Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F224215
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
26 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/plugins/password/package.xml b/plugins/password/package.xml
index 29d222409..e639a04ef 100644
--- a/plugins/password/package.xml
+++ b/plugins/password/package.xml
@@ -1,335 +1,350 @@
<?xml version="1.0" encoding="UTF-8"?>
<package xmlns="http://pear.php.net/dtd/package-2.0" xmlns:tasks="http://pear.php.net/dtd/tasks-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" packagerversion="1.9.0" version="2.0" xsi:schemaLocation="http://pear.php.net/dtd/tasks-1.0
http://pear.php.net/dtd/tasks-1.0.xsd
http://pear.php.net/dtd/package-2.0
http://pear.php.net/dtd/package-2.0.xsd">
<name>password</name>
<channel>pear.roundcube.net</channel>
<summary>Password Change for Roundcube</summary>
<description>Plugin that adds a possibility to change user password using many
methods (drivers) via Settings/Password tab.
</description>
<lead>
<name>Aleksander Machniak</name>
<user>alec</user>
<email>alec@alec.pl</email>
<active>yes</active>
</lead>
- <date>2012-03-07</date>
+ <date>2012-11-15</date>
<version>
- <release>3.1</release>
+ <release>3.2</release>
<api>2.0</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
<notes>
-- Added pw_usermod driver (#1487826)
-- Added option password_login_exceptions (#1487826)
-- Added domainfactory driver (#1487882)
-- Added DBMail driver (#1488281)
-- Helper files moved to helpers/ directory from drivers/
-- Added Expect driver (#1488363)
-- Added Samba password (#1488364)
+- Fix wrong (non-specific) error message on crypt or connection error (#1488808)
</notes>
<contents>
<dir baseinstalldir="/" name="/">
<file name="password.php" role="php">
<tasks:replace from="@name@" to="name" type="package-info"/>
<tasks:replace from="@package_version@" to="version" type="package-info"/>
</file>
<file name="password.js" role="data">
<tasks:replace from="@name@" to="name" type="package-info"/>
<tasks:replace from="@package_version@" to="version" type="package-info"/>
</file>
<file name="README" role="data">
<tasks:replace from="@name@" to="name" type="package-info"/>
<tasks:replace from="@package_version@" to="version" type="package-info"/>
</file>
<file name="localization/az_AZ.inc" role="data"></file>
<file name="localization/bg_BG.inc" role="data"></file>
<file name="localization/ca_ES.inc" role="data"></file>
<file name="localization/cs_CZ.inc" role="data"></file>
<file name="localization/da_DK.inc" role="data"></file>
<file name="localization/de_CH.inc" role="data"></file>
<file name="localization/de_DE.inc" role="data"></file>
<file name="localization/en_US.inc" role="data"></file>
<file name="localization/es_AR.inc" role="data"></file>
<file name="localization/es_ES.inc" role="data"></file>
<file name="localization/et_EE.inc" role="data"></file>
<file name="localization/fi_FI.inc" role="data"></file>
<file name="localization/fr_FR.inc" role="data"></file>
<file name="localization/gl_ES.inc" role="data"></file>
<file name="localization/hr_HR.inc" role="data"></file>
<file name="localization/hu_HU.inc" role="data"></file>
<file name="localization/it_IT.inc" role="data"></file>
<file name="localization/ja_JA.inc" role="data"></file>
<file name="localization/lt_LT.inc" role="data"></file>
<file name="localization/lv_LV.inc" role="data"></file>
<file name="localization/nl_NL.inc" role="data"></file>
<file name="localization/pl_PL.inc" role="data"></file>
<file name="localization/pt_BR.inc" role="data"></file>
<file name="localization/pt_PT.inc" role="data"></file>
<file name="localization/ru_RU.inc" role="data"></file>
<file name="localization/sk_SK.inc" role="data"></file>
<file name="localization/sl_SI.inc" role="data"></file>
<file name="localization/sv_SE.inc" role="data"></file>
<file name="localization/tr_TR.inc" role="data"></file>
<file name="localization/zh_TW.inc" role="data"></file>
<file name="drivers/chpasswd.php" role="php"></file>
<file name="drivers/dbmail.php" role="php"></file>
<file name="drivers/directadmin.php" role="php"></file>
<file name="drivers/domainfactory.php" role="php"></file>
<file name="drivers/expect.php" role="php"></file>
<file name="drivers/ldap.php" role="php"></file>
<file name="drivers/ldap_simple.php" role="php"></file>
<file name="drivers/poppassd.php" role="php"></file>
<file name="drivers/sql.php" role="php"></file>
<file name="drivers/vpopmaild.php" role="php"></file>
<file name="drivers/cpanel.php" role="php"></file>
<file name="drivers/hmail.php" role="php"></file>
<file name="drivers/pam.php" role="php"></file>
<file name="drivers/pw_usermod.php" role="php"></file>
<file name="drivers/sasl.php" role="php"></file>
<file name="drivers/smb.php" role="php"></file>
<file name="drivers/virtualmin.php" role="php"></file>
<file name="drivers/ximss.php" role="php"></file>
<file name="drivers/xmail.php" role="php"></file>
<file name="helpers/chgdbmailusers.c" role="data"></file>
<file name="helpers/chgsaslpasswd.c" role="data"></file>
<file name="helpers/chgvirtualminpasswd.c" role="data"></file>
<file name="helpers/chpass-wrapper.py" role="data"></file>
<file name="helpers/passwd-expect" role="data"></file>
<file name="config.inc.php.disc" role="data"></file>
</dir>
<!-- / -->
</contents>
<dependencies>
<required>
<php>
<min>5.2.1</min>
</php>
<pearinstaller>
<min>1.7.0</min>
</pearinstaller>
</required>
</dependencies>
<phprelease/>
<changelog>
<release>
<date>2010-04-29</date>
<time>12:00:00</time>
<version>
<release>1.4</release>
<api>1.4</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
<notes>
- Use mail_domain value for domain variables when there is no domain in username:
sql and ldap drivers (#1486694)
- Created package.xml
</notes>
</release>
<release>
<date>2010-06-20</date>
<time>12:00:00</time>
<version>
<release>1.5</release>
<api>1.5</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
<notes>
- Removed user_login/username_local/username_domain methods,
use rcube_user::get_username instead (#1486707)
</notes>
</release>
<release>
<date>2010-08-01</date>
<time>09:00:00</time>
<version>
<release>1.6</release>
<api>1.5</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
<notes>
- Added ldap_simple driver
</notes>
</release>
<release>
<date>2010-09-10</date>
<time>09:00:00</time>
<version>
<release>1.7</release>
<api>1.5</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
<notes>
- Added XMail driver
- Improve security of chpasswd driver using popen instead of exec+echo (#1486987)
- Added chpass-wrapper.py script to improve security (#1486987)
</notes>
</release>
<release>
<date>2010-09-29</date>
<time>19:00:00</time>
<version>
<release>1.8</release>
<api>1.6</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
<notes>
- Added possibility to display extended error messages (#1486704)
- Added extended error messages in Poppassd driver (#1486704)
</notes>
</release>
<release>
<version>
<release>1.9</release>
<api>1.6</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
<notes>
- Added password_ldap_lchattr option (#1486927)
</notes>
</release>
<release>
<date>2010-10-07</date>
<time>09:00:00</time>
<version>
<release>2.0</release>
<api>1.6</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
<notes>
- Fixed SQL Injection in SQL driver when using %p or %o variables in query (#1487034)
</notes>
</release>
<release>
<date>2010-11-02</date>
<time>09:00:00</time>
<version>
<release>2.1</release>
<api>1.6</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
<notes>
- hMail driver: Add possibility to connect to remote host
</notes>
</release>
<release>
<date>2011-02-15</date>
<time>12:00</time>
<version>
<release>2.2</release>
<api>1.6</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
<notes>
- hMail driver: add username_domain detection (#1487100)
- hMail driver: HTML tags in logged messages should be stripped off (#1487099)
- Chpasswd driver: add newline at end of input to chpasswd binary (#1487141)
- Fix usage of configured temp_dir instead of /tmp (#1487447)
- ldap_simple driver: fix parse error
- ldap/ldap_simple drivers: support %dc variable in config
- ldap/ldap_simple drivers: support Samba password change
- Fix extended error messages handling (#1487676)
- Fix double request when clicking on Password tab in Firefox
- Fix deprecated split() usage in xmail and directadmin drivers (#1487769)
- Added option (password_log) for logging password changes
- Virtualmin driver: Add option for setting username format (#1487781)
</notes>
</release>
<release>
<date>2011-10-26</date>
<time>12:00</time>
<version>
<release>2.3</release>
<api>1.6</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
<notes>
- When old and new passwords are the same, do nothing, return success (#1487823)
- Fixed Samba password hashing in 'ldap' driver
- Added 'password_change' hook for plugin actions after successful password change
- Fixed bug where 'doveadm pw' command was used as dovecotpw utility
- Improve generated crypt() passwords (#1488136)
</notes>
</release>
<release>
<date>2011-11-23</date>
<version>
<release>2.4</release>
<api>1.6</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
<notes>
- Added option to use punycode or unicode for domain names (#1488103)
- Save Samba password hashes in capital letters (#1488197)
</notes>
</release>
<release>
<date>2011-11-23</date>
<version>
<release>3.0</release>
<api>2.0</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
<notes>
- Fixed drivers namespace issues
</notes>
</release>
+ <release>
+ <date>2012-03-07</date>
+ <version>
+ <release>3.1</release>
+ <api>2.0</api>
+ </version>
+ <stability>
+ <release>stable</release>
+ <api>stable</api>
+ </stability>
+ <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
+ <notes>
+- Added pw_usermod driver (#1487826)
+- Added option password_login_exceptions (#1487826)
+- Added domainfactory driver (#1487882)
+- Added DBMail driver (#1488281)
+- Helper files moved to helpers/ directory from drivers/
+- Added Expect driver (#1488363)
+- Added Samba password (#1488364)
+ </notes>
+ </release>
</changelog>
</package>
diff --git a/plugins/password/password.php b/plugins/password/password.php
index 58b6f8cd9..e795d115f 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -1,290 +1,292 @@
<?php
/*
+-------------------------------------------------------------------------+
| Password Plugin for Roundcube |
| @version @package_version@ |
| |
| Copyright (C) 2009-2010, Roundcube Dev. |
| |
| This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License version 2 |
| as published by the Free Software Foundation. |
| |
| This program is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| GNU General Public License for more details. |
| |
| You should have received a copy of the GNU General Public License along |
| with this program; if not, write to the Free Software Foundation, Inc., |
| 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| |
+-------------------------------------------------------------------------+
| Author: Aleksander Machniak <alec@alec.pl> |
+-------------------------------------------------------------------------+
$Id: index.php 2645 2009-06-15 07:01:36Z alec $
*/
define('PASSWORD_CRYPT_ERROR', 1);
define('PASSWORD_ERROR', 2);
define('PASSWORD_CONNECT_ERROR', 3);
define('PASSWORD_SUCCESS', 0);
/**
* Change password plugin
*
* Plugin that adds functionality to change a users password.
* It provides common functionality and user interface and supports
* several backends to finally update the password.
*
* For installation and configuration instructions please read the README file.
*
* @author Aleksander Machniak
*/
class password extends rcube_plugin
{
public $task = 'settings';
public $noframe = true;
public $noajax = true;
function init()
{
$rcmail = rcmail::get_instance();
$this->load_config();
// Exceptions list
if ($exceptions = $rcmail->config->get('password_login_exceptions')) {
$exceptions = array_map('trim', (array) $exceptions);
$exceptions = array_filter($exceptions);
$username = $_SESSION['username'];
foreach ($exceptions as $ec) {
if ($username === $ec) {
return;
}
}
}
// add Tab label
$rcmail->output->add_label('password');
$this->register_action('plugin.password', array($this, 'password_init'));
$this->register_action('plugin.password-save', array($this, 'password_save'));
$this->include_script('password.js');
}
function password_init()
{
$this->add_texts('localization/');
$this->register_handler('plugin.body', array($this, 'password_form'));
$rcmail = rcmail::get_instance();
$rcmail->output->set_pagetitle($this->gettext('changepasswd'));
$rcmail->output->send('plugin');
}
function password_save()
{
$rcmail = rcmail::get_instance();
$this->add_texts('localization/');
$this->register_handler('plugin.body', array($this, 'password_form'));
$rcmail->output->set_pagetitle($this->gettext('changepasswd'));
$confirm = $rcmail->config->get('password_confirm_current');
$required_length = intval($rcmail->config->get('password_minimum_length'));
$check_strength = $rcmail->config->get('password_require_nonalpha');
if (($confirm && !isset($_POST['_curpasswd'])) || !isset($_POST['_newpasswd'])) {
$rcmail->output->command('display_message', $this->gettext('nopassword'), 'error');
}
else {
$charset = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1'));
$rc_charset = strtoupper($rcmail->output->get_charset());
$sespwd = $rcmail->decrypt($_SESSION['password']);
$curpwd = $confirm ? get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset) : $sespwd;
$newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST, true);
$conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST, true);
// check allowed characters according to the configured 'password_charset' option
// by converting the password entered by the user to this charset and back to UTF-8
$orig_pwd = $newpwd;
$chk_pwd = rcube_charset_convert($orig_pwd, $rc_charset, $charset);
$chk_pwd = rcube_charset_convert($chk_pwd, $charset, $rc_charset);
// WARNING: Default password_charset is ISO-8859-1, so conversion will
// change national characters. This may disable possibility of using
// the same password in other MUA's.
// We're doing this for consistence with Roundcube core
$newpwd = rcube_charset_convert($newpwd, $rc_charset, $charset);
$conpwd = rcube_charset_convert($conpwd, $rc_charset, $charset);
if ($chk_pwd != $orig_pwd) {
$rcmail->output->command('display_message', $this->gettext('passwordforbidden'), 'error');
}
// other passwords validity checks
else if ($conpwd != $newpwd) {
$rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error');
}
else if ($confirm && $sespwd != $curpwd) {
$rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
}
else if ($required_length && strlen($newpwd) < $required_length) {
$rcmail->output->command('display_message', $this->gettext(
array('name' => 'passwordshort', 'vars' => array('length' => $required_length))), 'error');
}
else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) {
$rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error');
}
// password is the same as the old one, do nothing, return success
else if ($sespwd == $newpwd) {
$rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
}
// try to save the password
else if (!($res = $this->_save($curpwd, $newpwd))) {
$rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
// allow additional actions after password change (e.g. reset some backends)
$plugin = $rcmail->plugins->exec_hook('password_change', array(
'old_pass' => $curpwd, 'new_pass' => $newpwd));
// Reset session password
$_SESSION['password'] = $rcmail->encrypt($plugin['new_pass']);
// Log password change
if ($rcmail->config->get('password_log')) {
write_log('password', sprintf('Password changed for user %s (ID: %d) from %s',
$rcmail->user->get_username(), $rcmail->user->ID, rcmail_remote_ip()));
}
}
else {
$rcmail->output->command('display_message', $res, 'error');
}
}
rcmail_overwrite_action('plugin.password');
$rcmail->output->send('plugin');
}
function password_form()
{
$rcmail = rcmail::get_instance();
// add some labels to client
$rcmail->output->add_label(
'password.nopassword',
'password.nocurpassword',
'password.passwordinconsistency'
);
$rcmail->output->set_env('product_name', $rcmail->config->get('product_name'));
$table = new html_table(array('cols' => 2));
if ($rcmail->config->get('password_confirm_current')) {
// show current password selection
$field_id = 'curpasswd';
$input_curpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => $field_id,
'size' => 20, 'autocomplete' => 'off'));
$table->add('title', html::label($field_id, Q($this->gettext('curpasswd'))));
$table->add(null, $input_curpasswd->show());
}
// show new password selection
$field_id = 'newpasswd';
$input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => $field_id,
'size' => 20, 'autocomplete' => 'off'));
$table->add('title', html::label($field_id, Q($this->gettext('newpasswd'))));
$table->add(null, $input_newpasswd->show());
// show confirm password selection
$field_id = 'confpasswd';
$input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => $field_id,
'size' => 20, 'autocomplete' => 'off'));
$table->add('title', html::label($field_id, Q($this->gettext('confpasswd'))));
$table->add(null, $input_confpasswd->show());
$out = html::div(array('class' => 'box'),
html::div(array('id' => 'prefs-title', 'class' => 'boxtitle'), $this->gettext('changepasswd')) .
html::div(array('class' => 'boxcontent'), $table->show() .
html::p(null,
$rcmail->output->button(array(
'command' => 'plugin.password-save',
'type' => 'input',
'class' => 'button mainaction',
'label' => 'save'
)))));
$rcmail->output->add_gui_object('passform', 'password-form');
return $rcmail->output->form_tag(array(
'id' => 'password-form',
'name' => 'password-form',
'method' => 'post',
'action' => './?_task=settings&_action=plugin.password-save',
), $out);
}
private function _save($curpass, $passwd)
{
$config = rcmail::get_instance()->config;
$driver = $config->get('password_driver', 'sql');
$class = "rcube_{$driver}_password";
$file = $this->home . "/drivers/$driver.php";
if (!file_exists($file)) {
raise_error(array(
'code' => 600,
'type' => 'php',
'file' => __FILE__, 'line' => __LINE__,
'message' => "Password plugin: Unable to open driver file ($file)"
), true, false);
return $this->gettext('internalerror');
}
include_once $file;
if (!class_exists($class, false) || !method_exists($class, 'save')) {
raise_error(array(
'code' => 600,
'type' => 'php',
'file' => __FILE__, 'line' => __LINE__,
'message' => "Password plugin: Broken driver $driver"
), true, false);
return $this->gettext('internalerror');
}
$object = new $class;
$result = $object->save($curpass, $passwd);
if (is_array($result)) {
$message = $result['message'];
$result = $result['code'];
}
switch ($result) {
case PASSWORD_SUCCESS:
return;
case PASSWORD_CRYPT_ERROR;
$reason = $this->gettext('crypterror');
+ break;
case PASSWORD_CONNECT_ERROR;
$reason = $this->gettext('connecterror');
+ break;
case PASSWORD_ERROR:
default:
$reason = $this->gettext('internalerror');
}
if ($message) {
$reason .= ' ' . $message;
}
return $reason;
}
}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Mar 1, 8:42 AM (1 d, 12 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
166407
Default Alt Text
(26 KB)
Attached To
Mode
R3 roundcubemail
Attached
Detach File
Event Timeline
Log In to Comment