| commit | author | age | ||
| 6bd74d | 1 | <?php |
| A | 2 | |
| 3 | /** | |
| 4 | * SQL Password Driver | |
| 5 | * | |
| 6 | * Driver for passwords stored in SQL database | |
| 7 | * | |
| 3dd90d | 8 | * @version 1.3 |
| 6bd74d | 9 | * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl> |
| A | 10 | * |
| 11 | */ | |
| 12 | ||
| 13 | function password_save($curpass, $passwd) | |
| 14 | { | |
| 15 | $rcmail = rcmail::get_instance(); | |
| 16 | ||
| 17 | if (!($sql = $rcmail->config->get('password_query'))) | |
| 18 | $sql = 'SELECT update_passwd(%c, %u)'; | |
| 19 | ||
| 20 | if ($dsn = $rcmail->config->get('password_db_dsn')) { | |
| add992 | 21 | // #1486067: enable new_link option |
| A | 22 | if (is_array($dsn) && empty($dsn['new_link'])) |
| 23 | $dsn['new_link'] = true; | |
| 24 | else if (!is_array($dsn) && !preg_match('/\?new_link=true/', $dsn)) | |
| 25 | $dsn .= '?new_link=true'; | |
| 26 | ||
| 6bd74d | 27 | $db = new rcube_mdb2($dsn, '', FALSE); |
| A | 28 | $db->set_debug((bool)$rcmail->config->get('sql_debug')); |
| 29 | $db->db_connect('w'); | |
| 30 | } else { | |
| 31 | $db = $rcmail->get_dbh(); | |
| 32 | } | |
| 33 | ||
| 34 | if ($err = $db->is_error()) | |
| 35 | return PASSWORD_ERROR; | |
| 36 | ||
| 64901d | 37 | // crypted password |
| 6bd74d | 38 | if (strpos($sql, '%c') !== FALSE) { |
| A | 39 | $salt = ''; |
| 40 | if (CRYPT_MD5) { | |
| 41 | $len = rand(3, CRYPT_SALT_LENGTH); | |
| 42 | } else if (CRYPT_STD_DES) { | |
| 43 | $len = 2; | |
| 44 | } else { | |
| 45 | return PASSWORD_CRYPT_ERROR; | |
| 46 | } | |
| 47 | for ($i = 0; $i < $len ; $i++) { | |
| 48 | $salt .= chr(rand(ord('.'), ord('z'))); | |
| 49 | } | |
| 50 | $sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql); | |
| 51 | } | |
| 64901d | 52 | |
| A | 53 | // hashed passwords |
| 54 | if (preg_match('/%[n|q]/', $sql)) { | |
| 6bd74d | 55 | |
| 64901d | 56 | if (!extension_loaded('hash')) { |
| A | 57 | raise_error(array( |
| 58 | 'code' => 600, | |
| 59 | 'type' => 'php', | |
| 60 | 'file' => __FILE__, | |
| 61 | 'message' => "Password plugin: 'hash' extension not loaded!" | |
| 62 | ), true, false); | |
| 63 | return PASSWORD_ERROR; | |
| 64 | } | |
| 65 | ||
| 66 | if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) | |
| 67 | $hash_algo = 'sha1'; | |
| 68 | ||
| 69 | $hash_passwd = hash($hash_algo, $passwd); | |
| 70 | $hash_curpass = hash($hash_algo, $curpass); | |
| 71 | ||
| 72 | if ($rcmail->config->get('password_hash_base64')) { | |
| 73 | $hash_passwd = base64_encode(pack('H*', $hash_passwd)); | |
| 74 | $hash_curpass = base64_encode(pack('H*', $hash_curpass)); | |
| 75 | } | |
| 76 | ||
| 77 | $sql = str_replace('%n', $db->quote($hash_passwd, 'text'), $sql); | |
| 78 | $sql = str_replace('%q', $db->quote($hash_curpass, 'text'), $sql); | |
| 79 | } | |
| 80 | ||
| 81 | $user_info = explode('@', $_SESSION['username']); | |
| 82 | if (count($user_info) >= 2) { | |
| 83 | $sql = str_replace('%l', $db->quote($user_info[0], 'text'), $sql); | |
| 3dd90d | 84 | $sql = str_replace('%d', $db->quote($user_info[1], 'text'), $sql); |
| 64901d | 85 | } |
| A | 86 | |
| 6bd74d | 87 | $sql = str_replace('%u', $db->quote($_SESSION['username'],'text'), $sql); |
| 64901d | 88 | $sql = str_replace('%h', $db->quote($_SESSION['imap_host'],'text'), $sql); |
| 6bd74d | 89 | $sql = str_replace('%p', $db->quote($passwd,'text'), $sql); |
| A | 90 | $sql = str_replace('%o', $db->quote($curpass,'text'), $sql); |
| 91 | ||
| 92 | $res = $db->query($sql); | |
| 93 | ||
| 94 | if (!$db->is_error()) { | |
| 95 | if (strtolower(substr(trim($query),0,6))=='select') { | |
| 96 | if ($result = $db->fetch_array($res)) | |
| 97 | return PASSWORD_SUCCESS; | |
| 98 | } else { | |
| 99 | if ($db->affected_rows($res) == 1) | |
| 100 | return PASSWORD_SUCCESS; // This is the good case: 1 row updated | |
| 101 | } | |
| 102 | } | |
| 103 | ||
| 104 | return PASSWORD_ERROR; | |
| 105 | } | |
| 106 | ||
| 107 | ?> | |
