From a3644638aaf0418598196a870204e0b632a4c8ad Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Fri, 17 Apr 2015 06:28:40 -0400
Subject: [PATCH] Allow preference sections to define CSS class names

---
 plugins/password/drivers/sql.php |   64 +++++++++++++++++++-------------
 1 files changed, 38 insertions(+), 26 deletions(-)

diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php
index b08833d..37e162e 100644
--- a/plugins/password/drivers/sql.php
+++ b/plugins/password/drivers/sql.php
@@ -8,6 +8,20 @@
  * @version 2.0
  * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl>
  *
+ * Copyright (C) 2005-2013, The Roundcube Dev Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
  */
 
 class rcube_sql_password
@@ -16,41 +30,34 @@
     {
         $rcmail = rcmail::get_instance();
 
-        if (!($sql = $rcmail->config->get('password_query')))
+        if (!($sql = $rcmail->config->get('password_query'))) {
             $sql = 'SELECT update_passwd(%c, %u)';
+        }
 
         if ($dsn = $rcmail->config->get('password_db_dsn')) {
-            // #1486067: enable new_link option
-            if (is_array($dsn) && empty($dsn['new_link']))
-                $dsn['new_link'] = true;
-            else if (!is_array($dsn) && !preg_match('/\?new_link=true/', $dsn))
-                $dsn .= '?new_link=true';
-
             $db = rcube_db::factory($dsn, '', false);
             $db->set_debug((bool)$rcmail->config->get('sql_debug'));
-            $db->db_connect('w');
         }
         else {
             $db = $rcmail->get_dbh();
         }
 
-        if ($err = $db->is_error())
+        if ($db->is_error()) {
             return PASSWORD_ERROR;
+        }
 
         // crypted password
         if (strpos($sql, '%c') !== FALSE) {
             $salt = '';
 
-            if (!($crypt_hash = $rcmail->config->get('password_crypt_hash')))
-            {
+            if (!($crypt_hash = $rcmail->config->get('password_crypt_hash'))) {
                 if (CRYPT_MD5)
                     $crypt_hash = 'md5';
                 else if (CRYPT_STD_DES)
                     $crypt_hash = 'des';
             }
 
-            switch ($crypt_hash)
-            {
+            switch ($crypt_hash) {
             case 'md5':
                 $len = 8;
                 $salt_hashindicator = '$1$';
@@ -59,8 +66,10 @@
                 $len = 2;
                 break;
             case 'blowfish':
-                $len = 22;
-                $salt_hashindicator = '$2a$';
+                $cost = (int) $rcmail->config->get('password_blowfish_cost');
+                $cost = $cost < 4 || $cost > 31 ? 12 : $cost;
+                $len  = 22;
+                $salt_hashindicator = sprintf('$2a$%02d$', $cost);
                 break;
             case 'sha256':
                 $len = 16;
@@ -117,7 +126,7 @@
         // hashed passwords
         if (preg_match('/%[n|q]/', $sql)) {
             if (!extension_loaded('hash')) {
-                raise_error(array(
+                rcube::raise_error(array(
                     'code' => 600,
                     'type' => 'php',
                     'file' => __FILE__, 'line' => __LINE__,
@@ -127,8 +136,9 @@
                 return PASSWORD_ERROR;
             }
 
-            if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm'))))
+            if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) {
                 $hash_algo = 'sha1';
+            }
 
             $hash_passwd = hash($hash_algo, $passwd);
             $hash_curpass = hash($hash_algo, $curpass);
@@ -164,14 +174,14 @@
 
         // convert domains to/from punnycode
         if ($rcmail->config->get('password_idn_ascii')) {
-            $domain_part = rcube_idn_to_ascii($domain_part);
-            $username    = rcube_idn_to_ascii($username);
-            $host        = rcube_idn_to_ascii($host);
+            $domain_part = rcube_utils::idn_to_ascii($domain_part);
+            $username    = rcube_utils::idn_to_ascii($username);
+            $host        = rcube_utils::idn_to_ascii($host);
         }
         else {
-            $domain_part = rcube_idn_to_utf8($domain_part);
-            $username    = rcube_idn_to_utf8($username);
-            $host        = rcube_idn_to_utf8($host);
+            $domain_part = rcube_utils::idn_to_utf8($domain_part);
+            $username    = rcube_utils::idn_to_utf8($username);
+            $host        = rcube_utils::idn_to_utf8($host);
         }
 
         // at least we should always have the local part
@@ -183,10 +193,12 @@
         $res = $db->query($sql, $sql_vars);
 
         if (!$db->is_error()) {
-            if (strtolower(substr(trim($query),0,6))=='select') {
-                if ($result = $db->fetch_array($res))
+            if (strtolower(substr(trim($sql),0,6)) == 'select') {
+                if ($db->fetch_array($res)) {
                     return PASSWORD_SUCCESS;
-            } else {
+                }
+            }
+            else {
                 // This is the good case: 1 row updated
                 if ($db->affected_rows($res) == 1)
                     return PASSWORD_SUCCESS;

--
Gitblit v1.9.1