public function ham(&$uids)
{
$rcmail = rcube::get_instance();
$storage = $rcmail->storage;
$mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST);
$new_uids = array();
foreach (explode(",", $uids) as $uid) {
$saved = false;
$message = new rcube_message($uid);
if (sizeof($message->attachments) > 0) {
foreach ($message->attachments as $part) {
if ($part->ctype_primary == 'message' && $part->ctype_secondary == 'rfc822') {
$orig_message_raw = $storage->get_message_part($message->uid, $part->mime_id, $part);
$saved = $storage->save_message($mbox, $orig_message_raw);
if ($saved !== false) {
$rcmail->output->command('rcmail_markasjunk2_move', null, $uid);
array_push($new_uids, $saved);
}
}
}
}
}
if (sizeof($new_uids) > 0) {
$uids = implode(',', $new_uids);
}
}
function lookup_user_name($args)
{
if ($this->init_ldap($args['host'])) {
$results = $this->ldap->search('*', $args['user'], true);
if (count($results->records) == 1) {
$user_name = is_array($results->records[0]['name']) ? $results->records[0]['name'][0] : $results->records[0]['name'];
$user_email = is_array($results->records[0]['email']) ? $results->records[0]['email'][0] : $results->records[0]['email'];
$args['user_name'] = $user_name;
$args['email_list'] = array();
if (!$args['user_email'] && strpos($user_email, '@')) {
$args['user_email'] = rcube_utils::idn_to_ascii($user_email);
}
foreach (array_keys($results[0]) as $key) {
if (!preg_match('/^email($|:)/', $key)) {
continue;
}
foreach ((array) $results->records[0][$key] as $alias) {
if (strpos($alias, '@')) {
$args['email_list'][] = rcube_utils::idn_to_ascii($alias);
}
}
}
}
}
return $args;
}
function authenticate($args)
{
if (isset($_POST['_user']) && isset($_POST['_pass'])) {
$args['host'] = $this->getHost(rcube_utils::get_input_value('_user', RCUBE_INPUT_POST));
}
return $args;
}
function save_prefs($args)
{
if ($args['section'] == 'mailview') {
$args['prefs']['hide_blockquote_limit'] = (int) rcube_utils::get_input_value('_hide_blockquote_limit', rcube_utils::INPUT_POST);
}
return $args;
}
/**
*
*/
public function import($csv)
{
// convert to UTF-8
$head = substr($csv, 0, 4096);
$fallback = rcube::get_instance()->config->get('default_charset', 'ISO-8859-1');
// fallback to Latin-1?
$charset = rcube_charset::detect($head, RCMAIL_CHARSET);
$csv = rcube_charset::convert($csv, $charset);
$head = '';
$this->map = array();
// Parse file
foreach (preg_split("/[\r\n]+/", $csv) as $i => $line) {
$line = trim($line);
if (empty($line)) {
continue;
}
$elements = rcube_utils::explode_quoted_string(',', $line);
if (empty($elements)) {
continue;
}
// Parse header
if (empty($this->map)) {
$this->parse_header($elements);
if (empty($this->map)) {
break;
}
} else {
$this->csv_to_vcard($elements);
}
}
}
/**
* Establish a connection to the LDAP server
*/
public function connect($host = null)
{
// Net_LDAP3 does not support IDNA yet
// also parse_host() here is very Roundcube specific
$host = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));
return parent::connect($host);
}
/**
* Handler for submitted form (ajax request)
*
* Check fields and save to default identity if valid.
* Afterwards the session flag is removed and we're done.
*/
function save_data()
{
$rcmail = rcmail::get_instance();
$identity = $rcmail->user->get_identity();
$ident_level = intval($rcmail->config->get('identities_level', 0));
$save_data = array('name' => rcube_utils::get_input_value('_name', rcube_utils::INPUT_POST), 'email' => rcube_utils::get_input_value('_email', rcube_utils::INPUT_POST), 'organization' => rcube_utils::get_input_value('_organization', rcube_utils::INPUT_POST), 'signature' => rcube_utils::get_input_value('_signature', rcube_utils::INPUT_POST));
// don't let the user alter the e-mail address if disabled by config
if (in_array($ident_level, array(1, 3, 4))) {
$save_data['email'] = $identity['email'];
}
if (empty($save_data['name']) || empty($save_data['email'])) {
$rcmail->output->show_message('formincomplete', 'error');
} else {
if (!rcube_utils::check_email($save_data['email'] = rcube_utils::idn_to_ascii($save_data['email']))) {
$rcmail->output->show_message('emailformaterror', 'error', array('email' => $save_data['email']));
} else {
// save data
$rcmail->user->update_identity($identity['identity_id'], $save_data);
$rcmail->session->remove('plugin.newuserdialog');
// hide dialog
$rcmail->output->command('new_user_dialog_close');
$rcmail->output->show_message('successfullysaved', 'confirmation');
}
}
$rcmail->output->send();
}
function save_settings($args)
{
if ($args['section'] == 'mailbox') {
$args['prefs']['preview_pane'] = rcube_utils::get_input_value('_previewpane_layout', rcube_utils::INPUT_POST) == 'none' ? false : true;
$args['prefs']['previewpane_layout'] = rcube_utils::get_input_value('_previewpane_layout', rcube_utils::INPUT_POST) != 'none' ? rcube_utils::get_input_value('_previewpane_layout', rcube_utils::INPUT_POST) : rcube::get_instance()->config->get('previewpane_layout', 'below');
}
return $args;
}
public function create_identity($p)
{
$rcmail = rcmail::get_instance();
// prefs are set in create_user()
if ($this->prefs) {
if ($this->prefs['full_name']) {
$p['record']['name'] = $this->prefs['full_name'];
}
if (($this->identities_level == 0 || $this->identities_level == 2) && $this->prefs['email_address']) {
$p['record']['email'] = $this->prefs['email_address'];
}
if ($this->prefs['___signature___']) {
$p['record']['signature'] = $this->prefs['___signature___'];
}
if ($this->prefs['reply_to']) {
$p['record']['reply-to'] = $this->prefs['reply_to'];
}
if (($this->identities_level == 0 || $this->identities_level == 1) && isset($this->prefs['identities']) && $this->prefs['identities'] > 1) {
for ($i = 1; $i < $this->prefs['identities']; $i++) {
unset($ident_data);
$ident_data = array('name' => '', 'email' => '');
// required data
if ($this->prefs['full_name' . $i]) {
$ident_data['name'] = $this->prefs['full_name' . $i];
}
if ($this->identities_level == 0 && $this->prefs['email_address' . $i]) {
$ident_data['email'] = $this->prefs['email_address' . $i];
} else {
$ident_data['email'] = $p['record']['email'];
}
if ($this->prefs['reply_to' . $i]) {
$ident_data['reply-to'] = $this->prefs['reply_to' . $i];
}
if ($this->prefs['___sig' . $i . '___']) {
$ident_data['signature'] = $this->prefs['___sig' . $i . '___'];
}
// insert identity
$rcmail->user->insert_identity($ident_data);
}
}
// copy address book
$contacts = $rcmail->get_address_book(null, true);
if ($contacts && count($this->abook)) {
foreach ($this->abook as $rec) {
// #1487096 handle multi-address and/or too long items
$rec['email'] = array_shift(explode(';', $rec['email']));
if (rcube_utils::check_email(rcube_utils::idn_to_ascii($rec['email']))) {
$rec['email'] = rcube_utils::idn_to_utf8($rec['email']);
$contacts->insert($rec, true);
}
}
}
// mark identity as complete for following hooks
$p['complete'] = true;
}
return $p;
}
public function messagecount()
{
$storage = rcube::get_instance()->storage;
$mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST);
// send output
header("Content-Type: application/json; charset=" . RCUBE_CHARSET);
echo json_encode(array('messagecount' => $storage->count($mbox, 'EXISTS')));
exit;
}
function mark_notjunk()
{
$this->add_texts('localization');
$this->_set_flags();
$uids = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST);
$mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST);
if ($this->_ham($uids, $mbox, $this->ham_mbox)) {
$this->api->output->command('display_message', $this->gettext('reportedasnotjunk'), 'confirmation');
}
$this->api->output->send();
}
function lookup_user_name($args)
{
if ($this->init_ldap($args['host'])) {
$results = $this->ldap->search('*', $args['user'], true);
if (count($results->records) == 1) {
$user_name = is_array($results->records[0]['name']) ? $results->records[0]['name'][0] : $results->records[0]['name'];
$user_email = is_array($results->records[0]['email']) ? $results->records[0]['email'][0] : $results->records[0]['email'];
$args['user_name'] = $user_name;
if (!$args['user_email'] && strpos($user_email, '@')) {
$args['user_email'] = rcube_utils::idn_to_ascii($user_email);
}
}
}
return $args;
}
/**
* Callback function used to build mailto: links around e-mail strings
*
* This also adds an onclick-handler to open the Rouncube compose message screen on such links
*
* @param array Matches result from preg_replace_callback
* @return int Index of saved string value
* @see rcube_string_replacer::mailto_callback()
*/
public function mailto_callback($matches)
{
$href = $matches[1];
$suffix = $this->parse_url_brackets($href);
$email = $href;
if (strpos($email, '?')) {
list($email, ) = explode('?', $email);
}
// skip invalid emails
if (!rcube_utils::check_email($email, false)) {
return $matches[1];
}
$i = $this->add(html::a(array('href' => 'mailto:' . $href, 'onclick' => "return " . rcmail_output::JS_OBJECT_NAME . ".command('compose','" . rcube::JQ($href) . "',this)"), rcube::Q($href)) . $suffix);
return $i >= 0 ? $this->get_replacement($i) : '';
}
function request_action()
{
$this->add_texts('localization');
$uids = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST);
$mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST);
$rcmail = rcmail::get_instance();
$storage = $rcmail->get_storage();
$storage->unset_flag($uids, 'NONJUNK');
$storage->set_flag($uids, 'JUNK');
if (($junk_mbox = $rcmail->config->get('junk_mbox')) && $mbox != $junk_mbox) {
$rcmail->output->command('move_messages', $junk_mbox);
}
$rcmail->output->command('display_message', $this->gettext('reportedasjunk'), 'confirmation');
$rcmail->output->send();
}
/**
* User > Email
*/
function user2email($p)
{
$r = $this->findinvirtual('/\\s' . preg_quote($p['user'], '/') . '\\s*$/');
$result = array();
for ($i = 0; $i < count($r); $i++) {
$arr = preg_split('/\\s+/', $r[$i]);
if (count($arr) > 0 && strpos($arr[0], '@')) {
$result[] = rcube_utils::idn_to_ascii(trim(str_replace('\\@', '@', $arr[0])));
if ($p['first']) {
$p['email'] = $result[0];
break;
}
}
}
$p['email'] = empty($result) ? NULL : $result;
return $p;
}
public function readfolder()
{
$storage = rcube::get_instance()->storage;
$cbox = rcube_utils::get_input_value('_cur', rcube_utils::INPUT_POST);
$mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST);
$oact = rcube_utils::get_input_value('_oact', rcube_utils::INPUT_POST);
$uids = $storage->search_once($mbox, 'ALL UNSEEN', true);
if ($uids->is_empty()) {
return false;
}
$storage->set_flag($uids->get(), 'SEEN', $mbox);
if ($cbox == $mbox) {
$this->api->output->command('toggle_read_status', 'read', $uids->get());
}
rcmail_send_unread_count($mbox, true);
$this->api->output->send();
}
/**
* User > Email
*/
function user2email($p)
{
$dbh = $this->get_dbh();
$sql_result = $dbh->query(preg_replace('/%u/', $dbh->escape($p['user']), $this->config['email']));
while ($sql_arr = $dbh->fetch_array($sql_result)) {
if (strpos($sql_arr[0], '@')) {
if ($p['extended'] && count($sql_arr) > 1) {
$result[] = array('email' => rcube_utils::idn_to_ascii($sql_arr[0]), 'name' => (string) $sql_arr[1], 'organization' => (string) $sql_arr[2], 'reply-to' => (string) rcube_utils::idn_to_ascii($sql_arr[3]), 'bcc' => (string) rcube_utils::idn_to_ascii($sql_arr[4]), 'signature' => (string) $sql_arr[5], 'html_signature' => (int) $sql_arr[6]);
} else {
$result[] = $sql_arr[0];
}
if ($p['first']) {
break;
}
}
}
$p['email'] = $result;
return $p;
}
/**
* Authenticate hook handler
*/
function authenticate($args)
{
if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
// Load plugin's config file
$this->load_config();
$rcmail = rcmail::get_instance();
$host = $rcmail->config->get('krb_authentication_host');
if (is_string($host) && trim($host) !== '' && empty($args['host'])) {
$args['host'] = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));
}
if (!empty($_SERVER['REMOTE_USER'])) {
$args['user'] = $_SERVER['REMOTE_USER'];
$args['pass'] = null;
}
$args['cookiecheck'] = false;
$args['valid'] = true;
}
return $args;
}
function mark_message()
{
$this->add_texts('localization');
$is_spam = rcube::get_instance()->action == 'plugin.markasjunk2.junk' ? true : false;
$multi_folder = $_POST['_multifolder'] == 'true' ? true : false;
$messageset = rcmail::get_uids();
$mbox_name = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST);
$dest_mbox = $is_spam ? $this->spam_mbox : $this->ham_mbox;
$result = $is_spam ? $this->_spam($messageset, $dest_mbox) : $this->_ham($messageset, $dest_mbox);
if ($result) {
if ($dest_mbox && ($mbox_name !== $dest_mbox || $multi_folder)) {
$this->api->output->command('rcmail_markasjunk2_move', $dest_mbox, $this->_messageset_to_uids($messageset, $multi_folder));
} else {
$this->api->output->command('command', 'list', $mbox_name);
}
$this->api->output->command('display_message', $is_spam ? $this->gettext('reportedasjunk') : $this->gettext('reportedasnotjunk'), 'confirmation');
}
$this->api->output->send();
}
/**
* Plugin initialization.
*/
function init()
{
$rcmail = rcmail::get_instance();
$this->rc = $rcmail;
$section = rcube_utils::get_input_value('_section', rcube_utils::INPUT_GET);
if ($this->rc->task == 'mail') {
// message parse/display hooks
$this->add_hook('message_part_structure', array($this, 'parse_structure'));
$this->add_hook('message_body_prefix', array($this, 'status_message'));
// message displaying
if ($rcmail->action == 'show' || $rcmail->action == 'preview') {
$this->add_hook('message_load', array($this, 'message_load'));
$this->add_hook('template_object_messagebody', array($this, 'message_output'));
$this->register_action('plugin.enigmaimport', array($this, 'import_file'));
} else {
if ($rcmail->action == 'compose') {
$this->load_ui();
$this->ui->init($section);
} else {
if ($rcmail->action == 'sendmail') {
//$this->add_hook('outgoing_message_body', array($this, 'msg_encode'));
//$this->add_hook('outgoing_message_body', array($this, 'msg_sign'));
}
}
}
} else {
if ($this->rc->task == 'settings') {
// add hooks for Enigma settings
$this->add_hook('preferences_sections_list', array($this, 'preferences_section'));
$this->add_hook('preferences_list', array($this, 'preferences_list'));
$this->add_hook('preferences_save', array($this, 'preferences_save'));
// register handler for keys/certs management
$this->register_action('plugin.enigma', array($this, 'preferences_ui'));
// grab keys/certs management iframe requests
if ($this->rc->action == 'edit-prefs' && preg_match('/^enigma(certs|keys)/', $section)) {
$this->load_ui();
$this->ui->init($section);
}
}
}
}
function authenticate($args)
{
// Load plugin's config file
$this->load_config();
$host = rcmail::get_instance()->config->get('http_authentication_host');
if (is_string($host) && trim($host) !== '' && empty($args['host'])) {
$args['host'] = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));
}
// Allow entering other user data in login form,
// e.g. after log out (#1487953)
if (!empty($args['user'])) {
return $args;
}
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$args['user'] = $_SERVER['PHP_AUTH_USER'];
$args['pass'] = $_SERVER['PHP_AUTH_PW'];
}
$args['cookiecheck'] = false;
$args['valid'] = true;
return $args;
}
function user2email($params)
{
$this->log_msg('Search email for user: '******'user']);
if ($this->init_ldap()) {
foreach ($this->ldap->search('*', $params['user'], 1)->records as $record) {
$email = rcube_utils::idn_to_ascii(self::record_attr('email', $record));
$this->log_msg("Found email: {$email}");
if ($params['extended']) {
$params['email'][] = array('email' => $email, 'name' => self::record_attr('name', $record), 'organization' => self::record_attr('organization', $record));
} else {
$params['email'][] = $email;
}
if ($params['first']) {
break;
}
}
}
if (!$params['email']) {
$this->log_msg('No email found');
}
return $params;
}
public function save($currpass, $newpass)
{
$host = rcmail::get_instance()->config->get('password_smb_host', 'localhost');
$bin = rcmail::get_instance()->config->get('password_smb_cmd', '/usr/bin/smbpasswd');
$username = $_SESSION['username'];
$host = rcube_utils::parse_host($host);
$tmpfile = tempnam(sys_get_temp_dir(), 'smb');
$cmd = $bin . ' -r ' . $host . ' -s -U "' . $username . '" > ' . $tmpfile . ' 2>&1';
$handle = @popen($cmd, 'w');
fputs($handle, $currpass . "\n");
fputs($handle, $newpass . "\n");
fputs($handle, $newpass . "\n");
@pclose($handle);
$res = file($tmpfile);
unlink($tmpfile);
if (strstr($res[count($res) - 1], 'Password changed for user') !== false) {
return PASSWORD_SUCCESS;
} else {
rcube::raise_error(array('code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: Unable to execute {$cmd}"), true, false);
}
return PASSWORD_ERROR;
}
function login_after($args)
{
$rcmail = rcmail::get_instance();
$dbh = new PDO($this->get_db_driver() . ':dbname=' . $rcmail->config->get('agendav_dbname', false) . ';host=' . $rcmail->config->get('agendav_dbhost', false), $rcmail->config->get('agendav_dbuser', false), $rcmail->config->get('agendav_dbpass', false));
$stmt = $dbh->prepare('insert into ' . $rcmail->config->get('agendav_dbprefix', false) . 'sessions(session_id, ip_address, user_agent,last_activity,user_data) values (:id, :ip, :user_agent, :last_activity, :user_data)');
$stmt->bindParam(':id', $guid);
$stmt->bindParam(':ip', $ip);
$stmt->bindParam(':user_agent', $user_agent);
$stmt->bindParam(':last_activity', $last_activity);
$stmt->bindParam(':user_data', $user_data);
// encrypt password
$encrypt = new CI_Encrypt();
$encrypt->set_key(md5($rcmail->config->get('agendav_encryption_key', false)));
// create all necessary infos for the agendav session line
$password = $encrypt->encode($rcmail->get_user_password());
$username = $rcmail->get_user_name();
$guid = sprintf('%04x%04x%04x%04x%04x%04x%04x%04x', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535));
$ip = rcube_utils::remote_addr();
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$last_activity = time();
// read existing preferences array
$pref_stmt = $dbh->prepare('select options from ' . $rcmail->config->get('agendav_dbprefix', false) . 'prefs where username=:username');
$pref_stmt->bindParam(':username', $rcmail->get_user_name());
$pref_stmt->execute();
$prefs = $pref_stmt->fetch(PDO::FETCH_ASSOC);
$options = serialize(json_decode($prefs['options'], true));
$options = $options == "N;" ? "a:0:{}" : $options;
// need to replace 'null' with an empty array, otherwise agendav fails to load calendars if user prefs are empty
$user_data = 'a:4:{s:4:"user";s:' . strlen($username) . ':"' . $username . '";s:6:"passwd";s:' . strlen($password) . ':"' . $password . '";s:5:"prefs";' . $options . 's:19:"available_calendars";a:0:{}}';
// create session in agendav
$stmt->execute();
// destroy database connection
$dbh = null;
// create cookie containing the agendav session_id
setcookie('agendav_sessid', $guid, 0);
// save agendav session_id in the session, so it can be used on during roundcube logoff to kill the agendav session
$_SESSION['agendav_sessid'] = $guid;
}
private function _edit_headers(&$uids, $spam)
{
$rcmail = rcube::get_instance();
$args = $spam ? $rcmail->config->get('markasjunk2_spam_patterns') : $rcmail->config->get('markasjunk2_ham_patterns');
if (sizeof($args['patterns']) == 0) {
return;
}
$mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST);
$new_uids = array();
foreach (explode(",", $uids) as $uid) {
$raw_message = $rcmail->storage->get_raw_body($uid);
$raw_headers = $rcmail->storage->get_raw_headers($uid);
$updated_headers = preg_replace($args['patterns'], $args['replacements'], $raw_headers);
$raw_message = str_replace($raw_headers, $updated_headers, $raw_message);
$saved = $rcmail->storage->save_message($mbox, $raw_message);
if ($saved !== false) {
$rcmail->output->command('rcmail_markasjunk2_move', null, $uid);
array_push($new_uids, $saved);
}
}
if (sizeof($new_uids) > 0) {
$uids = implode(',', $new_uids);
}
}
function save($curpass, $passwd)
{
$rcmail = rcmail::get_instance();
$poppassd = new Net_Socket();
$port = $rcmail->config->get('password_pop_port', 106);
$host = $rcmail->config->get('password_pop_host', 'localhost');
$host = rcube_utils::parse_host($host);
$result = $poppassd->connect($host, $port, null);
if (is_a($result, 'PEAR_Error')) {
return $this->format_error_result(PASSWORD_CONNECT_ERROR, $result->getMessage());
}
$result = $poppassd->readLine();
if (!preg_match('/^2\\d\\d/', $result)) {
$poppassd->disconnect();
return $this->format_error_result(PASSWORD_ERROR, $result);
}
$poppassd->writeLine("user " . $_SESSION['username']);
$result = $poppassd->readLine();
if (!preg_match('/^[23]\\d\\d/', $result)) {
$poppassd->disconnect();
return $this->format_error_result(PASSWORD_CONNECT_ERROR, $result);
}
$poppassd->writeLine("pass " . $curpass);
$result = $poppassd->readLine();
if (!preg_match('/^[23]\\d\\d/', $result)) {
$poppassd->disconnect();
return $this->format_error_result(PASSWORD_ERROR, $result);
}
$poppassd->writeLine("newpass " . $passwd);
$result = $poppassd->readLine();
$poppassd->disconnect();
if (!preg_match('/^2\\d\\d/', $result)) {
return $this->format_error_result(PASSWORD_ERROR, $result);
}
return PASSWORD_SUCCESS;
}
function save_data()
{
$COMPOSE_ID = rcube_utils::get_input_value('_id', rcube_utils::INPUT_GPC);
$COMPOSE = null;
if ($COMPOSE_ID && $_SESSION['compose_data_' . $COMPOSE_ID]) {
$SESSION_KEY = 'compose_data_' . $COMPOSE_ID;
$COMPOSE =& $_SESSION[$SESSION_KEY];
}
if (!$COMPOSE) {
die("Invalid session var!");
}
$uploadid = rcube_utils::get_input_value('_uploadid', rcube_utils::INPUT_POST);
$files = rcube_utils::get_input_value('files', rcube_utils::INPUT_POST);
$RCMAIL = rcmail::get_instance();
$RCMAIL->output->reset();
//rcube::write_log('dropbox_attachments', $files);
if (is_array($files)) {
$multiple = count($files) > 1;
foreach ($files as $i => $file) {
/*File checks*/
$err = false;
if ($file['is_dir'] == 'true') {
$err = "UPLOAD_ERR_DIRECTORY";
}
// Fetch file
$filepath = $this->download_fopen($file['link']);
//rcube::write_log('dropbox_attachments', link);
//rcube::write_log('dropbox_attachments', $filepath);
rcube::write_log('dropbox_attachments', $file['link']);
if (!$filepath) {
$err = "UPLOAD_ERR_FETCH";
}
if (!$err) {
$attachment = $this->move_file(array('path' => $filepath, 'size' => $file['bytes'], 'name' => $file['name'], 'mimetype' => rcube_mime::file_content_type($filepath, $file['name']), 'group' => $COMPOSE_ID));
}
//rcube::write_log('dropbox_attachments', $attachment);
if (!$err && $attachment['status'] && !$attachment['abort']) {
$id = $attachment['id'];
// store new attachment in session
unset($attachment['status'], $attachment['abort']);
$RCMAIL->session->append($SESSION_KEY . '.attachments', $id, $attachment);
if (($icon = $COMPOSE['deleteicon']) && is_file($icon)) {
$button = html::img(array('src' => $icon, 'alt' => $RCMAIL->gettext('delete')));
} else {
if ($COMPOSE['textbuttons']) {
$button = rcube::Q($RCMAIL->gettext('delete'));
} else {
$button = '';
}
}
$content = html::a(array('href' => "#delete", 'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%s', this)", rcmail_output::JS_OBJECT_NAME, $id), 'title' => $RCMAIL->gettext('delete'), 'class' => 'delete'), $button);
$content .= rcube::Q($attachment['name']);
$RCMAIL->output->command('add2attachment_list', "rcmfile{$id}", array('html' => $content, 'name' => $attachment['name'], 'mimetype' => $attachment['mimetype'], 'classname' => rcube_utils::file2class($attachment['mimetype'], $attachment['name']), 'complete' => true), $uploadid);
} else {
// upload failed
if ($err == "UPLOAD_ERR_DIRECTORY") {
$msg = "Directory upload not allowed.";
} else {
if ($err == "UPLOAD_ERR_FETCH") {
$msg = "Failed to download file from Dropbox";
} else {
if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) {
$size = $RCMAIL->show_bytes(parse_bytes(ini_get('upload_max_filesize')));
$msg = $RCMAIL->gettext(array('name' => 'filesizeerror', 'vars' => array('size' => $size)));
} else {
if ($attachment['error']) {
$msg = $attachment['error'];
} else {
$msg = $RCMAIL->gettext('fileuploaderror');
}
}
}
}
if ($attachment['error'] || $err != UPLOAD_ERR_NO_FILE) {
$RCMAIL->output->command('display_message', $msg, 'error');
$RCMAIL->output->command('remove_from_attachment_list', $uploadid);
}
}
}
}
$RCMAIL->output->command('auto_save_start', 'false');
$RCMAIL->output->send();
}
function gen_form()
{
$confirm = $this->rcmail_inst->config->get('password_confirm_current');
$pwl = $this->rcmail_inst->config->get('password_min_length');
if (!empty($pwl)) {
$pwl = max(6, $pwl);
} else {
$pwl = 6;
}
$this->rcmail_inst->output->add_label('ispconfig3_pass.nopassword', 'ispconfig3_pass.nocurpassword', 'ispconfig3_pass.passwordinconsistency', 'ispconfig3_pass.changepasswd', 'ispconfig3_pass.passwordminlength');
$this->rcmail_inst->output->add_script('var pw_min_length =' . $pwl . ';');
$this->rcmail_inst->output->set_env('framed', true);
$out .= '<fieldset><legend>' . $this->gettext('password') . '</legend>' . "\n";
$table = new html_table(array('cols' => 2, 'class' => 'propform'));
if ($confirm) {
$input_newpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => 'curpasswd', 'size' => 20));
$table->add('title', rcube_utils::rep_specialchars_output($this->gettext('curpasswd')));
$table->add('', $input_newpasswd->show());
}
$input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => 'newpasswd', 'size' => 20));
$table->add('title', rcube_utils::rep_specialchars_output($this->gettext('newpasswd')));
$table->add('', $input_newpasswd->show() . '<div id="pass-check">');
$input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => 'confpasswd', 'size' => 20));
$table->add('title', rcube_utils::rep_specialchars_output($this->gettext('confpasswd')));
$table->add('', $input_confpasswd->show());
$out .= $table->show();
$out .= "</fieldset>\n";
return $out;
}
function password_save()
{
$this->register_handler('plugin.body', array($this, 'password_form'));
$rcmail = rcmail::get_instance();
$rcmail->output->set_pagetitle($this->gettext('changepasswd'));
$confirm = $rcmail->config->get('password_confirm_current');
$required_length = intval($rcmail->config->get('password_minimum_length'));
$check_strength = $rcmail->config->get('password_require_nonalpha');
if ($confirm && !isset($_POST['_curpasswd']) || !isset($_POST['_newpasswd'])) {
$rcmail->output->command('display_message', $this->gettext('nopassword'), 'error');
} else {
$charset = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1'));
$rc_charset = strtoupper($rcmail->output->get_charset());
$sespwd = $rcmail->decrypt($_SESSION['password']);
$curpwd = $confirm ? rcube_utils::get_input_value('_curpasswd', rcube_utils::INPUT_POST, true, $charset) : $sespwd;
$newpwd = rcube_utils::get_input_value('_newpasswd', rcube_utils::INPUT_POST, true);
$conpwd = rcube_utils::get_input_value('_confpasswd', rcube_utils::INPUT_POST, true);
// check allowed characters according to the configured 'password_charset' option
// by converting the password entered by the user to this charset and back to UTF-8
$orig_pwd = $newpwd;
$chk_pwd = rcube_charset::convert($orig_pwd, $rc_charset, $charset);
$chk_pwd = rcube_charset::convert($chk_pwd, $charset, $rc_charset);
// WARNING: Default password_charset is ISO-8859-1, so conversion will
// change national characters. This may disable possibility of using
// the same password in other MUA's.
// We're doing this for consistence with Roundcube core
$newpwd = rcube_charset::convert($newpwd, $rc_charset, $charset);
$conpwd = rcube_charset::convert($conpwd, $rc_charset, $charset);
if ($chk_pwd != $orig_pwd) {
$rcmail->output->command('display_message', $this->gettext('passwordforbidden'), 'error');
} else {
if ($conpwd != $newpwd) {
$rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error');
} else {
if ($confirm && $sespwd != $curpwd) {
$rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
} else {
if ($required_length && strlen($newpwd) < $required_length) {
$rcmail->output->command('display_message', $this->gettext(array('name' => 'passwordshort', 'vars' => array('length' => $required_length))), 'error');
} else {
if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) {
$rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error');
} else {
if ($sespwd == $newpwd && !$rcmail->config->get('password_force_save')) {
$rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
} else {
if (!($res = $this->_save($curpwd, $newpwd))) {
$rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
// allow additional actions after password change (e.g. reset some backends)
$plugin = $rcmail->plugins->exec_hook('password_change', array('old_pass' => $curpwd, 'new_pass' => $newpwd));
// Reset session password
$_SESSION['password'] = $rcmail->encrypt($plugin['new_pass']);
// Log password change
if ($rcmail->config->get('password_log')) {
rcube::write_log('password', sprintf('Password changed for user %s (ID: %d) from %s', $rcmail->get_user_name(), $rcmail->user->ID, rcube_utils::remote_ip()));
}
} else {
$rcmail->output->command('display_message', $res, 'error');
}
}
}
}
}
}
}
}
$rcmail->overwrite_action('plugin.password');
$rcmail->output->send('plugin');
}
function save($curpass, $passwd)
{
$rcmail = rcmail::get_instance();
if (!($sql = $rcmail->config->get('password_query'))) {
$sql = 'SELECT update_passwd(%c, %u)';
}
if ($dsn = $rcmail->config->get('password_db_dsn')) {
// #1486067: enable new_link option
if (is_array($dsn) && empty($dsn['new_link'])) {
$dsn['new_link'] = true;
} else {
if (!is_array($dsn) && !preg_match('/\\?new_link=true/', $dsn)) {
$dsn .= '?new_link=true';
}
}
$db = rcube_db::factory($dsn, '', false);
$db->set_debug((bool) $rcmail->config->get('sql_debug'));
$db->db_connect('w');
} else {
$db = $rcmail->get_dbh();
}
if ($db->is_error()) {
return PASSWORD_ERROR;
}
// crypted password
if (strpos($sql, '%c') !== FALSE) {
$salt = '';
if (!($crypt_hash = $rcmail->config->get('password_crypt_hash'))) {
if (CRYPT_MD5) {
$crypt_hash = 'md5';
} else {
if (CRYPT_STD_DES) {
$crypt_hash = 'des';
}
}
}
switch ($crypt_hash) {
case 'md5':
$len = 8;
$salt_hashindicator = '$1$';
break;
case 'des':
$len = 2;
break;
case 'blowfish':
$cost = (int) $rcmail->config->get('password_blowfish_cost');
$cost = $cost < 4 || $cost > 31 ? 12 : $cost;
$len = 22;
$salt_hashindicator = sprintf('$2a$%02d$', $cost);
break;
case 'sha256':
$len = 16;
$salt_hashindicator = '$5$';
break;
case 'sha512':
$len = 16;
$salt_hashindicator = '$6$';
break;
default:
return PASSWORD_CRYPT_ERROR;
}
//Restrict the character set used as salt (#1488136)
$seedchars = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
for ($i = 0; $i < $len; $i++) {
$salt .= $seedchars[rand(0, 63)];
}
$sql = str_replace('%c', $db->quote(crypt($passwd, $salt_hashindicator ? $salt_hashindicator . $salt . '$' : $salt)), $sql);
}
// dovecotpw
if (strpos($sql, '%D') !== FALSE) {
if (!($dovecotpw = $rcmail->config->get('password_dovecotpw'))) {
$dovecotpw = 'dovecotpw';
}
if (!($method = $rcmail->config->get('password_dovecotpw_method'))) {
$method = 'CRAM-MD5';
}
// use common temp dir
$tmp_dir = $rcmail->config->get('temp_dir');
$tmpfile = tempnam($tmp_dir, 'roundcube-');
$pipe = popen("{$dovecotpw} -s '{$method}' > '{$tmpfile}'", "w");
if (!$pipe) {
unlink($tmpfile);
return PASSWORD_CRYPT_ERROR;
} else {
fwrite($pipe, $passwd . "\n", 1 + strlen($passwd));
usleep(1000);
fwrite($pipe, $passwd . "\n", 1 + strlen($passwd));
pclose($pipe);
$newpass = trim(file_get_contents($tmpfile), "\n");
if (!preg_match('/^\\{' . $method . '\\}/', $newpass)) {
return PASSWORD_CRYPT_ERROR;
}
if (!$rcmail->config->get('password_dovecotpw_with_method')) {
$newpass = trim(str_replace('{' . $method . '}', '', $newpass));
}
unlink($tmpfile);
}
$sql = str_replace('%D', $db->quote($newpass), $sql);
}
// hashed passwords
if (preg_match('/%[n|q]/', $sql)) {
if (!extension_loaded('hash')) {
rcube::raise_error(array('code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: 'hash' extension not loaded!"), true, false);
return PASSWORD_ERROR;
}
if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) {
$hash_algo = 'sha1';
}
$hash_passwd = hash($hash_algo, $passwd);
$hash_curpass = hash($hash_algo, $curpass);
if ($rcmail->config->get('password_hash_base64')) {
$hash_passwd = base64_encode(pack('H*', $hash_passwd));
$hash_curpass = base64_encode(pack('H*', $hash_curpass));
}
$sql = str_replace('%n', $db->quote($hash_passwd, 'text'), $sql);
$sql = str_replace('%q', $db->quote($hash_curpass, 'text'), $sql);
}
// Handle clear text passwords securely (#1487034)
$sql_vars = array();
if (preg_match_all('/%[p|o]/', $sql, $m)) {
foreach ($m[0] as $var) {
if ($var == '%p') {
$sql = preg_replace('/%p/', '?', $sql, 1);
$sql_vars[] = (string) $passwd;
} else {
// %o
$sql = preg_replace('/%o/', '?', $sql, 1);
$sql_vars[] = (string) $curpass;
}
}
}
$local_part = $rcmail->user->get_username('local');
$domain_part = $rcmail->user->get_username('domain');
$username = $_SESSION['username'];
$host = $_SESSION['imap_host'];
// convert domains to/from punnycode
if ($rcmail->config->get('password_idn_ascii')) {
$domain_part = rcube_utils::idn_to_ascii($domain_part);
$username = rcube_utils::idn_to_ascii($username);
$host = rcube_utils::idn_to_ascii($host);
} else {
$domain_part = rcube_utils::idn_to_utf8($domain_part);
$username = rcube_utils::idn_to_utf8($username);
$host = rcube_utils::idn_to_utf8($host);
}
// at least we should always have the local part
$sql = str_replace('%l', $db->quote($local_part, 'text'), $sql);
$sql = str_replace('%d', $db->quote($domain_part, 'text'), $sql);
$sql = str_replace('%u', $db->quote($username, 'text'), $sql);
$sql = str_replace('%h', $db->quote($host, 'text'), $sql);
$res = $db->query($sql, $sql_vars);
if (!$db->is_error()) {
if (strtolower(substr(trim($sql), 0, 6)) == 'select') {
if ($db->fetch_array($res)) {
return PASSWORD_SUCCESS;
}
} else {
// This is the good case: 1 row updated
if ($db->affected_rows($res) == 1) {
return PASSWORD_SUCCESS;
}
// @TODO: Some queries don't affect any rows
// Should we assume a success if there was no error?
}
}
return PASSWORD_ERROR;
}
