From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
plugins/password/drivers/poppassd.php | 82 +++++++++++++++++++++++++++++++++++++++++
1 files changed, 82 insertions(+), 0 deletions(-)
diff --git a/plugins/password/drivers/poppassd.php b/plugins/password/drivers/poppassd.php
new file mode 100644
index 0000000..7a28210
--- /dev/null
+++ b/plugins/password/drivers/poppassd.php
@@ -0,0 +1,82 @@
+<?php
+
+/**
+ * Poppassd Password Driver
+ *
+ * Driver to change passwords via Poppassd/Courierpassd
+ *
+ * @version 2.0
+ * @author Philip Weir
+ *
+ * Copyright (C) 2005-2013, The Roundcube Dev Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ */
+
+class rcube_poppassd_password
+{
+ function format_error_result($code, $line)
+ {
+ if (preg_match('/^\d\d\d\s+(\S.*)\s*$/', $line, $matches)) {
+ return array('code' => $code, 'message' => $matches[1]);
+ }
+
+ return $code;
+ }
+
+ function save($curpass, $passwd)
+ {
+ $rcmail = rcmail::get_instance();
+// include('Net/Socket.php');
+ $poppassd = new Net_Socket();
+
+ $result = $poppassd->connect($rcmail->config->get('password_pop_host'), $rcmail->config->get('password_pop_port'), null);
+ if (is_a($result, 'PEAR_Error')) {
+ return $this->format_error_result(PASSWORD_CONNECT_ERROR, $result->getMessage());
+ }
+ else {
+ $result = $poppassd->readLine();
+ if(!preg_match('/^2\d\d/', $result)) {
+ $poppassd->disconnect();
+ return $this->format_error_result(PASSWORD_ERROR, $result);
+ }
+ else {
+ $poppassd->writeLine("user ". $_SESSION['username']);
+ $result = $poppassd->readLine();
+ if (!preg_match('/^[23]\d\d/', $result) ) {
+ $poppassd->disconnect();
+ return $this->format_error_result(PASSWORD_CONNECT_ERROR, $result);
+ }
+ else {
+ $poppassd->writeLine("pass ". $curpass);
+ $result = $poppassd->readLine();
+ if (!preg_match('/^[23]\d\d/', $result) ) {
+ $poppassd->disconnect();
+ return $this->format_error_result(PASSWORD_ERROR, $result);
+ }
+ else {
+ $poppassd->writeLine("newpass ". $passwd);
+ $result = $poppassd->readLine();
+ $poppassd->disconnect();
+ if (!preg_match('/^2\d\d/', $result)) {
+ return $this->format_error_result(PASSWORD_ERROR, $result);
+ }
+
+ return PASSWORD_SUCCESS;
+ }
+ }
+ }
+ }
+ }
+}
--
Gitblit v1.9.1