Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F225064
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
13 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/plugins/password/localization/hu_HU.inc b/plugins/password/localization/hu_HU.inc
new file mode 100644
index 000000000..8a4e5d678
--- /dev/null
+++ b/plugins/password/localization/hu_HU.inc
@@ -0,0 +1,18 @@
+<?php
+
+$labels = array();
+$labels['changepasswd'] = 'Jelszóváltás';
+$labels['curpasswd'] = 'Jelenlegi jelszó:';
+$labels['newpasswd'] = 'Új jelszó:';
+$labels['confpasswd'] = 'Új jelszó mégegyszer:';
+
+$messages = array();
+$messages['nopassword'] = 'Kérjük adja meg az új jelszót.';
+$messages['nocurpassword'] = 'Kérjük adja meg a jelenlegi jelszót.';
+$messages['passwordincorrect'] = 'Érvénytelen a jelenlegi jelszó.';
+$messages['passwordinconsistency'] = 'A két új jelszó nem egyezik.';
+$messages['nocryptfunction'] = 'Hiba történt a kérés feldolgozása során.';
+$messages['internalerror'] = 'Hiba történt a kérés feldolgozása során.';
+$messages['errorsaving'] = 'Hiba történt a kérés feldolgozása során.';
+
+?>
diff --git a/plugins/password/password.js b/plugins/password/password.js
index 3d05b622b..e6fa0b547 100644
--- a/plugins/password/password.js
+++ b/plugins/password/password.js
@@ -1,44 +1,36 @@
/* Password change interface (tab) */
if (window.rcmail) {
rcmail.addEventListener('init', function(evt) {
// <span id="settingstabdefault" class="tablink"><roundcube:button command="preferences" type="link" label="preferences" title="editpreferences" /></span>
var tab = $('<span>').attr('id', 'settingstabpluginpassword').addClass('tablink');
var button = $('<a>').attr('href', rcmail.env.comm_path+'&_action=plugin.password').html(rcmail.gettext('password')).appendTo(tab);
button.bind('click', function(e){ return rcmail.command('plugin.password', this) });
// add button and register commands
rcmail.add_element(tab, 'tabs');
rcmail.register_command('plugin.password', function() { rcmail.goto_url('plugin.password') }, true);
rcmail.register_command('plugin.password-save', function() {
var input_curpasswd = rcube_find_object('_curpasswd');
var input_newpasswd = rcube_find_object('_newpasswd');
var input_confpasswd = rcube_find_object('_confpasswd');
if (input_curpasswd && input_curpasswd.value=='') {
alert(rcmail.gettext('nocurpassword', 'password'));
input_curpasswd.focus();
} else if (input_newpasswd && input_newpasswd.value=='') {
alert(rcmail.gettext('nopassword', 'password'));
input_newpasswd.focus();
} else if (input_confpasswd && input_confpasswd.value=='') {
alert(rcmail.gettext('nopassword', 'password'));
input_confpasswd.focus();
} else if ((input_newpasswd && input_confpasswd) && (input_newpasswd.value != input_confpasswd.value)) {
alert(rcmail.gettext('passwordinconsistency', 'password'));
input_newpasswd.focus();
} else {
rcmail.gui_objects.passform.submit();
}
}, true);
})
-
- // set page title
- if (rcmail.env.action == 'plugin.password' && rcmail.env.task == 'settings') {
- var title = rcmail.gettext('changepasswd','password')
- if (rcmail.env.product_name)
- title = rcmail.env.product_name + ' :: ' + title;
- rcmail.set_pagetitle(title);
- }
}
diff --git a/plugins/password/password.php b/plugins/password/password.php
index 0920c32f8..0763e91c5 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -1,256 +1,258 @@
<?php
/**
* Change Password
*
* Plugin that adds a possibility to change password using a database
* (Settings -> Password tab)
*
* @version 1.1
* @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl>
* @editor Daniel Black
*
* Configuration Items (config/main.inc.php):
* password_confirm_current - boolean to determine whether current password
* is required to change password. Defaults to FALSE.
* password_db_dsn - is the PEAR database DSN for performing the query. Defaults
* to the default databse setting in config/db.inc.php
* password_query - the SQL query used to change the password.
* If the SQL query is a SELECT it will return an error message in a row if unsuccessful
* If the SQL query is a UPDATE it will update a single row only.
* An UPDATE where zero rows changed will be inteperated to be a wrong username/password
* More than one row changed will be inteperated as an internal error
* The query can contain the following macros that will be expanded as follows:
* %p is replaced with the plaintext new password
* %c is replaced with the crypt version of the new password, MD5 if available
* otherwise DES.
* %u is replaced with the username (from the session info)
* %o is replaced with the password before the change
* %h is replaced with the imap host (from the session info)
* Escaping of macros is handled by this module.
* Defaults to "SELECT update_passwd(%c, %u)"
* To use this you need to define the update_passwd function in your
* database.
*
* Example SQL queries:
* These will typically need to define a function to change the password:
*
* Example implementations of an update_passwd function:
*
* This is for use with LMS (http://lms.org.pl) database and postgres:
* CREATE OR REPLACE FUNCTION update_passwd(hash text, account text) RETURNS integer AS $$
* DECLARE
* res integer;
* BEGIN
* UPDATE passwd SET password = hash
* WHERE login = split_part(account, '@', 1)
* AND domainid = (SELECT id FROM domains WHERE name = split_part(account, '@', 2))
* RETURNING id INTO res;
* RETURN res;
* END;
* $$ LANGUAGE plpgsql SECURITY DEFINER;
*
* This is for use with a SELECT update_passwd(%o,%c,%u) query
* Uupdates the password only when the old password matches the MD5 password in the database
* CREATE FUNCTION update_password (oldpass text, cryptpass text, user text) RETURNS text
* MODIFIES SQL DATA
* BEGIN
* DECLARE currentsalt varchar(20);
* DECLARE error text;
* SET error = 'incorrect current password';
* SELECT substring_index(substr(user.password,4),_latin1'$',1) INTO currentsalt FROM users WHERE username=user;
* SELECT '' INTO error FROM users WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
* UPDATE users SET password=cryptpass WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
* RETURN error;
* END
*
* Example SQL UPDATEs:
*
* Plain text passwords:
* UPDATE users SET password=%p WHERE username=%u AND password=%o AND domain=%h LIMIT 1
*
* Crypt text passwords:
* UPDATE users SET password=%c WHERE username=%u LIMIT 1
*
* Use a MYSQL crypt function (*nix only) with random 8 character salt
* UPDATE users SET password=ENCRYPT(%p,concat(_utf8'$1$',right(md5(rand()),8),_utf8'$')) WHERE username=%u LIMIT 1
*
* MD5 stored passwords:
* UPDATE users SET password=MD5(%p) WHERE username=%u AND password=MD5(%o) LIMIT 1
*
*/
class password extends rcube_plugin
{
public $task = 'settings';
function init()
{
$rcmail = rcmail::get_instance();
// add Tab label
$rcmail->output->add_label('password');
$this->register_action('plugin.password', array($this, 'password_init'));
$this->register_action('plugin.password-save', array($this, 'password_save'));
$this->register_handler('plugin.body', array($this, 'password_form'));
$this->include_script('password.js');
}
function password_init()
{
$this->add_texts('localization/');
- rcmail::get_instance()->output->send('plugin');
+ $rcmail = rcmail::get_instance();
+ $rcmail->output->set_pagetitle($this->gettext('changepasswd'));
+ $rcmail->output->send('plugin');
}
function password_save()
{
$rcmail = rcmail::get_instance();
- $confirm = $rcmail->config->get('password_confirm_current');
$this->add_texts('localization/');
+ $confirm = $rcmail->config->get('password_confirm_current');
+ $rcmail->output->set_pagetitle($this->gettext('changepasswd'));
if (($confirm && !isset($_POST['_curpasswd'])) || !isset($_POST['_newpasswd']))
$rcmail->output->command('display_message', $this->gettext('nopassword'), 'error');
else {
$curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
$newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd)
$rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
else if (!($res = $this->_save($curpwd,$newpwd))) {
$rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
$_SESSION['password'] = $rcmail->encrypt($newpwd);
} else
$rcmail->output->command('display_message', $res, 'error');
}
rcmail_overwrite_action('plugin.password');
- rcmail::get_instance()->output->send('plugin');
+ $rcmail->output->send('plugin');
}
function password_form()
{
$rcmail = rcmail::get_instance();
$confirm = $rcmail->config->get('password_confirm_current');
// add some labels to client
$rcmail->output->add_label(
'password.nopassword',
'password.nocurpassword',
- 'password.passwordinconsistency',
- 'password.changepasswd'
+ 'password.passwordinconsistency'
);
-// $rcmail->output->set_pagetitle($this->gettext('changepasswd'));
+
$rcmail->output->set_env('product_name', $rcmail->config->get('product_name'));
// allow the following attributes to be added to the <table> tag
$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'cellpadding', 'cellspacing', 'border', 'summary'));
// return the complete edit form as table
$out = '<table' . $attrib_str . ">\n\n";
if ($confirm) {
// show current password selection
$field_id = 'curpasswd';
$input_newpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => $field_id,
'size' => 20, 'autocomplete' => 'off'));
$out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n",
$field_id,
rep_specialchars_output($this->gettext('curpasswd')),
$input_newpasswd->show($rcmail->config->get('curpasswd')));
}
// show new password selection
$field_id = 'newpasswd';
$input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => $field_id,
'size' => 20, 'autocomplete' => 'off'));
$out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n",
$field_id,
rep_specialchars_output($this->gettext('newpasswd')),
$input_newpasswd->show($rcmail->config->get('newpasswd')));
// show confirm password selection
$field_id = 'confpasswd';
$input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => $field_id,
'size' => 20, 'autocomplete' => 'off'));
$out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n",
$field_id,
rep_specialchars_output($this->gettext('confpasswd')),
$input_confpasswd->show($rcmail->config->get('confpasswd')));
$out .= "\n</table>";
$out .= '<br />';
$out .= $rcmail->output->button(array(
'command' => 'plugin.password-save',
'type' => 'input',
'class' => 'button mainaction',
'label' => 'save'
));
$rcmail->output->add_gui_object('passform', 'password-form');
return $rcmail->output->form_tag(array(
'id' => 'password-form',
'name' => 'password-form',
'method' => 'post',
'action' => './?_task=settings&_action=plugin.password-save',
), $out);
}
private function _save($curpass,$passwd)
{
$cfg = rcmail::get_instance()->config;
if (!($sql = $cfg->get('password_query')))
$sql = "SELECT update_passwd(%c, %u)";
if ($dsn = $cfg->get('password_db_dsn')) {
$db = new rcube_mdb2($dsn, '', FALSE);
$db->set_debug((bool)$cfg->get('sql_debug'));
$db->db_connect('w');
} else {
$db = rcmail::get_instance()->get_dbh();
}
if ($err = $db->is_error())
return $err;
if (strpos($sql,'%c') !== FALSE) {
$salt = '';
if (CRYPT_MD5) {
$len = rand(3,CRYPT_SALT_LENGTH);
} else if (CRYPT_STD_DES) {
$len = 2;
} else {
return $this->gettext('nocryptfunction');
}
for ($i = 0; $i < $len ; $i++) {
$salt .= chr(rand(ord('.'),ord('z')));
}
$sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql);
}
$sql = str_replace('%u', $db->quote($_SESSION['username'],'text'), $sql);
$sql = str_replace('%p', $db->quote($passwd,'text'), $sql);
$sql = str_replace('%o', $db->quote($curpass,'text'), $sql);
$sql = str_replace('%h', $db->quote($_SESSION['imap_host'],'text'), $sql);
$res = $db->query($sql);
if ($err = $db->is_error())
return $err;
if (strtolower(substr(trim($query),0,6))=='select') {
return $db->fetch_array($res);
} else {
$res = $db->affected_rows($res);
if ($res == 0) return $this->gettext('errorsaving');
if ($res == 1) return FALSE; // THis is the good case - 1 row updated
return $this->gettext('internalerror');
}
}
}
?>
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Mar 1, 2:17 PM (8 m, 41 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
167244
Default Alt Text
(13 KB)
Attached To
Mode
R3 roundcubemail
Attached
Detach File
Event Timeline
Log In to Comment