function mail_forward_write(array &$data) { $rcmail = rcmail::get_instance(); if ($dsn = $rcmail->config->get('forward_sql_dsn')) { if (is_array($dsn) && empty($dsn['new_link'])) { $dsn['new_link'] = true; } else { if (!is_array($dsn) && !preg_match('/\\?new_link=true/', $dsn)) { $dsn .= '?new_link=true'; } } $db = rcube_db::factory($dsn, '', FALSE); $db->set_debug((bool) $rcmail->config->get('sql_debug')); $db->db_connect('w'); } else { $db = $rcmail->get_dbh(); } if ($err = $db->is_error()) { return PLUGIN_ERROR_CONNECT; } $search = array('%address', '%goto', '%modified'); $replace = array($db->quote($data['address']), $db->quote($data['goto']), $db->quote($data['modified'])); $query = str_replace($search, $replace, $rcmail->config->get('forward_sql_write')); $sql_result = $db->query($query); if ($err = $db->is_error()) { return PLUGIN_ERROR_PROCESS; } return PLUGIN_SUCCESS; }
/** * i-MSCP - internet Multi Server Control Panel * Copyright (C) 2010-2011 by i-MSCP team * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * * @category iMSCP * @package iMSCP Roundcube password changer * @copyright 2010-2011 by i-MSCP team * @author Sascha Bay * @link http://www.i-mscp.net i-MSCP Home Site * @license http://www.gnu.org/licenses/gpl-2.0.html GPL v2 */ function password_save($passwd) { $rcmail = rcmail::get_instance(); $sql = "UPDATE `mail_users` SET `mail_pass` = %p WHERE `mail_addr` = %u LIMIT 1"; if ($dsn = $rcmail->config->get('password_db_dsn')) { // #1486067: enable new_link option if (is_array($dsn) && empty($dsn['new_link'])) { $dsn['new_link'] = true; } else { if (!is_array($dsn) && !preg_match('/\\?new_link=true/', $dsn)) { $dsn .= '?new_link=true'; } } $db = rcube_db::factory($dsn, '', false); $db->set_debug((bool) $rcmail->config->get('sql_debug')); $db->db_connect('w'); } if ($err = $db->is_error()) { return PASSWORD_ERROR; } $sql = str_replace('%u', $db->quote($_SESSION['username'], 'text'), $sql); $sql = str_replace('%p', $db->quote($passwd, 'text'), $sql); $res = $db->query($sql); if (!$db->is_error()) { if ($db->affected_rows($res) == 1) { return PASSWORD_SUCCESS; // This is the good case: 1 row updated } } return PASSWORD_ERROR; }
private function _db_connect($mode) { $this->db = rcube_db::factory($this->config['db_dsn'], '', false); $this->db->db_connect($mode); // check DB connections and exit on failure if ($err_str = $this->db->is_error()) { raise_error(array('code' => 603, 'type' => 'db', 'message' => $err_str), FALSE, TRUE); } }
private function _do_list($uids, $spam) { $rcmail = rcube::get_instance(); $this->sa_user = $rcmail->config->get('sauserprefs_userid', "%u"); $this->sa_table = $rcmail->config->get('sauserprefs_sql_table_name'); $this->sa_username_field = $rcmail->config->get('sauserprefs_sql_username_field'); $this->sa_preference_field = $rcmail->config->get('sauserprefs_sql_preference_field'); $this->sa_value_field = $rcmail->config->get('sauserprefs_sql_value_field'); $identity_arr = $rcmail->user->get_identity(); $identity = $identity_arr['email']; $this->sa_user = str_replace('%u', $_SESSION['username'], $this->sa_user); $this->sa_user = str_replace('%l', $rcmail->user->get_username('local'), $this->sa_user); $this->sa_user = str_replace('%d', $rcmail->user->get_username('domain'), $this->sa_user); $this->sa_user = str_replace('%i', $identity, $this->sa_user); if (is_file($rcmail->config->get('markasjunk2_sauserprefs_config')) && !$rcmail->config->load_from_file($rcmail->config->get('markasjunk2_sauserprefs_config'))) { rcube::raise_error(array('code' => 527, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Failed to load config from " . $rcmail->config->get('markasjunk2_sauserprefs_config')), true, false); return false; } $db = rcube_db::factory($rcmail->config->get('sauserprefs_db_dsnw'), $rcmail->config->get('sauserprefs_db_dsnr'), $rcmail->config->get('sauserprefs_db_persistent')); $db->set_debug((bool) $rcmail->config->get('sql_debug')); $db->db_connect('w'); // check DB connections and exit on failure if ($err_str = $db->is_error()) { rcube::raise_error(array('code' => 603, 'type' => 'db', 'message' => $err_str), FALSE, TRUE); } foreach ($uids as $uid) { $message = new rcube_message($uid); $email = $message->sender['mailto']; if ($spam) { // delete any whitelisting for this address $db->query("DELETE FROM `{$this->sa_table}` WHERE `{$this->sa_username_field}` = ? AND `{$this->sa_preference_field}` = ? AND `{$this->sa_value_field}` = ?;", $this->sa_user, 'whitelist_from', $email); // check address is not already blacklisted $sql_result = $db->query("SELECT `value` FROM `{$this->sa_table}` WHERE `{$this->sa_username_field}` = ? AND `{$this->sa_preference_field}` = ? AND `{$this->sa_value_field}` = ?;", $this->sa_user, 'blacklist_from', $email); if (!$db->fetch_array($sql_result)) { $db->query("INSERT INTO `{$this->sa_table}` (`{$this->sa_username_field}`, `{$this->sa_preference_field}`, `{$this->sa_value_field}`) VALUES (?, ?, ?);", $this->sa_user, 'blacklist_from', $email); if ($rcmail->config->get('markasjunk2_debug')) { rcube::write_log('markasjunk2', $this->sa_user . ' blacklist ' . $email); } } } else { // delete any blacklisting for this address $db->query("DELETE FROM `{$this->sa_table}` WHERE `{$this->sa_username_field}` = ? AND `{$this->sa_preference_field}` = ? AND `{$this->sa_value_field}` = ?;", $this->sa_user, 'blacklist_from', $email); // check address is not already whitelisted $sql_result = $db->query("SELECT `value` FROM `{$this->sa_table}` WHERE `{$this->sa_username_field}` = ? AND `{$this->sa_preference_field}` = ? AND `{$this->sa_value_field}` = ?;", $this->sa_user, 'whitelist_from', $email); if (!$db->fetch_array($sql_result)) { $db->query("INSERT INTO `{$this->sa_table}` (`{$this->sa_username_field}`, `{$this->sa_preference_field}`, `{$this->sa_value_field}`) VALUES (?, ?, ?);", $this->sa_user, 'whitelist_from', $email); if ($rcmail->config->get('markasjunk2_debug')) { rcube::write_log('markasjunk2', $this->sa_user . ' whitelist ' . $email); } } } } }
/** * Initialize database object and connect * * @return rcube_db Database instance */ public static function db() { if (self::$db === null) { $rc = rcube::get_instance(); $db = rcube_db::factory($rc->config->get('db_dsnw')); $db->set_debug((bool) $rc->config->get('sql_debug')); // Connect to database $db->db_connect('w'); if (!$db->is_connected()) { rcube::raise_error("Error connecting to database: " . $db->is_error(), false, true); } self::$db = $db; } return self::$db; }
private function init_db() { if (!$this->db_conn) { if (!class_exists('rcube_db')) { // Version: < 0.9 $this->db_conn = new rcube_mdb2($this->db_config, '', true); } else { // Version: > 0.9 $this->db_conn = rcube_db::factory($this->db_config, '', true); } } $this->db_conn->db_connect('w'); // Error check if ($error = $this->db_conn->is_error()) { $this->rc->amacube->errors[] = 'db_connect_error'; write_log('errors', 'AMACUBE: Database connect error: ' . $error); return false; } return true; }
private function _do_list($uids, $spam) { $rcmail = rcube::get_instance(); if (is_file($rcmail->config->get('markasjunk2_sauserprefs_config')) && !$rcmail->config->load_from_file($rcmail->config->get('markasjunk2_sauserprefs_config'))) { rcube::raise_error(array('code' => 527, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Failed to load config from " . $rcmail->config->get('markasjunk2_sauserprefs_config')), true, false); return false; } $db = rcube_db::factory($rcmail->config->get('sauserprefs_db_dsnw'), $rcmail->config->get('sauserprefs_db_dsnr'), $rcmail->config->get('sauserprefs_db_persistent')); $db->db_connect('w'); // check DB connections and exit on failure if ($err_str = $db->is_error()) { rcube::raise_error(array('code' => 603, 'type' => 'db', 'message' => $err_str), FALSE, TRUE); } foreach (explode(",", $uids) as $uid) { $message = new rcube_message($uid); $email = $message->sender['mailto']; if ($spam) { // delete any whitelisting for this address $db->query("DELETE FROM " . $rcmail->config->get('sauserprefs_sql_table_name') . " WHERE " . $rcmail->config->get('sauserprefs_sql_username_field') . " = ? AND " . $rcmail->config->get('sauserprefs_sql_preference_field') . " = ? AND " . $rcmail->config->get('sauserprefs_sql_value_field') . " = ?;", $_SESSION['username'], 'whitelist_from', $email); // check address is not already blacklisted $sql_result = $db->query("SELECT value FROM " . $rcmail->config->get('sauserprefs_sql_table_name') . " WHERE " . $rcmail->config->get('sauserprefs_sql_username_field') . " = ? AND " . $rcmail->config->get('sauserprefs_sql_preference_field') . " = ? AND " . $rcmail->config->get('sauserprefs_sql_value_field') . " = ?;", $_SESSION['username'], 'blacklist_from', $email); if (!$db->fetch_array($sql_result)) { $db->query("INSERT INTO " . $rcmail->config->get('sauserprefs_sql_table_name') . " (" . $rcmail->config->get('sauserprefs_sql_username_field') . ", " . $rcmail->config->get('sauserprefs_sql_preference_field') . ", " . $rcmail->config->get('sauserprefs_sql_value_field') . ") VALUES (?, ?, ?);", $_SESSION['username'], 'blacklist_from', $email); if ($rcmail->config->get('markasjunk2_debug')) { rcube::write_log('markasjunk2', $_SESSION['username'] . ' blacklist ' . $email); } } } else { // delete any blacklisting for this address $db->query("DELETE FROM " . $rcmail->config->get('sauserprefs_sql_table_name') . " WHERE " . $rcmail->config->get('sauserprefs_sql_username_field') . " = ? AND " . $rcmail->config->get('sauserprefs_sql_preference_field') . " = ? AND " . $rcmail->config->get('sauserprefs_sql_value_field') . " = ?;", $_SESSION['username'], 'blacklist_from', $email); // check address is not already whitelisted $sql_result = $db->query("SELECT value FROM " . $rcmail->config->get('sauserprefs_sql_table_name') . " WHERE " . $rcmail->config->get('sauserprefs_sql_username_field') . " = ? AND " . $rcmail->config->get('sauserprefs_sql_preference_field') . " = ? AND " . $rcmail->config->get('sauserprefs_sql_value_field') . " = ?;", $_SESSION['username'], 'whitelist_from', $email); if (!$db->fetch_array($sql_result)) { $db->query("INSERT INTO " . $rcmail->config->get('sauserprefs_sql_table_name') . " (" . $rcmail->config->get('sauserprefs_sql_username_field') . ", " . $rcmail->config->get('sauserprefs_sql_preference_field') . ", " . $rcmail->config->get('sauserprefs_sql_value_field') . ") VALUES (?, ?, ?);", $_SESSION['username'], 'whitelist_from', $email); if ($rcmail->config->get('markasjunk2_debug')) { rcube::write_log('markasjunk2', $_SESSION['username'] . ' whitelist ' . $email); } } } } }
function getHmsDb() { $dbConf = $this->rc->config->get('hmailserver_server_for_hmsrc'); $dsn = $dbConf['Protocol'] . "://" . $dbConf['Username'] . ":" . $dbConf['Password'] . "@" . $dbConf['Server'] . "/" . $dbConf["Database"]; $db = rcube_db::factory($dsn, "", false); $db->db_connect('w'); return $db; }
private function _db_connect($mode) { if (!$this->db) { $this->db = rcube_db::factory($this->db_dsnw, $this->db_dsnr, $this->db_persistent); } $this->db->db_connect($mode); // check DB connections and exit on failure if ($err_str = $this->db->is_error()) { raise_error(array('code' => 603, 'type' => 'db', 'message' => $err_str), false, true); } }
private function _do_list($uids, $spam) { $rcmail = rcmail::get_instance(); $this->user_email = $rcmail->user->data['username']; if (is_file($rcmail->config->get('markasjunk2_amacube_config')) && !$rcmail->config->load_from_file($rcmail->config->get('markasjunk2_amacube_config'))) { rcube::raise_error(array('code' => 527, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Failed to load config from " . $rcmail->config->get('markasjunk2_amacube_config')), true, false); return false; } $db = rcube_db::factory($rcmail->config->get('amacube_db_dsn'), '', TRUE); $db->set_debug((bool) $rcmail->config->get('sql_debug')); $db->db_connect('w'); // check DB connections and exit on failure if ($err_str = $db->is_error()) { rcube::raise_error(array('code' => 603, 'type' => 'db', 'message' => $err_str), FALSE, TRUE); } $sql_result = $db->query("SELECT `id` FROM `users` WHERE `email` = ?", $this->user_email); if ($sql_result && ($res_array = $db->fetch_assoc($sql_result))) { $rid = $res_array['id']; } else { if ($rcmail->config->get('markasjunk2_debug')) { rcube::write_log('markasjunk2', $this->user_email . ' not found in users table'); } return false; } foreach ($uids as $uid) { $message = new rcube_message($uid); $email = $message->sender['mailto']; $sql_result = $db->query("SELECT `id` FROM `mailaddr` WHERE `email` = ? ORDER BY `priority` DESC", $email); if ($sql_result && ($res_array = $db->fetch_assoc($sql_result))) { $sid = $res_array['id']; } else { if ($rcmail->config->get('markasjunk2_debug')) { rcube::write_log('markasjunk2', $email . ' not found in mailaddr table - add it'); } $sql_result = $db->query("INSERT INTO `mailaddr` ( `priority`, `email` ) VALUES ( 20, ? )", $email); if ($sql_result) { $sid = $db->insert_id(); } else { if ($rcmail->config->get('markasjunk2_debug')) { rcube::write_log('markasjunk2', 'Cannot add ' . $email . ' to mailaddr table: ' . $db->is_error($sql_result)); } return false; } } $wb = ''; $sql_result = $db->query("SELECT `wb` FROM `wblist` WHERE `sid` = ? AND `rid` =?", $sid, $rid); if ($sql_result && ($res_array = $db->fetch_assoc($sql_result))) { $wb = $res_array['wb']; } if (!$wb || !$spam && preg_match('/^([BbNnFf])[ ]*\\z/', $wb) || $spam && preg_match('/^([WwYyTt])[ ]*\\z/', $wb)) { $newwb = 'w'; if ($spam) { $newwb = 'b'; } if ($wb) { $sql_result = $db->query('UPDATE `wblist` SET `wb` = ? WHERE `sid` = ? AND `rid` = ?', $newwb, $sid, $rid); } else { $sql_result = $db->query('INSERT INTO `wblist` (`sid`, `rid`, `wb`) VALUES (?,?,?)', $sid, $rid, $newwb); } if (!$sql_result) { if ($rcmail->config->get('markasjunk2_debug')) { rcube::write_log('markasjunk2', 'Cannot update wblist for user ' . $this->user_email . ' with ' . $email); } return false; } } } }
/** * Initialize database handler */ function get_dbh() { if (!$this->db) { if ($dsn = $this->app->config->get('virtuser_query_dsn')) { // connect to the virtuser database $this->db = rcube_db::factory($dsn); $this->db->set_debug((bool) $this->app->config->get('sql_debug')); $this->db->db_connect('r'); // connect in read mode } else { $this->db = $this->app->get_dbh(); } } return $this->db; }
/** * Get the current database connection * * @return rcube_db Database object */ public function get_dbh() { if (!$this->db) { $this->db = rcube_db::factory($this->config->get('db_dsnw'), $this->config->get('db_dsnr'), $this->config->get('db_persistent')); $this->db->set_debug((bool) $this->config->get('sql_debug')); } return $this->db; }
/** * Get the current database connection * * @return rcube_db Database object */ public function get_dbh() { if (!$this->db) { $config_all = $this->config->all(); $this->db = rcube_db::factory($config_all['db_dsnw'], $config_all['db_dsnr'], $config_all['db_persistent']); $this->db->set_debug((bool) $config_all['sql_debug']); } return $this->db; }
private function _save($user, $enabled, $subject, $body, $date, $datefrom) { $cfg = rcmail::get_instance()->config; if ($dsn = $cfg->get('db_pfadmin_autoresponder_dsn')) { $db = rcube_db::factory($dsn, '', false); // $db->set_debug((bool)$rcmail->config->get('sql_debug')); $db->db_connect('w'); } else { die("FATAL ERROR ::: RoundCube Plugin ::: pfadmin_autoresponder ::: \$rcmail_config['db_pfadmin_autoresponder_dsn'] undefined !!! ==> die"); } if ($err = $db->is_error()) { return $err; } $sql = $this->sql_update; $sql = str_replace('%s', $db->quote($subject, 'text'), $sql); $sql = str_replace('%m', $db->quote($body, 'text'), $sql); $sql = str_replace('%d', preg_match('/NULL|now/', $date) ? $date : $db->quote($date, 'text'), $sql); $sql = str_replace('%f', preg_match('/NULL|now/', $datefrom) ? $datefrom : $db->quote($datefrom, 'text'), $sql); $sql = str_replace('%o', $db->quote($enabled, 'text'), $sql); $sql = str_replace('%u', $db->quote($user, 'text'), $sql); $res = $db->query($sql); $user_arr = preg_split('/@/', $user); $user_name = $user_arr[0]; $domain = $user_arr[1]; addtoalias($db, $user, $user); // just in case // return ($domain); if ($enabled) { $result = addtoalias($db, $user, $user_name . "#" . $domain . "@" . $cfg->get('vac_domain')); } else { $result = removefromalias($db, $user, $user_name . "#" . $domain . "@" . $cfg->get('vac_domain')); } if ($err = $db->is_error()) { return $err; } $res = $db->affected_rows($res); if (!$result) { return $this->gettext('errorsaving'); } }
} else { $RCI->fail($dir, 'not writeable for the webserver'); } echo '<br />'; } if (!$pass) { echo '<p class="hint">Use <tt>chmod</tt> or <tt>chown</tt> to grant write privileges to the webserver</p>'; } ?> <h3>Check DB config</h3> <?php $db_working = false; if ($RCI->configured) { if (!empty($RCI->config['db_dsnw'])) { $DB = rcube_db::factory($RCI->config['db_dsnw'], '', false); $DB->set_debug((bool) $RCI->config['sql_debug']); $DB->db_connect('w'); if (!($db_error_msg = $DB->is_error())) { $RCI->pass('DSN (write)'); echo '<br />'; $db_working = true; } else { $RCI->fail('DSN (write)', $db_error_msg); echo '<p class="hint">Make sure that the configured database exists and that the user has write privileges<br />'; echo 'DSN: ' . $RCI->config['db_dsnw'] . '</p>'; } } else { $RCI->fail('DSN (write)', 'not set'); } } else {
private function _db_connect($mode) { if (!$this->db) { $this->db = rcube_db::factory($this->db_dsnw, $this->db_dsnr, $this->db_persistent); } $this->db->set_debug((bool) rcube::get_instance()->config->get('sql_debug')); $this->db->db_connect($mode); // check DB connections and exit on failure if ($err_str = $this->db->is_error()) { rcube::raise_error(array('code' => 603, 'type' => 'db', 'message' => $err_str), false, true); } }
function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); if (!($sql = $rcmail->config->get('password_query'))) { $sql = 'SELECT update_passwd(%c, %u)'; } if ($dsn = $rcmail->config->get('password_db_dsn')) { $db = rcube_db::factory($dsn, '', false); $db->set_debug((bool) $rcmail->config->get('sql_debug')); } else { $db = $rcmail->get_dbh(); } if ($db->is_error()) { return PASSWORD_ERROR; } // new password - default hash method if (strpos($sql, '%P') !== false) { $password = password::hash_password($passwd); if ($password === false) { return PASSWORD_CRYPT_ERROR; } $sql = str_replace('%P', $db->quote($password), $sql); } // old password - default hash method if (strpos($sql, '%O') !== false) { $password = password::hash_password($curpass); if ($password === false) { return PASSWORD_CRYPT_ERROR; } $sql = str_replace('%O', $db->quote($password), $sql); } // crypted password (deprecated, use %P) if (strpos($sql, '%c') !== false) { $password = password::hash_password($passwd, 'crypt', false); if ($password === false) { return PASSWORD_CRYPT_ERROR; } $sql = str_replace('%c', $db->quote($password), $sql); } // dovecotpw (deprecated, use %P) if (strpos($sql, '%D') !== false) { $password = password::hash_password($passwd, 'dovecot', false); if ($password === false) { return PASSWORD_CRYPT_ERROR; } $sql = str_replace('%D', $db->quote($password), $sql); } // hashed passwords (deprecated, use %P) if (strpos($sql, '%n') !== false) { $password = password::hash_password($passwd, 'hash', false); if ($password === false) { return PASSWORD_CRYPT_ERROR; } $sql = str_replace('%n', $db->quote($password, 'text'), $sql); } // hashed passwords (deprecated, use %P) if (strpos($sql, '%q') !== false) { $password = password::hash_password($curpass, 'hash', false); if ($password === false) { return PASSWORD_CRYPT_ERROR; } $sql = str_replace('%q', $db->quote($password, 'text'), $sql); } // Handle clear text passwords securely (#1487034) $sql_vars = array(); if (preg_match_all('/%[p|o]/', $sql, $m)) { foreach ($m[0] as $var) { if ($var == '%p') { $sql = preg_replace('/%p/', '?', $sql, 1); $sql_vars[] = (string) $passwd; } else { // %o $sql = preg_replace('/%o/', '?', $sql, 1); $sql_vars[] = (string) $curpass; } } } $local_part = $rcmail->user->get_username('local'); $domain_part = $rcmail->user->get_username('domain'); $username = $_SESSION['username']; $host = $_SESSION['imap_host']; // convert domains to/from punnycode if ($rcmail->config->get('password_idn_ascii')) { $domain_part = rcube_utils::idn_to_ascii($domain_part); $username = rcube_utils::idn_to_ascii($username); $host = rcube_utils::idn_to_ascii($host); } else { $domain_part = rcube_utils::idn_to_utf8($domain_part); $username = rcube_utils::idn_to_utf8($username); $host = rcube_utils::idn_to_utf8($host); } // at least we should always have the local part $sql = str_replace('%l', $db->quote($local_part, 'text'), $sql); $sql = str_replace('%d', $db->quote($domain_part, 'text'), $sql); $sql = str_replace('%u', $db->quote($username, 'text'), $sql); $sql = str_replace('%h', $db->quote($host, 'text'), $sql); $res = $db->query($sql, $sql_vars); if (!$db->is_error()) { if (strtolower(substr(trim($sql), 0, 6)) == 'select') { if ($db->fetch_array($res)) { return PASSWORD_SUCCESS; } } else { // This is the good case: 1 row updated if ($db->affected_rows($res) == 1) { return PASSWORD_SUCCESS; } // @TODO: Some queries don't affect any rows // Should we assume a success if there was no error? } } return PASSWORD_ERROR; }
function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); if (!($sql = $rcmail->config->get('password_query'))) { $sql = 'SELECT update_passwd(%c, %u)'; } if ($dsn = $rcmail->config->get('password_db_dsn')) { // #1486067: enable new_link option if (is_array($dsn) && empty($dsn['new_link'])) { $dsn['new_link'] = true; } else { if (!is_array($dsn) && !preg_match('/\\?new_link=true/', $dsn)) { $dsn .= '?new_link=true'; } } $db = rcube_db::factory($dsn, '', false); $db->set_debug((bool) $rcmail->config->get('sql_debug')); $db->db_connect('w'); } else { $db = $rcmail->get_dbh(); } if ($db->is_error()) { return PASSWORD_ERROR; } // crypted password if (strpos($sql, '%c') !== FALSE) { $salt = ''; if (!($crypt_hash = $rcmail->config->get('password_crypt_hash'))) { if (CRYPT_MD5) { $crypt_hash = 'md5'; } else { if (CRYPT_STD_DES) { $crypt_hash = 'des'; } } } switch ($crypt_hash) { case 'md5': $len = 8; $salt_hashindicator = '$1$'; break; case 'des': $len = 2; break; case 'blowfish': $cost = (int) $rcmail->config->get('password_blowfish_cost'); $cost = $cost < 4 || $cost > 31 ? 12 : $cost; $len = 22; $salt_hashindicator = sprintf('$2a$%02d$', $cost); break; case 'sha256': $len = 16; $salt_hashindicator = '$5$'; break; case 'sha512': $len = 16; $salt_hashindicator = '$6$'; break; default: return PASSWORD_CRYPT_ERROR; } //Restrict the character set used as salt (#1488136) $seedchars = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; for ($i = 0; $i < $len; $i++) { $salt .= $seedchars[rand(0, 63)]; } $sql = str_replace('%c', $db->quote(crypt($passwd, $salt_hashindicator ? $salt_hashindicator . $salt . '$' : $salt)), $sql); } // dovecotpw if (strpos($sql, '%D') !== FALSE) { if (!($dovecotpw = $rcmail->config->get('password_dovecotpw'))) { $dovecotpw = 'dovecotpw'; } if (!($method = $rcmail->config->get('password_dovecotpw_method'))) { $method = 'CRAM-MD5'; } // use common temp dir $tmp_dir = $rcmail->config->get('temp_dir'); $tmpfile = tempnam($tmp_dir, 'roundcube-'); $pipe = popen("{$dovecotpw} -s '{$method}' > '{$tmpfile}'", "w"); if (!$pipe) { unlink($tmpfile); return PASSWORD_CRYPT_ERROR; } else { fwrite($pipe, $passwd . "\n", 1 + strlen($passwd)); usleep(1000); fwrite($pipe, $passwd . "\n", 1 + strlen($passwd)); pclose($pipe); $newpass = trim(file_get_contents($tmpfile), "\n"); if (!preg_match('/^\\{' . $method . '\\}/', $newpass)) { return PASSWORD_CRYPT_ERROR; } if (!$rcmail->config->get('password_dovecotpw_with_method')) { $newpass = trim(str_replace('{' . $method . '}', '', $newpass)); } unlink($tmpfile); } $sql = str_replace('%D', $db->quote($newpass), $sql); } // hashed passwords if (preg_match('/%[n|q]/', $sql)) { if (!extension_loaded('hash')) { rcube::raise_error(array('code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: 'hash' extension not loaded!"), true, false); return PASSWORD_ERROR; } if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) { $hash_algo = 'sha1'; } $hash_passwd = hash($hash_algo, $passwd); $hash_curpass = hash($hash_algo, $curpass); if ($rcmail->config->get('password_hash_base64')) { $hash_passwd = base64_encode(pack('H*', $hash_passwd)); $hash_curpass = base64_encode(pack('H*', $hash_curpass)); } $sql = str_replace('%n', $db->quote($hash_passwd, 'text'), $sql); $sql = str_replace('%q', $db->quote($hash_curpass, 'text'), $sql); } // Handle clear text passwords securely (#1487034) $sql_vars = array(); if (preg_match_all('/%[p|o]/', $sql, $m)) { foreach ($m[0] as $var) { if ($var == '%p') { $sql = preg_replace('/%p/', '?', $sql, 1); $sql_vars[] = (string) $passwd; } else { // %o $sql = preg_replace('/%o/', '?', $sql, 1); $sql_vars[] = (string) $curpass; } } } $local_part = $rcmail->user->get_username('local'); $domain_part = $rcmail->user->get_username('domain'); $username = $_SESSION['username']; $host = $_SESSION['imap_host']; // convert domains to/from punnycode if ($rcmail->config->get('password_idn_ascii')) { $domain_part = rcube_utils::idn_to_ascii($domain_part); $username = rcube_utils::idn_to_ascii($username); $host = rcube_utils::idn_to_ascii($host); } else { $domain_part = rcube_utils::idn_to_utf8($domain_part); $username = rcube_utils::idn_to_utf8($username); $host = rcube_utils::idn_to_utf8($host); } // at least we should always have the local part $sql = str_replace('%l', $db->quote($local_part, 'text'), $sql); $sql = str_replace('%d', $db->quote($domain_part, 'text'), $sql); $sql = str_replace('%u', $db->quote($username, 'text'), $sql); $sql = str_replace('%h', $db->quote($host, 'text'), $sql); $res = $db->query($sql, $sql_vars); if (!$db->is_error()) { if (strtolower(substr(trim($sql), 0, 6)) == 'select') { if ($db->fetch_array($res)) { return PASSWORD_SUCCESS; } } else { // This is the good case: 1 row updated if ($db->affected_rows($res) == 1) { return PASSWORD_SUCCESS; } // @TODO: Some queries don't affect any rows // Should we assume a success if there was no error? } } return PASSWORD_ERROR; }
private function read_squirrel_prefs($uname) { $rcmail = rcmail::get_instance(); /**** File based backend ****/ if ($rcmail->config->get('squirrelmail_driver') == 'file' && ($srcdir = $rcmail->config->get('squirrelmail_data_dir'))) { if (($hash_level = $rcmail->config->get('squirrelmail_data_dir_hash_level')) > 0) { $srcdir = slashify($srcdir) . chunk_split(substr(base_convert(crc32($uname), 10, 16), 0, $hash_level), 1, '/'); } $prefsfile = slashify($srcdir) . $uname . '.pref'; $abookfile = slashify($srcdir) . $uname . '.abook'; $sigfile = slashify($srcdir) . $uname . '.sig'; $sigbase = slashify($srcdir) . $uname . '.si'; if (is_readable($prefsfile)) { $this->prefs = array(); foreach (file($prefsfile) as $line) { list($key, $value) = explode('=', $line); $this->prefs[$key] = utf8_encode(rtrim($value)); } // also read signature file if exists if (is_readable($sigfile)) { $this->prefs['___signature___'] = utf8_encode(file_get_contents($sigfile)); } if (isset($this->prefs['identities']) && $this->prefs['identities'] > 1) { for ($i = 1; $i < $this->prefs['identities']; $i++) { // read signature file if exists if (is_readable($sigbase . $i)) { $this->prefs['___sig' . $i . '___'] = utf8_encode(file_get_contents($sigbase . $i)); } } } // parse addres book file if (filesize($abookfile)) { foreach (file($abookfile) as $line) { list($rec['name'], $rec['firstname'], $rec['surname'], $rec['email']) = explode('|', utf8_encode(rtrim($line))); if ($rec['name'] && $rec['email']) { $this->abook[] = $rec; } } } } } else { if ($rcmail->config->get('squirrelmail_driver') == 'sql') { $this->prefs = array(); /* connect to squirrelmail database */ $db = rcube_db::factory($rcmail->config->get('squirrelmail_dsn')); $db->set_debug($rcmail->config->get('sql_debug')); $db->db_connect('r'); // connect in read mode /* retrieve prefs */ $userprefs_table = $rcmail->config->get('squirrelmail_userprefs_table'); $address_table = $rcmail->config->get('squirrelmail_address_table'); $db_charset = $rcmail->config->get('squirrelmail_db_charset'); if ($db_charset) { $db->query('SET NAMES ' . $db_charset); } $sql_result = $db->query('SELECT * FROM ' . $userprefs_table . ' WHERE user=?', $uname); // ? is replaced with emailaddress while ($sql_array = $db->fetch_assoc($sql_result)) { // fetch one row from result $this->prefs[$sql_array['prefkey']] = rcube_charset::convert(rtrim($sql_array['prefval']), $db_charset); } /* retrieve address table data */ $sql_result = $db->query('SELECT * FROM ' . $address_table . ' WHERE owner=?', $uname); // ? is replaced with emailaddress // parse addres book while ($sql_array = $db->fetch_assoc($sql_result)) { // fetch one row from result $rec['name'] = rcube_charset::convert(rtrim($sql_array['nickname']), $db_charset); $rec['firstname'] = rcube_charset::convert(rtrim($sql_array['firstname']), $db_charset); $rec['surname'] = rcube_charset::convert(rtrim($sql_array['lastname']), $db_charset); $rec['email'] = rcube_charset::convert(rtrim($sql_array['email']), $db_charset); $rec['notes'] = rcube_charset::convert(rtrim($sql_array['label']), $db_charset); if ($rec['name'] && $rec['email']) { $this->abook[] = $rec; } } } } // end if 'sql'-driver }