Code cleanup and small fixes (after pull request merge)

Aleksander Machniak

2014-06-10 4520fa0f38e9744fa1541c2365000710f7763242

Code cleanup and small fixes (after pull request merge)

 plugins/password/package.xml

@@ -15,9 +15,9 @@
        <email>alec@alec.pl</email>
        <active>yes</active>
    </lead>
    <date>2013-04-28</date>
    <date>2014-06-10</date>
    <version>
        <release>3.4</release>
        <release>3.5</release>
        <api>2.0</api>
    </version>
    <stability>
@@ -25,9 +25,6 @@
        <api>stable</api>
    </stability>
    <license uri="http://www.gnu.org/licenses/gpl.html">GNU GPLv3+</license>
    <notes>
Added password_force_save option
    </notes>
    <contents>
        <dir baseinstalldir="/" name="/">
            <file name="password.php" role="php">
@@ -114,268 +111,4 @@
        </required>
    </dependencies>
    <phprelease/>
    <changelog>
        <release>
            <date>2010-04-29</date>
            <time>12:00:00</time>
            <version>
                <release>1.4</release>
                <api>1.4</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- Use mail_domain value for domain variables when there is no domain in username:
  sql and ldap drivers (#1486694)
- Created package.xml
            </notes>
        </release>
        <release>
            <date>2010-06-20</date>
            <time>12:00:00</time>
            <version>
                <release>1.5</release>
                <api>1.5</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- Removed user_login/username_local/username_domain methods,
  use rcube_user::get_username instead (#1486707)
            </notes>
        </release>
        <release>
            <date>2010-08-01</date>
            <time>09:00:00</time>
            <version>
                <release>1.6</release>
                <api>1.5</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- Added ldap_simple driver
            </notes>
        </release>
        <release>
            <date>2010-09-10</date>
            <time>09:00:00</time>
            <version>
                <release>1.7</release>
                <api>1.5</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- Added XMail driver
- Improve security of chpasswd driver using popen instead of exec+echo (#1486987)
- Added chpass-wrapper.py script to improve security (#1486987)
            </notes>
        </release>
        <release>
            <date>2010-09-29</date>
            <time>19:00:00</time>
            <version>
                <release>1.8</release>
                <api>1.6</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- Added possibility to display extended error messages (#1486704)
- Added extended error messages in Poppassd driver (#1486704)
            </notes>
        </release>
        <release>
            <version>
                <release>1.9</release>
                <api>1.6</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- Added password_ldap_lchattr option (#1486927)
            </notes>
        </release>
        <release>
            <date>2010-10-07</date>
            <time>09:00:00</time>
            <version>
                <release>2.0</release>
                <api>1.6</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- Fixed SQL Injection in SQL driver when using %p or %o variables in query (#1487034)
            </notes>
        </release>
        <release>
            <date>2010-11-02</date>
            <time>09:00:00</time>
            <version>
                <release>2.1</release>
                <api>1.6</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- hMail driver: Add possibility to connect to remote host
            </notes>
        </release>
        <release>
            <date>2011-02-15</date>
            <time>12:00</time>
            <version>
                <release>2.2</release>
                <api>1.6</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- hMail driver: add username_domain detection (#1487100)
- hMail driver: HTML tags in logged messages should be stripped off (#1487099)
- Chpasswd driver: add newline at end of input to chpasswd binary (#1487141)
- Fix usage of configured temp_dir instead of /tmp (#1487447)
- ldap_simple driver: fix parse error
- ldap/ldap_simple drivers: support %dc variable in config
- ldap/ldap_simple drivers: support Samba password change
- Fix extended error messages handling (#1487676)
- Fix double request when clicking on Password tab in Firefox
- Fix deprecated split() usage in xmail and directadmin drivers (#1487769)
- Added option (password_log) for logging password changes
- Virtualmin driver: Add option for setting username format (#1487781)
            </notes>
        </release>
        <release>
            <date>2011-10-26</date>
            <time>12:00</time>
            <version>
                <release>2.3</release>
                <api>1.6</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- When old and new passwords are the same, do nothing, return success (#1487823)
- Fixed Samba password hashing in 'ldap' driver
- Added 'password_change' hook for plugin actions after successful password change
- Fixed bug where 'doveadm pw' command was used as dovecotpw utility
- Improve generated crypt() passwords (#1488136)
            </notes>
        </release>
        <release>
            <date>2011-11-23</date>
            <version>
                <release>2.4</release>
                <api>1.6</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- Added option to use punycode or unicode for domain names (#1488103)
- Save Samba password hashes in capital letters (#1488197)
            </notes>
        </release>
        <release>
            <date>2011-11-23</date>
            <version>
                <release>3.0</release>
                <api>2.0</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- Fixed drivers namespace issues
            </notes>
        </release>
        <release>
            <date>2012-03-07</date>
            <version>
                <release>3.1</release>
                <api>2.0</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- Added pw_usermod driver (#1487826)
- Added option password_login_exceptions (#1487826)
- Added domainfactory driver (#1487882)
- Added DBMail driver (#1488281)
- Helper files moved to helpers/ directory from drivers/
- Added Expect driver (#1488363)
- Added Samba password (#1488364)
            </notes>
        </release>
        <release>
            <date>2012-11-15</date>
            <version>
                <release>3.2</release>
                <api>2.0</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
- Fix wrong (non-specific) error message on crypt or connection error (#1488808)
- Added option to define IMAP hosts that support password changes - password_hosts
            </notes>
        </release>
        <release>
            <date>2013-03-30</date>
            <version>
                <release>3.3</release>
                <api>2.0</api>
            </version>
            <stability>
                <release>stable</release>
                <api>stable</api>
            </stability>
            <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
            <notes>
Added new cPanel driver - fixes localization related issues (#1487015)
            </notes>
        </release>
    </changelog>
</package>

 plugins/password/password.php

@@ -43,6 +43,7 @@
    public $task    = 'settings|login';
    public $noframe = true;
    public $noajax  = true;

    private $newuser = false;

    function init()
@@ -51,22 +52,23 @@

        $this->load_config();

        if($rcmail->task == 'settings' && !$this->check_host_login_exceptions()) {
            return;
        if ($rcmail->task == 'settings') {
            if (!$this->check_host_login_exceptions()) {
                return;
            }

            $this->add_hook('settings_actions', array($this, 'settings_actions'));

            $this->register_action('plugin.password', array($this, 'password_init'));
            $this->register_action('plugin.password-save', array($this, 'password_save'));

            if (strpos($rcmail->action, 'plugin.password') === 0) {
                $this->include_script('password.js');
            }
        }
        
        $this->add_hook('settings_actions', array($this, 'settings_actions'));
        if($rcmail->config->get('password_force_new_user')) {
        else if ($rcmail->config->get('password_force_new_user')) {
            $this->add_hook('user_create', array($this, 'user_create'));
            $this->add_hook('login_after', array($this, 'login_after'));
        }

        $this->register_action('plugin.password', array($this, 'password_init'));
        $this->register_action('plugin.password-save', array($this, 'password_save'));


        if (strpos($rcmail->action, 'plugin.password') === 0) {
            $this->include_script('password.js');
        }
    }

@@ -84,24 +86,25 @@

        $rcmail = rcmail::get_instance();
        $rcmail->output->set_pagetitle($this->gettext('changepasswd'));
        $first = rcube_utils::get_input_value('_first', rcube_utils::INPUT_GET);
        if(isset($first) && $first == 'true') {

        if (rcube_utils::get_input_value('_first', rcube_utils::INPUT_GET)) {
            $rcmail->output->command('display_message', $this->gettext('firstloginchange'), 'notice');
        }

        $rcmail->output->send('plugin');
    }

    function password_save()
    {
        $rcmail = rcmail::get_instance();

        $this->add_texts('localization/');
        $this->register_handler('plugin.body', array($this, 'password_form'));

        $rcmail = rcmail::get_instance();
        $rcmail->output->set_pagetitle($this->gettext('changepasswd'));

        $confirm = $rcmail->config->get('password_confirm_current');
        $required_length = intval($rcmail->config->get('password_minimum_length'));
        $check_strength = $rcmail->config->get('password_require_nonalpha');
        $check_strength  = $rcmail->config->get('password_require_nonalpha');

        if (($confirm && !isset($_POST['_curpasswd'])) || !isset($_POST['_newpasswd'])) {
            $rcmail->output->command('display_message', $this->gettext('nopassword'), 'error');
@@ -294,44 +297,39 @@

        return $reason;
    }
    

    function user_create($args)
    {
        $this->newuser = true;
        return $args;
    }
        

    function login_after($args)
    {
        if(!$this->check_host_login_exceptions()) {
            return $args;
        }
        if($this->newuser)
        {
            $args['_task'] = 'settings';
        if ($this->newuser && $this->check_host_login_exceptions()) {
            $args['_task']   = 'settings';
            $args['_action'] = 'plugin.password';
            $args['_first'] = 'true';
            $args['_first']  = 'true';
        }

        return $args;
    }
    

    // Check if host and login is allowed to change the password, false = not allowed, true = not allowed
    private function check_host_login_exceptions()
    {
        $rcmail = rcmail::get_instance();

        // Host exceptions
        $hosts = $rcmail->config->get('password_hosts');
        $this->allowed_hosts = $hosts;
        if (!empty($hosts) && !in_array($_SESSION['storage_host'], $hosts)) {
            return false;
        }
        

        // Login exceptions
        if ($exceptions = $rcmail->config->get('password_login_exceptions')) {
            $exceptions = array_map('trim', (array) $exceptions);
            $exceptions = array_filter($exceptions);
            $this->login_exceptions = $exceptions;
            $username   = $_SESSION['username'];

            foreach ($exceptions as $ec) {
@@ -340,6 +338,7 @@
                }
            }
        }

        return true;
    }
}