AlternC/squirrelmail/alternc-changepass/change.php

<?php

@include_once("/etc/squirrelmail/alternc-changepass.conf");
if (!defined("ALTERNC_LOC")) {
  echo "No AlternC-Changepass configuration, please setup alternc-changepass plugin in /etc/squirrelmail/";
  exit();
}

bindtextdomain("alternc-changepass", ALTERNC_LOC."/bureau/locales");

$link=mysql_connect(
		    ALTERNC_CHANGEPASS_MYSQL_HOST,
		    ALTERNC_CHANGEPASS_MYSQL_USER,
		    ALTERNC_CHANGEPASS_MYSQL_PASSWORD
		    );
if ($link) {
  mysql_select_db(ALTERNC_CHANGEPASS_MYSLQ_DB);
} else {
  __("Can't connect to MySQL server on AlternC!");
}


define('SM_PATH','../../');
 
/* SquirrelMail required files. */
require_once(SM_PATH . 'include/validate.php');
require_once(SM_PATH . 'functions/page_header.php');
require_once(SM_PATH . 'functions/imap.php');
require_once(SM_PATH . 'include/load_prefs.php');

 /* get globals */
sqgetGlobalVar('username', $username, SQ_SESSION);

require_once (SM_PATH . "plugins/alternc_changepass/config.php");

session_start();

textdomain("alternc-changepass");

global $username, $base_uri, $key, $onetimepad;

list($login,$domain)=explode("@",$username,2);

if ($_POST['acp_oldpass'] && $_POST['acp_newpass'] && $_POST['acp_verify']) {
  if ($_POST['acp_newpass']!=$_POST['acp_verify']) {
    $errstr=_("Your new passwords are differents, pleasy try again.");
  } else {
    // Check the old password
    $r=mysql_query("SELECT a.password FROM address a,domaines d WHERE a.address='".addslashes($login)."' AND a.dom_id=d.id AND d.domaine='".addslashes($domain)."';");
    if (!($c=mysql_fetch_array($r))) {
      $errstr=_("Your account has not been found, please try again later or ask an administrator.");
    } else {
      if ($c["password"]!=_md5cr($_POST['acp_oldpass'],$c["password"])) {
	$errstr=_("Your current password is incorrect, please try again.");
      } else {
	// FIXME DO Check the password policy : 
	/*
	if (is_callable(array($admin,"checkPolicy"))  && 
	    !$admin->checkPolicy("pop",$username,$_POST['acp_newpass'])) {
	  $errstr=_("This password is not strong enough for your policy, set a stronger password or call your administrator");
	} else {
	*/
	  // ok, let's change the password
	  $acp_newpass=$_POST['acp_newpass'];
	  $newp=_md5cr($acp_newpass);
	  mysql_query("UPDATE address SET password='".addslashes($newp)."' WHERE id=".$c["id"]." ;");
	  $errstr=_("Your password has been successfully changed. Don't forget to change it in your mail software if you are using one (Outlook, Mozilla, Thunderbird, Eudora ...)");
	  
	  // Write new cookies for the password
	  $onetimepad = OneTimePadCreate(strlen($acp_newpass));
	  sqsession_register($onetimepad,'onetimepad');
	  $key = OneTimePadEncrypt($acp_newpass, $onetimepad);
	  setcookie("key", $key, 0, $base_uri);
	  //	}
      }
    }
  }
} // POSTED data ? 

 
 textdomain("squirrelmail");

 displayPageHeader($color, 'None');

 textdomain("alternc-changepass");
 
if ($errstr) echo "<p><b>".$errstr."</b></p>";

?>

<h2><?php __("Changing your mail password"); ?></h2>
<form method="post" action="change.php" name="main" id="main">
    <table>
      <tr>
   <th align="right"><label for="acp_oldpass"><?php __("Old Password:"); ?></label></th>
        <td><input type="password" name="acp_oldpass" id="acp_oldpass" value="" size="20" /></td>
      </tr>

      <tr>
   <th align="right"><label for="acp_newpass"><?php __("New Password:"); ?></label></th>
        <td><input type="password" name="acp_newpass" id="acp_newpass" value="" size="20" /></td>
      </tr>
      <tr>
   <th align="right"><label for="acp_verify"><?php __("Verify New Password:"); ?></label></th>
        <td><input type="password" name="acp_verify" id="acp_verify" value="" size="20" /></td>
      </tr>

      <tr>
        <td align="center" colspan="2"><input type="submit" value="<?php __("Change my mail password"); ?>" name="plugin_changepass" /></td>
      </tr>
    </table>

</form>

<script type="text/javascript">
  document.forms['main'].acp_oldpass.focus();
  document.forms['main'].setAttribute('autocomplete', 'off');
</script>


</body></html>
<?php

textdomain("squirrelmail");

?>
inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00			`<?php`

adding alternc-changepass new plugin version, TO BE TESTED 2012-08-30 15:56:35 +00:00			`@include_once("/etc/squirrelmail/alternc-changepass.conf");`
			`if (!defined("ALTERNC_LOC")) {`
			`echo "No AlternC-Changepass configuration, please setup alternc-changepass plugin in /etc/squirrelmail/";`
			`exit();`
			`}`

			`bindtextdomain("alternc-changepass", ALTERNC_LOC."/bureau/locales");`

			`$link=mysql_connect(`
			`ALTERNC_CHANGEPASS_MYSQL_HOST,`
			`ALTERNC_CHANGEPASS_MYSQL_USER,`
			`ALTERNC_CHANGEPASS_MYSQL_PASSWORD`
			`);`
			`if ($link) {`
			`mysql_select_db(ALTERNC_CHANGEPASS_MYSLQ_DB);`
			`} else {`
			`__("Can't connect to MySQL server on AlternC!");`
			`}`


			`define('SM_PATH','../../');`
inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00
adding alternc-changepass new plugin version, TO BE TESTED 2012-08-30 15:56:35 +00:00			`/* SquirrelMail required files. */`
			`require_once(SM_PATH . 'include/validate.php');`
			`require_once(SM_PATH . 'functions/page_header.php');`
			`require_once(SM_PATH . 'functions/imap.php');`
			`require_once(SM_PATH . 'include/load_prefs.php');`
inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00
			`/* get globals */`
adding alternc-changepass new plugin version, TO BE TESTED 2012-08-30 15:56:35 +00:00			`sqgetGlobalVar('username', $username, SQ_SESSION);`

			`require_once (SM_PATH . "plugins/alternc_changepass/config.php");`
inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00
adding alternc-changepass new plugin version, TO BE TESTED 2012-08-30 15:56:35 +00:00			`session_start();`
inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00
adding alternc-changepass new plugin version, TO BE TESTED 2012-08-30 15:56:35 +00:00			`textdomain("alternc-changepass");`

			`global $username, $base_uri, $key, $onetimepad;`

			`list($login,$domain)=explode("@",$username,2);`
inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00
			`if ($_POST['acp_oldpass'] && $_POST['acp_newpass'] && $_POST['acp_verify']) {`
			`if ($_POST['acp_newpass']!=$_POST['acp_verify']) {`
			`$errstr=_("Your new passwords are differents, pleasy try again.");`
			`} else {`
			`// Check the old password`
adding alternc-changepass new plugin version, TO BE TESTED 2012-08-30 15:56:35 +00:00			`$r=mysql_query("SELECT a.password FROM address a,domaines d WHERE a.address='".addslashes($login)."' AND a.dom_id=d.id AND d.domaine='".addslashes($domain)."';");`
			`if (!($c=mysql_fetch_array($r))) {`
inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00			`$errstr=_("Your account has not been found, please try again later or ask an administrator.");`
			`} else {`
adding alternc-changepass new plugin version, TO BE TESTED 2012-08-30 15:56:35 +00:00			`if ($c["password"]!=_md5cr($_POST['acp_oldpass'],$c["password"])) {`
inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00			`$errstr=_("Your current password is incorrect, please try again.");`
			`} else {`
adding alternc-changepass new plugin version, TO BE TESTED 2012-08-30 15:56:35 +00:00			`// FIXME DO Check the password policy :`
			`/*`
inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00			`if (is_callable(array($admin,"checkPolicy")) &&`
			`!$admin->checkPolicy("pop",$username,$_POST['acp_newpass'])) {`
			`$errstr=_("This password is not strong enough for your policy, set a stronger password or call your administrator");`
			`} else {`
adding alternc-changepass new plugin version, TO BE TESTED 2012-08-30 15:56:35 +00:00			`*/`
inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00			`// ok, let's change the password`
			`$acp_newpass=$_POST['acp_newpass'];`
			`$newp=_md5cr($acp_newpass);`
adding alternc-changepass new plugin version, TO BE TESTED 2012-08-30 15:56:35 +00:00			`mysql_query("UPDATE address SET password='".addslashes($newp)."' WHERE id=".$c["id"]." ;");`
inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00			`$errstr=_("Your password has been successfully changed. Don't forget to change it in your mail software if you are using one (Outlook, Mozilla, Thunderbird, Eudora ...)");`

			`// Write new cookies for the password`
			`$onetimepad = OneTimePadCreate(strlen($acp_newpass));`
			`sqsession_register($onetimepad,'onetimepad');`
			`$key = OneTimePadEncrypt($acp_newpass, $onetimepad);`
			`setcookie("key", $key, 0, $base_uri);`
adding alternc-changepass new plugin version, TO BE TESTED 2012-08-30 15:56:35 +00:00			`// }`
inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00			`}`
			`}`
			`}`
adding alternc-changepass new plugin version, TO BE TESTED 2012-08-30 15:56:35 +00:00			`} // POSTED data ?`

inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00
			`textdomain("squirrelmail");`

			`displayPageHeader($color, 'None');`

adding alternc-changepass new plugin version, TO BE TESTED 2012-08-30 15:56:35 +00:00			`textdomain("alternc-changepass");`
inserting squirrelmail alternc-changepass plugin TODO: change the changepass plugin for recent squirrelmail + alternc 3.0 2012-08-30 12:51:17 +00:00
			`if ($errstr) echo "<p><b>".$errstr."</b></p>";`

			`?>`

			`<h2><?php __("Changing your mail password"); ?></h2>`
			`<form method="post" action="change.php" name="main" id="main">`
			`<table>`
			`<tr>`
			`<th align="right"><label for="acp_oldpass"><?php __("Old Password:"); ?></label></th>`
			`<td><input type="password" name="acp_oldpass" id="acp_oldpass" value="" size="20" /></td>`
			`</tr>`

			`<tr>`
			`<th align="right"><label for="acp_newpass"><?php __("New Password:"); ?></label></th>`
			`<td><input type="password" name="acp_newpass" id="acp_newpass" value="" size="20" /></td>`
			`</tr>`
			`<tr>`
			`<th align="right"><label for="acp_verify"><?php __("Verify New Password:"); ?></label></th>`
			`<td><input type="password" name="acp_verify" id="acp_verify" value="" size="20" /></td>`
			`</tr>`

			`<tr>`
			`<td align="center" colspan="2"><input type="submit" value="<?php __("Change my mail password"); ?>" name="plugin_changepass" /></td>`
			`</tr>`
			`</table>`

			`</form>`

			`<script type="text/javascript">`
			`document.forms['main'].acp_oldpass.focus();`
			`document.forms['main'].setAttribute('autocomplete', 'off');`
			`</script>`


			`</body></html>`
			`<?php`

			`textdomain("squirrelmail");`

			`?>`