githubFork/roundcubemail.git

parent: 6776d31c | patch | commit | show whitespace

Code improvements, remove code duplication

Aleksander Machniak

2013-09-23 19884ec5d2adabb9e0ccb0b27ebdd50cb0b933d9

Code improvements, remove code duplication

2 files modified

	plugins/password/drivers/ldap.php	147 ●●●●● patch \| view \| raw \| blame \| history
	plugins/password/drivers/ldap_simple.php	160 ●●●●● patch \| view \| raw \| blame \| history

 plugins/password/drivers/ldap.php

@@ -23,7 +23,7 @@

        // Building user DN
        if ($userDN = $rcmail->config->get('password_ldap_userDN_mask')) {
            $userDN = $this->substitute_vars($userDN);
            $userDN = self::substitute_vars($userDN);
        } else {
            $userDN = $this->search_userdn($rcmail);
        }
@@ -64,7 +64,7 @@
            return PASSWORD_CONNECT_ERROR;
        }

        $crypted_pass = $this->hashPassword($passwd, $rcmail->config->get('password_ldap_encodage'));
        $crypted_pass = self::hash_password($passwd, $rcmail->config->get('password_ldap_encodage'));
        $force        = $rcmail->config->get('password_ldap_force_replace');
        $pwattr       = $rcmail->config->get('password_ldap_pwattr');
        $lchattr      = $rcmail->config->get('password_ldap_lchattr');
@@ -84,7 +84,7 @@
        }

        // Crypt new samba password
        if ($smbpwattr && !($samba_pass = $this->hashPassword($passwd, 'samba'))) {
        if ($smbpwattr && !($samba_pass = self::hash_password($passwd, 'samba'))) {
            return PASSWORD_CRYPT_ERROR;
        }

@@ -147,7 +147,7 @@
        }

        $base = $rcmail->config->get('password_ldap_search_base');
        $filter = $this->substitute_vars($rcmail->config->get('password_ldap_search_filter'));
        $filter = self::substitute_vars($rcmail->config->get('password_ldap_search_filter'));
        $options = array (
            'scope' => 'sub',
            'attributes' => array(),
@@ -163,27 +163,25 @@
    }

    /**
     * Substitute %login, %name, %domain, %dc in $str.
     * See plugin config for details.
     * Substitute %login, %name, %domain, %dc in $str
     * See plugin config for details
     */
    function substitute_vars($str)
    static function substitute_vars($str)
    {
        $rcmail = rcmail::get_instance();
        $domain = $rcmail->user->get_username('domain');
        $dc     = 'dc='.strtr($domain, array('.' => ',dc=')); // hierarchal domain string
        $str = str_replace('%login', $_SESSION['username'], $str);
        $str = str_replace('%l', $_SESSION['username'], $str);

        $str = str_replace(array(
                '%login',
                '%name',
                '%domain',
                '%dc',
            ), array(
                $_SESSION['username'],
                $rcmail->user->get_username('local'),
                $domain,
                $dc,
            ), $str
        );
        $parts = explode('@', $_SESSION['username']);

        if (count($parts) == 2) {
            $dc = 'dc='.strtr($parts[1], array('.' => ',dc=')); // hierarchal domain string

            $str = str_replace('%name', $parts[0], $str);
            $str = str_replace('%n', $parts[0], $str);
            $str = str_replace('%dc', $dc, $str);
            $str = str_replace('%domain', $parts[1], $str);
            $str = str_replace('%d', $parts[1], $str);
        }

        return $str;
    }
@@ -192,132 +190,109 @@
     * Code originaly from the phpLDAPadmin development team
     * http://phpldapadmin.sourceforge.net/
     *
     * Hashes a password and returns the hash based on the specified enc_type.
     *
     * @param string $passwordClear The password to hash in clear text.
     * @param string $encodageType Standard LDAP encryption type which must be one of
     *        crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
     * @return string The hashed password.
     *
     * Hashes a password and returns the hash based on the specified enc_type
     */
    function hashPassword( $passwordClear, $encodageType )
    static function hash_password($password_clear, $encodage_type)
    {
        $encodageType = strtolower( $encodageType );
        switch( $encodageType ) {
        $encodage_type = strtolower($encodage_type);
        switch ($encodage_type) {
        case 'crypt':
            $cryptedPassword = '{CRYPT}' . crypt($passwordClear, $this->randomSalt(2));
            $crypted_password = '{CRYPT}' . crypt($password_clear, self::random_salt(2));
            break;

        case 'ext_des':
            // extended des crypt. see OpenBSD crypt man page.
            /* Extended DES crypt. see OpenBSD crypt man page */
            if ( ! defined( 'CRYPT_EXT_DES' ) || CRYPT_EXT_DES == 0 ) {
                // Your system crypt library does not support extended DES encryption.
                return FALSE;
                /* Your system crypt library does not support extended DES encryption */
                return false;
            }
            $cryptedPassword = '{CRYPT}' . crypt( $passwordClear, '_' . $this->randomSalt(8) );
            $crypted_password = '{CRYPT}' . crypt($password_clear, '_' . self::random_salt(8));
            break;

        case 'md5crypt':
            if( ! defined( 'CRYPT_MD5' ) || CRYPT_MD5 == 0 ) {
                // Your system crypt library does not support md5crypt encryption.
                return FALSE;
                /* Your system crypt library does not support md5crypt encryption */
                return false;
            }
            $cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$1$' . $this->randomSalt(9) );
            $crypted_password = '{CRYPT}' . crypt($password_clear, '$1$' . self::random_salt(9));
            break;

        case 'blowfish':
            if( ! defined( 'CRYPT_BLOWFISH' ) || CRYPT_BLOWFISH == 0 ) {
                // Your system crypt library does not support blowfish encryption.
                return FALSE;
                /* Your system crypt library does not support blowfish encryption */
                return false;
            }
            // hardcoded to second blowfish version and set number of rounds
            $cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$2a$12$' . $this->randomSalt(13) );
            /* Hardcoded to second blowfish version and set number of rounds */
            $crypted_password = '{CRYPT}' . crypt($password_clear, '$2a$12$' . self::random_salt(13));
            break;

        case 'md5':
            $cryptedPassword = '{MD5}' . base64_encode( pack( 'H*' , md5( $passwordClear) ) );
            $crypted_password = '{MD5}' . base64_encode(pack('H*', md5($password_clear)));
            break;

        case 'sha':
            if( function_exists('sha1') ) {
                // use php 4.3.0+ sha1 function, if it is available.
                $cryptedPassword = '{SHA}' . base64_encode( pack( 'H*' , sha1( $passwordClear) ) );
                /* Use PHP 4.3.0+ sha1 function, if it is available */
                $crypted_password = '{SHA}' . base64_encode(pack('H*', sha1($password_clear)));
            } elseif( function_exists( 'mhash' ) ) {
                $cryptedPassword = '{SHA}' . base64_encode( mhash( MHASH_SHA1, $passwordClear) );
                $crypted_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear));
            } else {
                return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
                /* Your PHP install does not have the mhash() function */
                return false;
            }
            break;

        case 'ssha':
            if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) {
                mt_srand( (double) microtime() * 1000000 );
                $salt = mhash_keygen_s2k( MHASH_SHA1, $passwordClear, substr( pack( 'h*', md5( mt_rand() ) ), 0, 8 ), 4 );
                $cryptedPassword = '{SSHA}'.base64_encode( mhash( MHASH_SHA1, $passwordClear.$salt ).$salt );
                $salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                $crypted_password = '{SSHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt);
            } else {
                return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
                /* Your PHP install does not have the mhash() function */
                return false;
            }
            break;

        case 'smd5':
            if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) {
                mt_srand( (double) microtime() * 1000000 );
                $salt = mhash_keygen_s2k( MHASH_MD5, $passwordClear, substr( pack( 'h*', md5( mt_rand() ) ), 0, 8 ), 4 );
                $cryptedPassword = '{SMD5}'.base64_encode( mhash( MHASH_MD5, $passwordClear.$salt ).$salt );
                $salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                $crypted_password = '{SMD5}' . base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt);
            } else {
                return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
                /* Your PHP install does not have the mhash() function */
                return false;
            }
            break;

        case 'samba':
            if (function_exists('hash')) {
                $cryptedPassword = hash('md4', rcube_charset::convert($passwordClear, RCUBE_CHARSET, 'UTF-16LE'));
                $cryptedPassword = strtoupper($cryptedPassword);
                $crypted_password = hash('md4', rcube_charset::convert($password_clear, RCUBE_CHARSET, 'UTF-16LE'));
                $crypted_password = strtoupper($crypted_password);
            } else {
                /* Your PHP install does not have the hash() function */
                return false;
            }
            break;

        case 'ad':
            $cryptedPassword = rcube_charset::convert('"' . $passwordClear . '"', RCUBE_CHARSET, 'UTF-16LE');
            $crypted_password = rcube_charset::convert('"' . $password_clear . '"', RCUBE_CHARSET, 'UTF-16LE');
            break;

        case 'clear':
        default:
            $cryptedPassword = $passwordClear;
            $crypted_password = $password_clear;
        }

        return $cryptedPassword;
        return $crypted_password;
    }

    /**
     * Code originaly from the phpLDAPadmin development team
     * http://phpldapadmin.sourceforge.net/
     *
     * Used to generate a random salt for crypt-style passwords. Salt strings are used
     * to make pre-built hash cracking dictionaries difficult to use as the hash algorithm uses
     * not only the user's password but also a randomly generated string. The string is
     * stored as the first N characters of the hash for reference of hashing algorithms later.
     *
     * --- added 20021125 by bayu irawan <bayuir@divnet.telkom.co.id> ---
     * --- ammended 20030625 by S C Rigler <srigler@houston.rr.com> ---
     *
     * @param int $length The length of the salt string to generate.
     * @return string The generated salt string.
     * Used to generate a random salt for crypt-style passwords
     */
    function randomSalt( $length )
    static function random_salt($length)
    {
        $possible = '0123456789'.
            'abcdefghijklmnopqrstuvwxyz'.
            'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.
            './';
        $possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './';
        $str = '';
        // mt_srand((double)microtime() * 1000000);

        while (strlen($str) < $length)
        while (strlen($str) < $length) {
            $str .= substr($possible, (rand() % strlen($possible)), 1);
        }

        return $str;
    }

}

 plugins/password/drivers/ldap_simple.php

@@ -37,9 +37,12 @@
            }
        }

        // include 'ldap' driver, we share some static methods with it
        require_once INSTALL_PATH . 'plugins/password/drivers/ldap.php';

        // Build user DN
        if ($user_dn = $rcmail->config->get('password_ldap_userDN_mask')) {
            $user_dn = $this->substitute_vars($user_dn);
            $user_dn = rcube_ldap_password::substitute_vars($user_dn);
        }
        else {
            $user_dn = $this->search_userdn($rcmail, $ds);
@@ -63,12 +66,13 @@
            break;
        }

        $crypted_pass = $this->hash_password($passwd, $rcmail->config->get('password_ldap_encodage'));
        $lchattr      = $rcmail->config->get('password_ldap_lchattr');
        $pwattr       = $rcmail->config->get('password_ldap_pwattr');
        $smbpwattr    = $rcmail->config->get('password_ldap_samba_pwattr');
        $smblchattr   = $rcmail->config->get('password_ldap_samba_lchattr');
        $samba        = $rcmail->config->get('password_ldap_samba');
        $pass_mode    = $rcmail->config->get('password_ldap_encodage');
        $crypted_pass = rcube_ldap_password::hash_password($passwd, $pass_mode);

        // Support password_ldap_samba option for backward compat.
        if ($samba && !$smbpwattr) {
@@ -82,7 +86,7 @@
        }

        // Crypt new Samba password
        if ($smbpwattr && !($samba_pass = $this->hash_password($passwd, 'samba'))) {
        if ($smbpwattr && !($samba_pass = rcube_ldap_password::hash_password($passwd, 'samba'))) {
            return PASSWORD_CRYPT_ERROR;
        }

@@ -126,154 +130,28 @@
     */
    function search_userdn($rcmail, $ds)
    {
        /* Bind */
        if (!ldap_bind($ds, $rcmail->config->get('password_ldap_searchDN'), $rcmail->config->get('password_ldap_searchPW'))) {
        $search_user = $rcmail->config->get('password_ldap_searchDN');
        $search_pass = $rcmail->config->get('password_ldap_searchPW');

        // Bind
        if (!ldap_bind($ds, $search_user, $search_pass)) {
            return false;
        }

        /* Search for the DN */
        if (!$sr = ldap_search($ds, $rcmail->config->get('password_ldap_search_base'), $this->substitute_vars($rcmail->config->get('password_ldap_search_filter')))) {
        $search_base   = $rcmail->config->get('password_ldap_search_base');
        $search_filter = $rcmail->config->get('password_ldap_search_filter');
        $search_filter = rcube_ldap_password::substitute_vars($search_filter);

        // Search for the DN
        if (!$sr = ldap_search($ds, $search_base, $search_filter)) {
            return false;
        }

        /* If no or more entries were found, return false */
        // If no or more entries were found, return false
        if (ldap_count_entries($ds, $sr) != 1) {
            return false;
        }

        return ldap_get_dn($ds, ldap_first_entry($ds, $sr));
    }

    /**
     * Substitute %login, %name, %domain, %dc in $str
     * See plugin config for details
     */
    function substitute_vars($str)
    {
        $str = str_replace('%login', $_SESSION['username'], $str);
        $str = str_replace('%l', $_SESSION['username'], $str);

        $parts = explode('@', $_SESSION['username']);

        if (count($parts) == 2) {
            $dc = 'dc='.strtr($parts[1], array('.' => ',dc=')); // hierarchal domain string

            $str = str_replace('%name', $parts[0], $str);
            $str = str_replace('%n', $parts[0], $str);
            $str = str_replace('%dc', $dc, $str);
            $str = str_replace('%domain', $parts[1], $str);
            $str = str_replace('%d', $parts[1], $str);
        }

        return $str;
    }

    /**
     * Code originaly from the phpLDAPadmin development team
     * http://phpldapadmin.sourceforge.net/
     *
     * Hashes a password and returns the hash based on the specified enc_type
     */
    function hash_password($password_clear, $encodage_type)
    {
        $encodage_type = strtolower($encodage_type);
        switch ($encodage_type) {
        case 'crypt':
            $crypted_password = '{CRYPT}' . crypt($password_clear, $this->random_salt(2));
            break;
        case 'ext_des':
            /* Extended DES crypt. see OpenBSD crypt man page */
            if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
                /* Your system crypt library does not support extended DES encryption */
                return false;
            }
            $crypted_password = '{CRYPT}' . crypt($password_clear, '_' . $this->random_salt(8));
            break;
        case 'md5crypt':
            if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
                /* Your system crypt library does not support md5crypt encryption */
                return false;
            }
            $crypted_password = '{CRYPT}' . crypt($password_clear, '$1$' . $this->random_salt(9));
            break;
        case 'blowfish':
            if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
                /* Your system crypt library does not support blowfish encryption */
                return false;
            }
            /* Hardcoded to second blowfish version and set number of rounds */
            $crypted_password = '{CRYPT}' . crypt($password_clear, '$2a$12$' . $this->random_salt(13));
            break;
        case 'md5':
            $crypted_password = '{MD5}' . base64_encode(pack('H*', md5($password_clear)));
            break;
        case 'sha':
            if (function_exists('sha1')) {
                /* Use PHP 4.3.0+ sha1 function, if it is available */
                $crypted_password = '{SHA}' . base64_encode(pack('H*', sha1($password_clear)));
            } else if (function_exists('mhash')) {
                $crypted_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear));
            } else {
                /* Your PHP install does not have the mhash() function */
                return false;
            }
            break;
        case 'ssha':
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                mt_srand((double) microtime() * 1000000 );
                $salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                $crypted_password = '{SSHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt);
            } else {
                /* Your PHP install does not have the mhash() function */
                return false;
            }
            break;
        case 'smd5':
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                mt_srand((double) microtime() * 1000000 );
                $salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                $crypted_password = '{SMD5}' . base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt);
            } else {
                /* Your PHP install does not have the mhash() function */
                return false;
            }
            break;
        case 'samba':
            if (function_exists('hash')) {
                $crypted_password = hash('md4', rcube_charset::convert($password_clear, RCUBE_CHARSET, 'UTF-16LE'));
                $crypted_password = strtoupper($crypted_password);
            } else {
                /* Your PHP install does not have the hash() function */
                return false;
            }
            break;
        case 'ad':
            $crypted_password = rcube_charset::convert('"' . $password_clear . '"', RCUBE_CHARSET, 'UTF-16LE');
            break;
        case 'clear':
        default:
            $crypted_password = $password_clear;
        }

        return $crypted_password;
    }

    /**
     * Code originaly from the phpLDAPadmin development team
     * http://phpldapadmin.sourceforge.net/
     *
     * Used to generate a random salt for crypt-style passwords
     */
    function random_salt($length)
    {
        $possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './';
        $str = '';
        // mt_srand((double)microtime() * 1000000);

        while (strlen($str) < $length) {
            $str .= substr($possible, (rand() % strlen($possible)), 1);
        }

        return $str;
    }
}

			@@ -23,7 +23,7 @@

			// Building user DN
			if ($userDN = $rcmail->config->get('password_ldap_userDN_mask')) {
			$userDN = $this->substitute_vars($userDN);
			$userDN = self::substitute_vars($userDN);
			} else {
			$userDN = $this->search_userdn($rcmail);
			}
			@@ -64,7 +64,7 @@
			return PASSWORD_CONNECT_ERROR;
			}

			$crypted_pass = $this->hashPassword($passwd, $rcmail->config->get('password_ldap_encodage'));
			$crypted_pass = self::hash_password($passwd, $rcmail->config->get('password_ldap_encodage'));
			$force = $rcmail->config->get('password_ldap_force_replace');
			$pwattr = $rcmail->config->get('password_ldap_pwattr');
			$lchattr = $rcmail->config->get('password_ldap_lchattr');
			@@ -84,7 +84,7 @@
			}

			// Crypt new samba password
			if ($smbpwattr && !($samba_pass = $this->hashPassword($passwd, 'samba'))) {
			if ($smbpwattr && !($samba_pass = self::hash_password($passwd, 'samba'))) {
			return PASSWORD_CRYPT_ERROR;
			}

			@@ -147,7 +147,7 @@
			}

			$base = $rcmail->config->get('password_ldap_search_base');
			$filter = $this->substitute_vars($rcmail->config->get('password_ldap_search_filter'));
			$filter = self::substitute_vars($rcmail->config->get('password_ldap_search_filter'));
			$options = array (
			'scope' => 'sub',
			'attributes' => array(),
			@@ -163,27 +163,25 @@
			}

			/**
			* Substitute %login, %name, %domain, %dc in $str.
			* See plugin config for details.
			* Substitute %login, %name, %domain, %dc in $str
			* See plugin config for details
			*/
			function substitute_vars($str)
			static function substitute_vars($str)
			{
			$rcmail = rcmail::get_instance();
			$domain = $rcmail->user->get_username('domain');
			$dc = 'dc='.strtr($domain, array('.' => ',dc=')); // hierarchal domain string
			$str = str_replace('%login', $_SESSION['username'], $str);
			$str = str_replace('%l', $_SESSION['username'], $str);

			$str = str_replace(array(
			'%login',
			'%name',
			'%domain',
			'%dc',
			), array(
			$_SESSION['username'],
			$rcmail->user->get_username('local'),
			$domain,
			$dc,
			), $str
			);
			$parts = explode('@', $_SESSION['username']);

			if (count($parts) == 2) {
			$dc = 'dc='.strtr($parts[1], array('.' => ',dc=')); // hierarchal domain string

			$str = str_replace('%name', $parts[0], $str);
			$str = str_replace('%n', $parts[0], $str);
			$str = str_replace('%dc', $dc, $str);
			$str = str_replace('%domain', $parts[1], $str);
			$str = str_replace('%d', $parts[1], $str);
			}

			return $str;
			}
			@@ -192,132 +190,109 @@
			* Code originaly from the phpLDAPadmin development team
			* http://phpldapadmin.sourceforge.net/
			*
			* Hashes a password and returns the hash based on the specified enc_type.
			*
			* @param string $passwordClear The password to hash in clear text.
			* @param string $encodageType Standard LDAP encryption type which must be one of
			* crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
			* @return string The hashed password.
			*
			* Hashes a password and returns the hash based on the specified enc_type
			*/
			function hashPassword( $passwordClear, $encodageType )
			static function hash_password($password_clear, $encodage_type)
			{
			$encodageType = strtolower( $encodageType );
			switch( $encodageType ) {
			$encodage_type = strtolower($encodage_type);
			switch ($encodage_type) {
			case 'crypt':
			$cryptedPassword = '{CRYPT}' . crypt($passwordClear, $this->randomSalt(2));
			$crypted_password = '{CRYPT}' . crypt($password_clear, self::random_salt(2));
			break;

			case 'ext_des':
			// extended des crypt. see OpenBSD crypt man page.
			/* Extended DES crypt. see OpenBSD crypt man page */
			if ( ! defined( 'CRYPT_EXT_DES' ) \|\| CRYPT_EXT_DES == 0 ) {
			// Your system crypt library does not support extended DES encryption.
			return FALSE;
			/* Your system crypt library does not support extended DES encryption */
			return false;
			}
			$cryptedPassword = '{CRYPT}' . crypt( $passwordClear, '_' . $this->randomSalt(8) );
			$crypted_password = '{CRYPT}' . crypt($password_clear, '_' . self::random_salt(8));
			break;

			case 'md5crypt':
			if( ! defined( 'CRYPT_MD5' ) \|\| CRYPT_MD5 == 0 ) {
			// Your system crypt library does not support md5crypt encryption.
			return FALSE;
			/* Your system crypt library does not support md5crypt encryption */
			return false;
			}
			$cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$1$' . $this->randomSalt(9) );
			$crypted_password = '{CRYPT}' . crypt($password_clear, '$1$' . self::random_salt(9));
			break;

			case 'blowfish':
			if( ! defined( 'CRYPT_BLOWFISH' ) \|\| CRYPT_BLOWFISH == 0 ) {
			// Your system crypt library does not support blowfish encryption.
			return FALSE;
			/* Your system crypt library does not support blowfish encryption */
			return false;
			}
			// hardcoded to second blowfish version and set number of rounds
			$cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$2a$12$' . $this->randomSalt(13) );
			/* Hardcoded to second blowfish version and set number of rounds */
			$crypted_password = '{CRYPT}' . crypt($password_clear, '$2a$12$' . self::random_salt(13));
			break;

			case 'md5':
			$cryptedPassword = '{MD5}' . base64_encode( pack( 'H*' , md5( $passwordClear) ) );
			$crypted_password = '{MD5}' . base64_encode(pack('H*', md5($password_clear)));
			break;

			case 'sha':
			if( function_exists('sha1') ) {
			// use php 4.3.0+ sha1 function, if it is available.
			$cryptedPassword = '{SHA}' . base64_encode( pack( 'H*' , sha1( $passwordClear) ) );
			/* Use PHP 4.3.0+ sha1 function, if it is available */
			$crypted_password = '{SHA}' . base64_encode(pack('H*', sha1($password_clear)));
			} elseif( function_exists( 'mhash' ) ) {
			$cryptedPassword = '{SHA}' . base64_encode( mhash( MHASH_SHA1, $passwordClear) );
			$crypted_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear));
			} else {
			return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
			/* Your PHP install does not have the mhash() function */
			return false;
			}
			break;

			case 'ssha':
			if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) {
			mt_srand( (double) microtime() * 1000000 );
			$salt = mhash_keygen_s2k( MHASH_SHA1, $passwordClear, substr( pack( 'h*', md5( mt_rand() ) ), 0, 8 ), 4 );
			$cryptedPassword = '{SSHA}'.base64_encode( mhash( MHASH_SHA1, $passwordClear.$salt ).$salt );
			$salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
			$crypted_password = '{SSHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt);
			} else {
			return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
			/* Your PHP install does not have the mhash() function */
			return false;
			}
			break;

			case 'smd5':
			if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) {
			mt_srand( (double) microtime() * 1000000 );
			$salt = mhash_keygen_s2k( MHASH_MD5, $passwordClear, substr( pack( 'h*', md5( mt_rand() ) ), 0, 8 ), 4 );
			$cryptedPassword = '{SMD5}'.base64_encode( mhash( MHASH_MD5, $passwordClear.$salt ).$salt );
			$salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
			$crypted_password = '{SMD5}' . base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt);
			} else {
			return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
			/* Your PHP install does not have the mhash() function */
			return false;
			}
			break;

			case 'samba':
			if (function_exists('hash')) {
			$cryptedPassword = hash('md4', rcube_charset::convert($passwordClear, RCUBE_CHARSET, 'UTF-16LE'));
			$cryptedPassword = strtoupper($cryptedPassword);
			$crypted_password = hash('md4', rcube_charset::convert($password_clear, RCUBE_CHARSET, 'UTF-16LE'));
			$crypted_password = strtoupper($crypted_password);
			} else {
			/* Your PHP install does not have the hash() function */
			return false;
			}
			break;

			case 'ad':
			$cryptedPassword = rcube_charset::convert('"' . $passwordClear . '"', RCUBE_CHARSET, 'UTF-16LE');
			$crypted_password = rcube_charset::convert('"' . $password_clear . '"', RCUBE_CHARSET, 'UTF-16LE');
			break;

			case 'clear':
			default:
			$cryptedPassword = $passwordClear;
			$crypted_password = $password_clear;
			}

			return $cryptedPassword;
			return $crypted_password;
			}

			/**
			* Code originaly from the phpLDAPadmin development team
			* http://phpldapadmin.sourceforge.net/
			*
			* Used to generate a random salt for crypt-style passwords. Salt strings are used
			* to make pre-built hash cracking dictionaries difficult to use as the hash algorithm uses
			* not only the user's password but also a randomly generated string. The string is
			* stored as the first N characters of the hash for reference of hashing algorithms later.
			*
			* --- added 20021125 by bayu irawan <bayuir@divnet.telkom.co.id> ---
			* --- ammended 20030625 by S C Rigler <srigler@houston.rr.com> ---
			*
			* @param int $length The length of the salt string to generate.
			* @return string The generated salt string.
			* Used to generate a random salt for crypt-style passwords
			*/
			function randomSalt( $length )
			static function random_salt($length)
			{
			$possible = '0123456789'.
			'abcdefghijklmnopqrstuvwxyz'.
			'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.
			'./';
			$possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './';
			$str = '';
			// mt_srand((double)microtime() * 1000000);

			while (strlen($str) < $length)
			while (strlen($str) < $length) {
			$str .= substr($possible, (rand() % strlen($possible)), 1);
			}

			return $str;
			}

			}

			@@ -37,9 +37,12 @@
			}
			}

			// include 'ldap' driver, we share some static methods with it
			require_once INSTALL_PATH . 'plugins/password/drivers/ldap.php';

			// Build user DN
			if ($user_dn = $rcmail->config->get('password_ldap_userDN_mask')) {
			$user_dn = $this->substitute_vars($user_dn);
			$user_dn = rcube_ldap_password::substitute_vars($user_dn);
			}
			else {
			$user_dn = $this->search_userdn($rcmail, $ds);
			@@ -63,12 +66,13 @@
			break;
			}

			$crypted_pass = $this->hash_password($passwd, $rcmail->config->get('password_ldap_encodage'));
			$lchattr = $rcmail->config->get('password_ldap_lchattr');
			$pwattr = $rcmail->config->get('password_ldap_pwattr');
			$smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr');
			$smblchattr = $rcmail->config->get('password_ldap_samba_lchattr');
			$samba = $rcmail->config->get('password_ldap_samba');
			$pass_mode = $rcmail->config->get('password_ldap_encodage');
			$crypted_pass = rcube_ldap_password::hash_password($passwd, $pass_mode);

			// Support password_ldap_samba option for backward compat.
			if ($samba && !$smbpwattr) {
			@@ -82,7 +86,7 @@
			}

			// Crypt new Samba password
			if ($smbpwattr && !($samba_pass = $this->hash_password($passwd, 'samba'))) {
			if ($smbpwattr && !($samba_pass = rcube_ldap_password::hash_password($passwd, 'samba'))) {
			return PASSWORD_CRYPT_ERROR;
			}

			@@ -126,154 +130,28 @@
			*/
			function search_userdn($rcmail, $ds)
			{
			/* Bind */
			if (!ldap_bind($ds, $rcmail->config->get('password_ldap_searchDN'), $rcmail->config->get('password_ldap_searchPW'))) {
			$search_user = $rcmail->config->get('password_ldap_searchDN');
			$search_pass = $rcmail->config->get('password_ldap_searchPW');

			// Bind
			if (!ldap_bind($ds, $search_user, $search_pass)) {
			return false;
			}

			/* Search for the DN */
			if (!$sr = ldap_search($ds, $rcmail->config->get('password_ldap_search_base'), $this->substitute_vars($rcmail->config->get('password_ldap_search_filter')))) {
			$search_base = $rcmail->config->get('password_ldap_search_base');
			$search_filter = $rcmail->config->get('password_ldap_search_filter');
			$search_filter = rcube_ldap_password::substitute_vars($search_filter);

			// Search for the DN
			if (!$sr = ldap_search($ds, $search_base, $search_filter)) {
			return false;
			}

			/* If no or more entries were found, return false */
			// If no or more entries were found, return false
			if (ldap_count_entries($ds, $sr) != 1) {
			return false;
			}

			return ldap_get_dn($ds, ldap_first_entry($ds, $sr));
			}

			/**
			* Substitute %login, %name, %domain, %dc in $str
			* See plugin config for details
			*/
			function substitute_vars($str)
			{
			$str = str_replace('%login', $_SESSION['username'], $str);
			$str = str_replace('%l', $_SESSION['username'], $str);

			$parts = explode('@', $_SESSION['username']);

			if (count($parts) == 2) {
			$dc = 'dc='.strtr($parts[1], array('.' => ',dc=')); // hierarchal domain string

			$str = str_replace('%name', $parts[0], $str);
			$str = str_replace('%n', $parts[0], $str);
			$str = str_replace('%dc', $dc, $str);
			$str = str_replace('%domain', $parts[1], $str);
			$str = str_replace('%d', $parts[1], $str);
			}

			return $str;
			}

			/**
			* Code originaly from the phpLDAPadmin development team
			* http://phpldapadmin.sourceforge.net/
			*
			* Hashes a password and returns the hash based on the specified enc_type
			*/
			function hash_password($password_clear, $encodage_type)
			{
			$encodage_type = strtolower($encodage_type);
			switch ($encodage_type) {
			case 'crypt':
			$crypted_password = '{CRYPT}' . crypt($password_clear, $this->random_salt(2));
			break;
			case 'ext_des':
			/* Extended DES crypt. see OpenBSD crypt man page */
			if (!defined('CRYPT_EXT_DES') \|\| CRYPT_EXT_DES == 0) {
			/* Your system crypt library does not support extended DES encryption */
			return false;
			}
			$crypted_password = '{CRYPT}' . crypt($password_clear, '_' . $this->random_salt(8));
			break;
			case 'md5crypt':
			if (!defined('CRYPT_MD5') \|\| CRYPT_MD5 == 0) {
			/* Your system crypt library does not support md5crypt encryption */
			return false;
			}
			$crypted_password = '{CRYPT}' . crypt($password_clear, '$1$' . $this->random_salt(9));
			break;
			case 'blowfish':
			if (!defined('CRYPT_BLOWFISH') \|\| CRYPT_BLOWFISH == 0) {
			/* Your system crypt library does not support blowfish encryption */
			return false;
			}
			/* Hardcoded to second blowfish version and set number of rounds */
			$crypted_password = '{CRYPT}' . crypt($password_clear, '$2a$12$' . $this->random_salt(13));
			break;
			case 'md5':
			$crypted_password = '{MD5}' . base64_encode(pack('H*', md5($password_clear)));
			break;
			case 'sha':
			if (function_exists('sha1')) {
			/* Use PHP 4.3.0+ sha1 function, if it is available */
			$crypted_password = '{SHA}' . base64_encode(pack('H*', sha1($password_clear)));
			} else if (function_exists('mhash')) {
			$crypted_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear));
			} else {
			/* Your PHP install does not have the mhash() function */
			return false;
			}
			break;
			case 'ssha':
			if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
			mt_srand((double) microtime() * 1000000 );
			$salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
			$crypted_password = '{SSHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt);
			} else {
			/* Your PHP install does not have the mhash() function */
			return false;
			}
			break;
			case 'smd5':
			if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
			mt_srand((double) microtime() * 1000000 );
			$salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
			$crypted_password = '{SMD5}' . base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt);
			} else {
			/* Your PHP install does not have the mhash() function */
			return false;
			}
			break;
			case 'samba':
			if (function_exists('hash')) {
			$crypted_password = hash('md4', rcube_charset::convert($password_clear, RCUBE_CHARSET, 'UTF-16LE'));
			$crypted_password = strtoupper($crypted_password);
			} else {
			/* Your PHP install does not have the hash() function */
			return false;
			}
			break;
			case 'ad':
			$crypted_password = rcube_charset::convert('"' . $password_clear . '"', RCUBE_CHARSET, 'UTF-16LE');
			break;
			case 'clear':
			default:
			$crypted_password = $password_clear;
			}

			return $crypted_password;
			}

			/**
			* Code originaly from the phpLDAPadmin development team
			* http://phpldapadmin.sourceforge.net/
			*
			* Used to generate a random salt for crypt-style passwords
			*/
			function random_salt($length)
			{
			$possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './';
			$str = '';
			// mt_srand((double)microtime() * 1000000);

			while (strlen($str) < $length) {
			$str .= substr($possible, (rand() % strlen($possible)), 1);
			}

			return $str;
			}
			}