id=d.id AND d.domaine=' " . addslashes ( $domain ) . " '; " );
echo mysql_error ();
2012-08-30 15:56:35 +00:00
if ( ! ( $c = mysql_fetch_array ( $r ))) {
2012-08-30 12:51:17 +00:00
$errstr = _ ( " Your account has not been found, please try again later or ask an administrator. " );
} else {
2012-08-30 15:56:35 +00:00
if ( $c [ " password " ] != _md5cr ( $_POST [ 'acp_oldpass' ], $c [ " password " ])) {
2012-08-30 12:51:17 +00:00
$errstr = _ ( " Your current password is incorrect, please try again. " );
} else {
2012-08-30 15:56:35 +00:00
// FIXME DO Check the password policy :
/*
2012-08-30 12:51:17 +00:00
if ( is_callable ( array ( $admin , " checkPolicy " )) &&
! $admin -> checkPolicy ( " pop " , $username , $_POST [ 'acp_newpass' ])) {
$errstr = _ ( " This password is not strong enough for your policy, set a stronger password or call your administrator " );
} else {
2012-08-30 15:56:35 +00:00
*/
2012-08-30 12:51:17 +00:00
// ok, let's change the password
$acp_newpass = $_POST [ 'acp_newpass' ];
$newp = _md5cr ( $acp_newpass );
2012-08-30 15:56:35 +00:00
mysql_query ( " UPDATE address SET password=' " . addslashes ( $newp ) . " ' WHERE id= " . $c [ " id " ] . " ; " );
2012-08-30 12:51:17 +00:00
$errstr = _ ( " Your password has been successfully changed. Don't forget to change it in your mail software if you are using one (Outlook, Mozilla, Thunderbird, Eudora ...) " );
// Write new cookies for the password
$onetimepad = OneTimePadCreate ( strlen ( $acp_newpass ));
sqsession_register ( $onetimepad , 'onetimepad' );
$key = OneTimePadEncrypt ( $acp_newpass , $onetimepad );
setcookie ( " key " , $key , 0 , $base_uri );
2012-08-30 15:56:35 +00:00
// }
2012-08-30 12:51:17 +00:00
}
}
}
2012-08-30 15:56:35 +00:00
} // POSTED data ?
2012-08-30 12:51:17 +00:00
2012-10-16 14:42:37 +00:00
textdomain ( " squirrelmail " );
2012-08-30 12:51:17 +00:00
2012-10-16 14:42:37 +00:00
displayPageHeader ( $color , 'None' );
2012-08-30 12:51:17 +00:00
2012-10-16 14:42:37 +00:00
textdomain ( " alternc " );
2012-08-30 12:51:17 +00:00
if ( $errstr ) echo " <p><b> " . $errstr . " </b></p> " ;
?>
< h2 >< ? php __ ( " Changing your mail password " ); ?> </h2>
< form method = " post " action = " change.php " name = " main " id = " main " >
< table >
< tr >
< th align = " right " >< label for = " acp_oldpass " >< ? php __ ( " Old Password: " ); ?> </label></th>
< td >< input type = " password " name = " acp_oldpass " id = " acp_oldpass " value = " " size = " 20 " /></ td >
</ tr >
< tr >
< th align = " right " >< label for = " acp_newpass " >< ? php __ ( " New Password: " ); ?> </label></th>
< td >< input type = " password " name = " acp_newpass " id = " acp_newpass " value = " " size = " 20 " /></ td >
</ tr >
< tr >
< th align = " right " >< label for = " acp_verify " >< ? php __ ( " Verify New Password: " ); ?> </label></th>
< td >< input type = " password " name = " acp_verify " id = " acp_verify " value = " " size = " 20 " /></ td >
</ tr >
< tr >
< td align = " center " colspan = " 2 " >< input type = " submit " value = " <?php __( " Change my mail password " ); ?> " name = " plugin_changepass " /></ td >
</ tr >
</ table >
</ form >
< script type = " text/javascript " >
document . forms [ 'main' ] . acp_oldpass . focus ();
document . forms [ 'main' ] . setAttribute ( 'autocomplete' , 'off' );
</ script >
</ body ></ html >
< ? php
textdomain ( " squirrelmail " );
?>
