query("SELECT password FROM mail_users WHERE alias='".addslashes($username)."'");
if (!$db->next_record()) {
$errstr=_("Your account has not been found, please try again later or ask an administrator.");
} else {
if ($db->f("password")!=_md5cr($_POST['acp_oldpass'],$db->f("password"))) {
$errstr=_("Your current password is incorrect, please try again.");
} else {
// If available, check the password policy :
if (is_callable(array($admin,"checkPolicy")) &&
!$admin->checkPolicy("pop",$username,$_POST['acp_newpass'])) {
$errstr=_("This password is not strong enough for your policy, set a stronger password or call your administrator");
} else {
// ok, let's change the password
$m=explode("@",$username,2);
$acp_newpass=$_POST['acp_newpass'];
$newp=_md5cr($acp_newpass);
$un1=str_replace("@","_",$username); // version login_domain.tld
$un2=substr($un1,0,strlen($un1)-strlen(strrchr($un1,"_")))."@".substr(strrchr($un1,"_"),1); // version login@domain.tld
$db->query("UPDATE mail_users SET password='$newp' WHERE alias='$un1' or alias='$un2';");
$errstr=_("Your password has been successfully changed. Don't forget to change it in your mail software if you are using one (Outlook, Mozilla, Thunderbird, Eudora ...)");
// Write new cookies for the password
$onetimepad = OneTimePadCreate(strlen($acp_newpass));
sqsession_register($onetimepad,'onetimepad');
$key = OneTimePadEncrypt($acp_newpass, $onetimepad);
setcookie("key", $key, 0, $base_uri);
}
}
}
}
}
textdomain("squirrelmail");
displayPageHeader($color, 'None');
textdomain("changepass");
}
if ($errstr) echo "