/** Change le mot de passe de l'utilisateur courant.
* @param string $oldpass Ancien mot de passe.
* @param string $newpass Nouveau mot de passe
* @param string $newpass2 Nouveau mot de passe (à nouveau)
* @return boolean TRUE si le mot de passe a été changé, FALSE sinon.
*/
function passwd($oldpass, $newpass, $newpass2)
{
global $db, $err, $cuid, $admin;
$err->log("mem", "passwd");
$oldpass = stripslashes($oldpass);
$newpass = stripslashes($newpass);
$newpass2 = stripslashes($newpass2);
if (!$this->user["canpass"]) {
$err->raise("mem", _("You are not allowed to change your password."));
return false;
}
if ($this->user["pass"] != _md5cr($oldpass, $this->user["pass"])) {
$err->raise("mem", _("The old password is incorrect"));
return false;
}
if ($newpass != $newpass2) {
$err->raise("mem", _("The new passwords are differents, please retry"));
return false;
}
$db->query("SELECT login FROM membres WHERE uid='{$cuid}';");
$db->next_record();
$login = $db->Record["login"];
if (!$admin->checkPolicy("mem", $login, $newpass)) {
return false;
// The error has been raised by checkPolicy()
}
$newpass = _md5cr($newpass);
$db->query("UPDATE membres SET pass='******' WHERE uid='{$cuid}';");
$err->error = 0;
return true;
}
echo "ldap module not loaded into php, skipping LDAP conversion\n";
}
echo "Step 2: encrypting user passwords ";
if (!mysql_query("use {$L_MYSQL_DATABASE}")) {
echo "can't select database {$L_MYSQL_DATABASE}\n";
}
if ($q = mysql_query("SELECT LENGTH(`pass`) AS len FROM `membres` GROUP BY len ORDER BY len ASC;")) {
if ($res = mysql_fetch_array($q)) {
if ($res['len'] == 34) {
print "(already encrypted)";
} else {
if (!($q = mysql_query("SELECT uid,pass FROM membres;"))) {
echo "SELECT failed: " . mysql_error() . "\n";
}
while ($c = mysql_fetch_array($q)) {
$pass = _md5cr($c['pass']);
$id = $c['uid'];
echo "membre {$id}\n";
if (!mysql_query("UPDATE membres SET pass='******' WHERE uid='{$id}';")) {
echo "UPDATE failed: " . mysql_error() . "\n";
} else {
echo ".";
flush();
}
}
}
} else {
echo "fetch_array() failed: " . mysql_error() . "\n";
}
} else {
echo "query failed: " . mysql_error() . "\n";
if (!($c = mysql_fetch_array($r))) {
$errstr = _("Your account has not been found, please try again later or ask an administrator.");
} else {
if ($c["password"] != _md5cr($_POST['acp_oldpass'], $c["password"])) {
$errstr = _("Your current password is incorrect, please try again.");
} else {
// FIXME DO Check the password policy :
/*
if (is_callable(array($admin,"checkPolicy")) &&
!$admin->checkPolicy("pop",$username,$_POST['acp_newpass'])) {
$errstr=_("This password is not strong enough for your policy, set a stronger password or call your administrator");
} else {
*/
// ok, let's change the password
$acp_newpass = $_POST['acp_newpass'];
$newp = _md5cr($acp_newpass);
mysql_query("UPDATE address SET password='******' WHERE id=" . $c["id"] . " ;");
$errstr = _("Your password has been successfully changed. Don't forget to change it in your mail software if you are using one (Outlook, Mozilla, Thunderbird, Eudora ...)");
// Write new cookies for the password
$onetimepad = OneTimePadCreate(strlen($acp_newpass));
sqsession_register($onetimepad, 'onetimepad');
$key = OneTimePadEncrypt($acp_newpass, $onetimepad);
setcookie("key", $key, 0, $base_uri);
// }
}
}
}
}
// POSTED data ?
textdomain("squirrelmail");
displayPageHeader($color, 'None');
/**
* Change the password of a user in a protected folder
*
* @global m_bro $bro
* @global m_err $err
* @global m_admin $admin
* @param string $user
* @param string $newpass
* @param string $dir
* @return boolean
*/
function change_pass($user, $newpass, $dir)
{
global $bro, $err, $admin;
$err->log("hta", "change_pass", $user . "/" . $dir);
$absolute = $bro->convertabsolute($dir, 0);
if (!file_exists($absolute)) {
$err->raise("hta", printf(_("The folder '%s' does not exist"), $dir));
return false;
}
// Check this password against the password policy using common API :
if (is_callable(array($admin, "checkPolicy"))) {
if (!$admin->checkPolicy("hta", $user, $newpass)) {
return false;
// The error has been raised by checkPolicy()
}
}
touch("{$absolute}/.htpasswd.new");
$file = fopen("{$absolute}/.htpasswd", "r");
$newf = fopen("{$absolute}/.htpasswd.new", "a");
if (!$file || !$newf) {
$err->raise("hta", _("File already exist"));
return false;
}
while (!feof($file)) {
$s = fgets($file, 1024);
$t = explode(":", $s);
if ($t[0] != $user) {
fwrite($newf, "{$s}");
}
}
fwrite($newf, "{$user}:" . _md5cr($newpass) . "\n");
fclose($file);
fclose($newf);
unlink("{$absolute}/.htpasswd");
rename("{$absolute}/.htpasswd.new", "{$absolute}/.htpasswd");
return true;
}
/**
* Edit an account
*
* Change an account (in the tables <code>membres</code>
* and <code>local</code>). Prevents any manipulation of the account if
* the account $mid is not super-admin.
*
* @global m_err $err
* @global m_mysql $db
* @global int $cuid
* @global m_quota $quota
* @param int $uid The uid number of the account we want to modify
* @param string $mail New email address of the account owner
* @param string $nom New name of the account owner
* @param string $prenom New first name of the account owner
* @param string $pass New password (max. 64 characters)
* @param string $enabled (value: 0 or 1) activates or desactivates the
* @param boolean $canpass
* @param int $type New type of account
* @param int $duration
* @param string $notes
* @param boolean $reset_quotas
* @return boolean Returns FALSE if an error occurs, TRUE if not
*/
function update_mem($uid, $mail, $nom, $prenom, $pass, $enabled, $canpass, $type = 'default', $duration = 0, $notes = "", $reset_quotas = false)
{
global $err, $db;
global $cuid, $quota;
$notes = addslashes($notes);
$err->log("admin", "update_mem", $uid);
if (!$this->enabled) {
$err->raise("admin", _("-- Only administrators can access this page! --"));
return false;
}
$db = new DB_System();
if ($pass) {
$pass = _md5cr($pass);
$ssq = " ,pass='******' ";
} else {
$ssq = "";
}
$old_mem = $this->get($uid);
if ($db->query("UPDATE local SET nom='{$nom}', prenom='{$prenom}' WHERE uid='{$uid}';") && $db->query("UPDATE membres SET mail='{$mail}', canpass='******', enabled='{$enabled}', `type`='{$type}', notes='{$notes}' {$ssq} WHERE uid='{$uid}';")) {
if ($reset_quotas == "on" || $type != $old_mem['type']) {
$quota->addquotas();
$quota->synchronise_user_profile();
}
$this->renew_update($uid, $duration);
return true;
} else {
$err->raise("admin", _("Account not found"));
return false;
}
}
#!/usr/bin/php -q
<?php
require_once "./0-config.php";
$dir_mail = APP_PATH . "/mails";
if (!is_dir($dir_mail)) {
mkdir($dir_mail, 0700, true);
}
$dir_cmd = APP_PATH . "/cmd";
if (!is_dir($dir_cmd)) {
mkdir($dir_cmd, 0700, true);
}
$mail_template = APP_PATH . "/templates/mail_template.php";
$cmd_template = APP_PATH . "/templates/cmd_template.php";
$query = 'select a.id, concat(address,"@",domaine) as email from mailbox m join address a on m.address_id = a.id join domaines d on d.id = domain_id;';
$connection = mysql_query($query);
$emailList = array();
while ($result = mysql_fetch_array($connection)) {
$emailList[$result["email"]] = $result["id"];
}
$query = 'select user as email,pass as password from tmp_mail_pass;';
$connection = mysql_query($query);
while ($result = mysql_fetch_array($connection)) {
$password = _md5cr($result["password"]);
$email = $result["email"];
$id = $emailList[$email];
echo "{$email} : {$password} : {$id}\n";
$update_query = "update address set `password`= '" . $password . "' where id=" . $id;
$update_connexion = mysql_query($update_query);
}
/** Crée un nouveau compte FTP.
* @param string $prefixe Prefixe au login
* @param string $login Login ftp (login=prefixe_login)
* @param string $pass Mot de passe FTP
* @param string $dir Répertoire racine du compte relatif à la racine du membre
* @return boolean TRUE si le compte a été créé, FALSE sinon.
*
*/
function add_ftp($prefixe, $login, $pass, $dir)
{
global $mem, $db, $err, $quota, $bro, $cuid, $admin;
$err->log("ftp", "add_ftp", $prefixe . "_" . $login);
$dir = $bro->convertabsolute($dir);
if (substr($dir, 0, 1) == "/") {
$dir = substr($dir, 1);
}
$r = $this->prefix_list();
if (empty($pass)) {
$err->raise("ftp", _("Password can't be empty"));
return false;
}
if (!in_array($prefixe, $r) || $prefixe == "") {
$err->raise("ftp", _("The chosen prefix is not allowed"));
return false;
}
$full_login = $prefixe;
if ($login) {
$full_login .= "_" . $login;
}
if (!$this->check_login($full_login)) {
return false;
}
$db->query("SELECT count(*) AS cnt FROM ftpusers WHERE name='" . $full_login . "'");
$db->next_record();
if ($db->f("cnt")) {
$err->raise("ftp", _("This FTP account already exists"));
return false;
}
$db->query("SELECT login FROM membres WHERE uid='{$cuid}';");
$db->next_record();
$absolute = getuserpath() . "/{$dir}";
if (!file_exists($absolute)) {
system("/bin/mkdir -p {$absolute}");
// FIXME replace with action
}
if (!is_dir($absolute)) {
$err->raise("ftp", _("The directory cannot be created"));
return false;
}
// Check this password against the password policy using common API :
if (is_callable(array($admin, "checkPolicy"))) {
if (!$admin->checkPolicy("ftp", $full_login, $pass)) {
return false;
// The error has been raised by checkPolicy()
}
}
if ($quota->cancreate("ftp")) {
$encrypted_password = _md5cr($pass, strrev(microtime(true)));
$db->query("INSERT INTO ftpusers (name,password, encrypted_password,homedir,uid) VALUES ('" . $full_login . "', '', '{$encrypted_password}', '{$absolute}', '{$cuid}')");
return true;
} else {
$err->raise("ftp", _("Your FTP account quota is over. You cannot create more ftp accounts"));
return false;
}
}
/** set the password of an email address.
* @param $mail_id integer email ID
* @param $pass string the new password.
* @return boolean true if the password has been set, false else, raise an error.
*/
function set_passwd($mail_id, $pass)
{
global $db, $err, $admin;
$err->log("mail", "setpasswd");
if (!($email = $this->is_it_my_mail($mail_id))) {
return false;
}
if (!$admin->checkPolicy("pop", $email, $pass)) {
return false;
}
if (!$db->query("UPDATE address SET password='******' where id={$mail_id};")) {
return false;
}
return true;
}
