/** Change le mot de passe de l'utilisateur courant. * @param string $oldpass Ancien mot de passe. * @param string $newpass Nouveau mot de passe * @param string $newpass2 Nouveau mot de passe (à nouveau) * @return boolean TRUE si le mot de passe a été changé, FALSE sinon. */ function passwd($oldpass, $newpass, $newpass2) { global $db, $err, $cuid, $admin; $err->log("mem", "passwd"); $oldpass = stripslashes($oldpass); $newpass = stripslashes($newpass); $newpass2 = stripslashes($newpass2); if (!$this->user["canpass"]) { $err->raise("mem", _("You are not allowed to change your password.")); return false; } if ($this->user["pass"] != _md5cr($oldpass, $this->user["pass"])) { $err->raise("mem", _("The old password is incorrect")); return false; } if ($newpass != $newpass2) { $err->raise("mem", _("The new passwords are differents, please retry")); return false; } $db->query("SELECT login FROM membres WHERE uid='{$cuid}';"); $db->next_record(); $login = $db->Record["login"]; if (!$admin->checkPolicy("mem", $login, $newpass)) { return false; // The error has been raised by checkPolicy() } $newpass = _md5cr($newpass); $db->query("UPDATE membres SET pass='******' WHERE uid='{$cuid}';"); $err->error = 0; return true; }
echo "ldap module not loaded into php, skipping LDAP conversion\n"; } echo "Step 2: encrypting user passwords "; if (!mysql_query("use {$L_MYSQL_DATABASE}")) { echo "can't select database {$L_MYSQL_DATABASE}\n"; } if ($q = mysql_query("SELECT LENGTH(`pass`) AS len FROM `membres` GROUP BY len ORDER BY len ASC;")) { if ($res = mysql_fetch_array($q)) { if ($res['len'] == 34) { print "(already encrypted)"; } else { if (!($q = mysql_query("SELECT uid,pass FROM membres;"))) { echo "SELECT failed: " . mysql_error() . "\n"; } while ($c = mysql_fetch_array($q)) { $pass = _md5cr($c['pass']); $id = $c['uid']; echo "membre {$id}\n"; if (!mysql_query("UPDATE membres SET pass='******' WHERE uid='{$id}';")) { echo "UPDATE failed: " . mysql_error() . "\n"; } else { echo "."; flush(); } } } } else { echo "fetch_array() failed: " . mysql_error() . "\n"; } } else { echo "query failed: " . mysql_error() . "\n";
if (!($c = mysql_fetch_array($r))) { $errstr = _("Your account has not been found, please try again later or ask an administrator."); } else { if ($c["password"] != _md5cr($_POST['acp_oldpass'], $c["password"])) { $errstr = _("Your current password is incorrect, please try again."); } else { // FIXME DO Check the password policy : /* if (is_callable(array($admin,"checkPolicy")) && !$admin->checkPolicy("pop",$username,$_POST['acp_newpass'])) { $errstr=_("This password is not strong enough for your policy, set a stronger password or call your administrator"); } else { */ // ok, let's change the password $acp_newpass = $_POST['acp_newpass']; $newp = _md5cr($acp_newpass); mysql_query("UPDATE address SET password='******' WHERE id=" . $c["id"] . " ;"); $errstr = _("Your password has been successfully changed. Don't forget to change it in your mail software if you are using one (Outlook, Mozilla, Thunderbird, Eudora ...)"); // Write new cookies for the password $onetimepad = OneTimePadCreate(strlen($acp_newpass)); sqsession_register($onetimepad, 'onetimepad'); $key = OneTimePadEncrypt($acp_newpass, $onetimepad); setcookie("key", $key, 0, $base_uri); // } } } } } // POSTED data ? textdomain("squirrelmail"); displayPageHeader($color, 'None');
/** * Change the password of a user in a protected folder * * @global m_bro $bro * @global m_err $err * @global m_admin $admin * @param string $user * @param string $newpass * @param string $dir * @return boolean */ function change_pass($user, $newpass, $dir) { global $bro, $err, $admin; $err->log("hta", "change_pass", $user . "/" . $dir); $absolute = $bro->convertabsolute($dir, 0); if (!file_exists($absolute)) { $err->raise("hta", printf(_("The folder '%s' does not exist"), $dir)); return false; } // Check this password against the password policy using common API : if (is_callable(array($admin, "checkPolicy"))) { if (!$admin->checkPolicy("hta", $user, $newpass)) { return false; // The error has been raised by checkPolicy() } } touch("{$absolute}/.htpasswd.new"); $file = fopen("{$absolute}/.htpasswd", "r"); $newf = fopen("{$absolute}/.htpasswd.new", "a"); if (!$file || !$newf) { $err->raise("hta", _("File already exist")); return false; } while (!feof($file)) { $s = fgets($file, 1024); $t = explode(":", $s); if ($t[0] != $user) { fwrite($newf, "{$s}"); } } fwrite($newf, "{$user}:" . _md5cr($newpass) . "\n"); fclose($file); fclose($newf); unlink("{$absolute}/.htpasswd"); rename("{$absolute}/.htpasswd.new", "{$absolute}/.htpasswd"); return true; }
/** * Edit an account * * Change an account (in the tables <code>membres</code> * and <code>local</code>). Prevents any manipulation of the account if * the account $mid is not super-admin. * * @global m_err $err * @global m_mysql $db * @global int $cuid * @global m_quota $quota * @param int $uid The uid number of the account we want to modify * @param string $mail New email address of the account owner * @param string $nom New name of the account owner * @param string $prenom New first name of the account owner * @param string $pass New password (max. 64 characters) * @param string $enabled (value: 0 or 1) activates or desactivates the * @param boolean $canpass * @param int $type New type of account * @param int $duration * @param string $notes * @param boolean $reset_quotas * @return boolean Returns FALSE if an error occurs, TRUE if not */ function update_mem($uid, $mail, $nom, $prenom, $pass, $enabled, $canpass, $type = 'default', $duration = 0, $notes = "", $reset_quotas = false) { global $err, $db; global $cuid, $quota; $notes = addslashes($notes); $err->log("admin", "update_mem", $uid); if (!$this->enabled) { $err->raise("admin", _("-- Only administrators can access this page! --")); return false; } $db = new DB_System(); if ($pass) { $pass = _md5cr($pass); $ssq = " ,pass='******' "; } else { $ssq = ""; } $old_mem = $this->get($uid); if ($db->query("UPDATE local SET nom='{$nom}', prenom='{$prenom}' WHERE uid='{$uid}';") && $db->query("UPDATE membres SET mail='{$mail}', canpass='******', enabled='{$enabled}', `type`='{$type}', notes='{$notes}' {$ssq} WHERE uid='{$uid}';")) { if ($reset_quotas == "on" || $type != $old_mem['type']) { $quota->addquotas(); $quota->synchronise_user_profile(); } $this->renew_update($uid, $duration); return true; } else { $err->raise("admin", _("Account not found")); return false; } }
#!/usr/bin/php -q <?php require_once "./0-config.php"; $dir_mail = APP_PATH . "/mails"; if (!is_dir($dir_mail)) { mkdir($dir_mail, 0700, true); } $dir_cmd = APP_PATH . "/cmd"; if (!is_dir($dir_cmd)) { mkdir($dir_cmd, 0700, true); } $mail_template = APP_PATH . "/templates/mail_template.php"; $cmd_template = APP_PATH . "/templates/cmd_template.php"; $query = 'select a.id, concat(address,"@",domaine) as email from mailbox m join address a on m.address_id = a.id join domaines d on d.id = domain_id;'; $connection = mysql_query($query); $emailList = array(); while ($result = mysql_fetch_array($connection)) { $emailList[$result["email"]] = $result["id"]; } $query = 'select user as email,pass as password from tmp_mail_pass;'; $connection = mysql_query($query); while ($result = mysql_fetch_array($connection)) { $password = _md5cr($result["password"]); $email = $result["email"]; $id = $emailList[$email]; echo "{$email} : {$password} : {$id}\n"; $update_query = "update address set `password`= '" . $password . "' where id=" . $id; $update_connexion = mysql_query($update_query); }
/** Crée un nouveau compte FTP. * @param string $prefixe Prefixe au login * @param string $login Login ftp (login=prefixe_login) * @param string $pass Mot de passe FTP * @param string $dir Répertoire racine du compte relatif à la racine du membre * @return boolean TRUE si le compte a été créé, FALSE sinon. * */ function add_ftp($prefixe, $login, $pass, $dir) { global $mem, $db, $err, $quota, $bro, $cuid, $admin; $err->log("ftp", "add_ftp", $prefixe . "_" . $login); $dir = $bro->convertabsolute($dir); if (substr($dir, 0, 1) == "/") { $dir = substr($dir, 1); } $r = $this->prefix_list(); if (empty($pass)) { $err->raise("ftp", _("Password can't be empty")); return false; } if (!in_array($prefixe, $r) || $prefixe == "") { $err->raise("ftp", _("The chosen prefix is not allowed")); return false; } $full_login = $prefixe; if ($login) { $full_login .= "_" . $login; } if (!$this->check_login($full_login)) { return false; } $db->query("SELECT count(*) AS cnt FROM ftpusers WHERE name='" . $full_login . "'"); $db->next_record(); if ($db->f("cnt")) { $err->raise("ftp", _("This FTP account already exists")); return false; } $db->query("SELECT login FROM membres WHERE uid='{$cuid}';"); $db->next_record(); $absolute = getuserpath() . "/{$dir}"; if (!file_exists($absolute)) { system("/bin/mkdir -p {$absolute}"); // FIXME replace with action } if (!is_dir($absolute)) { $err->raise("ftp", _("The directory cannot be created")); return false; } // Check this password against the password policy using common API : if (is_callable(array($admin, "checkPolicy"))) { if (!$admin->checkPolicy("ftp", $full_login, $pass)) { return false; // The error has been raised by checkPolicy() } } if ($quota->cancreate("ftp")) { $encrypted_password = _md5cr($pass, strrev(microtime(true))); $db->query("INSERT INTO ftpusers (name,password, encrypted_password,homedir,uid) VALUES ('" . $full_login . "', '', '{$encrypted_password}', '{$absolute}', '{$cuid}')"); return true; } else { $err->raise("ftp", _("Your FTP account quota is over. You cannot create more ftp accounts")); return false; } }
/** set the password of an email address. * @param $mail_id integer email ID * @param $pass string the new password. * @return boolean true if the password has been set, false else, raise an error. */ function set_passwd($mail_id, $pass) { global $db, $err, $admin; $err->log("mail", "setpasswd"); if (!($email = $this->is_it_my_mail($mail_id))) { return false; } if (!$admin->checkPolicy("pop", $email, $pass)) { return false; } if (!$db->query("UPDATE address SET password='******' where id={$mail_id};")) { return false; } return true; }