latest/html/change_8php_source.html

 <?php


 @include_once("/etc/squirrelmail/alternc-changepass.conf");

 if (!defined("ALTERNC_CHANGEPASS_LOC")) {

   error_log("No configuration for squirrelmail plugin at /etc/squirrelmail/alternc-changepass.conf, please check");

   exit();

 }


 bindtextdomain("alternc", ALTERNC_CHANGEPASS_LOC."/bureau/locales");

 if (!function_exists("__")) {

   function __($str) { echo _($str); }

 }


   /* ----------------------------------------------------------------- */

   /** Hashe un mot de passe en clair en MD5 avec un salt aléatoire

    * @param string $pass Mot de passe à crypter (max 32 caractères)

    * @return string Retourne le mot de passe crypté

    * @access private

    */

   function _md5cr($pass,$salt="") {

     if (!$salt) {

       $chars="./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";

       for ($i=0;$i<12;$i++) {

    $salt.=substr($chars,(mt_rand(0,strlen($chars))),1);

       }

       $salt="$1$".$salt;

     }

     return crypt($pass,$salt);

   }


 $link=mysql_connect(

           ALTERNC_CHANGEPASS_MYSQL_HOST,

           ALTERNC_CHANGEPASS_MYSQL_USER,

           ALTERNC_CHANGEPASS_MYSQL_PASSWORD

           );

 if ($link) {

   mysql_select_db(ALTERNC_CHANGEPASS_MYSQL_DB);

 } else {

   __("Can't connect to MySQL server on AlternC!");

 }


 define('SM_PATH','../../');


 /* SquirrelMail required files. */

 require_once(SM_PATH . 'include/validate.php');

 require_once(SM_PATH . 'functions/page_header.php');

 require_once(SM_PATH . 'functions/imap.php');

 require_once(SM_PATH . 'include/load_prefs.php');


  /* get globals */

 sqgetGlobalVar('username', $username, SQ_SESSION);


 //require_once (SM_PATH . "plugins/alternc_changepass/config.php");

 //session_start();


 textdomain("alternc");


 global $username, $base_uri, $key, $onetimepad;


 list($login,$domain)=explode("@",$username,2);

 $errstr="";


 if ($_POST['acp_oldpass'] && $_POST['acp_newpass'] && $_POST['acp_verify']) {

   if ($_POST['acp_newpass']!=$_POST['acp_verify']) {

     $errstr=_("Your new passwords are differents, pleasy try again.");

   } else {

     // Check the old password

     $r=mysql_query("SELECT a.password, a.id FROM address a,domaines d WHERE a.address='".addslashes($login)."' AND a.domain_id=d.id AND d.domaine='".addslashes($domain)."';");

     echo mysql_error();

     if (!($c=mysql_fetch_array($r))) {

       $errstr=_("Your account has not been found, please try again later or ask an administrator.");

     } else {

       if ($c["password"]!=_md5cr($_POST['acp_oldpass'],$c["password"])) {

    $errstr=_("Your current password is incorrect, please try again.");

       } else {

    // FIXME DO Check the password policy :

    /*

    if (is_callable(array($admin,"checkPolicy"))  &&

        !$admin->checkPolicy("pop",$username,$_POST['acp_newpass'])) {

      $errstr=_("This password is not strong enough for your policy, set a stronger password or call your administrator");

    } else {

    */

      // ok, let's change the password

      $acp_newpass=$_POST['acp_newpass'];

      $newp=_md5cr($acp_newpass);

      mysql_query("UPDATE address SET password='".addslashes($newp)."' WHERE id=".$c["id"]." ;");

      $errstr=_("Your password has been successfully changed. Don't forget to change it in your mail software if you are using one (Outlook, Mozilla, Thunderbird, Eudora ...)");


      // Write new cookies for the password

      $onetimepad = OneTimePadCreate(strlen($acp_newpass));

      sqsession_register($onetimepad,'onetimepad');

      $key = OneTimePadEncrypt($acp_newpass, $onetimepad);

      setcookie("key", $key, 0, $base_uri);

      //  }

       }

     }

   }

 } // POSTED data ?


 textdomain("squirrelmail");


 displayPageHeader($color, 'None');


 textdomain("alternc");


 if ($errstr) echo "<p><b>".$errstr."</b></p>";


 ?>


 <h2><?php __("Changing your mail password"); ?></h2>

 <form method="post" action="change.php" name="main" id="main">

     <table>

       <tr>

    <th align="right"><label for="acp_oldpass"><?php __("Old Password:"); ?></label></th>

         <td><input type="password" name="acp_oldpass" id="acp_oldpass" value="" size="20" /></td>

       </tr>


       <tr>

    <th align="right"><label for="acp_newpass"><?php __("New Password:"); ?></label></th>

         <td><input type="password" name="acp_newpass" id="acp_newpass" value="" size="20" /></td>

       </tr>

       <tr>

    <th align="right"><label for="acp_verify"><?php __("Verify New Password:"); ?></label></th>

         <td><input type="password" name="acp_verify" id="acp_verify" value="" size="20" /></td>

       </tr>


       <tr>

         <td align="center" colspan="2"><input type="submit" value="<?php __("Change my mail password"); ?>" name="plugin_changepass" /></td>

       </tr>

     </table>


 </form>


 <script type="text/javascript">

   document.forms['main'].acp_oldpass.focus();

   document.forms['main'].setAttribute('autocomplete', 'off');

 </script>


 </body></html>

 <?php


 textdomain("squirrelmail");


 ?>

exit
exit
Definition: adm_doadd.php:70

$c
$c
Definition: bootstrap.php:47

$r
$r
Definition: aws_add.php:75

$errstr
$errstr
Definition: change.php:62

SM_PATH
const SM_PATH
Definition: change.php:43

$base_uri
global $base_uri
Definition: change.php:59

$onetimepad
global $onetimepad
Definition: change.php:59

$key
global $key
Definition: change.php:59

$link
$link
Definition: change.php:31

_md5cr
if(!function_exists("__")) _md5cr($pass, $salt="")
Hashe un mot de passe en clair en MD5 avec un salt aléatoire.
Definition: change.php:20

$username
global $username
Definition: change.php:59

$domain
$domain
Definition: dom_import.php:36

__
__($str)
Definition: functions.php:404

$login
$login
Definition: quotas_oneuser.php:42

$i
$i
Definition: sql_getparam.php:55