public function ham(&$uids) { $rcmail = rcube::get_instance(); $storage = $rcmail->storage; $mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST); $new_uids = array(); foreach (explode(",", $uids) as $uid) { $saved = false; $message = new rcube_message($uid); if (sizeof($message->attachments) > 0) { foreach ($message->attachments as $part) { if ($part->ctype_primary == 'message' && $part->ctype_secondary == 'rfc822') { $orig_message_raw = $storage->get_message_part($message->uid, $part->mime_id, $part); $saved = $storage->save_message($mbox, $orig_message_raw); if ($saved !== false) { $rcmail->output->command('rcmail_markasjunk2_move', null, $uid); array_push($new_uids, $saved); } } } } } if (sizeof($new_uids) > 0) { $uids = implode(',', $new_uids); } }
function lookup_user_name($args) { if ($this->init_ldap($args['host'])) { $results = $this->ldap->search('*', $args['user'], true); if (count($results->records) == 1) { $user_name = is_array($results->records[0]['name']) ? $results->records[0]['name'][0] : $results->records[0]['name']; $user_email = is_array($results->records[0]['email']) ? $results->records[0]['email'][0] : $results->records[0]['email']; $args['user_name'] = $user_name; $args['email_list'] = array(); if (!$args['user_email'] && strpos($user_email, '@')) { $args['user_email'] = rcube_utils::idn_to_ascii($user_email); } foreach (array_keys($results[0]) as $key) { if (!preg_match('/^email($|:)/', $key)) { continue; } foreach ((array) $results->records[0][$key] as $alias) { if (strpos($alias, '@')) { $args['email_list'][] = rcube_utils::idn_to_ascii($alias); } } } } } return $args; }
function authenticate($args) { if (isset($_POST['_user']) && isset($_POST['_pass'])) { $args['host'] = $this->getHost(rcube_utils::get_input_value('_user', RCUBE_INPUT_POST)); } return $args; }
function save_prefs($args) { if ($args['section'] == 'mailview') { $args['prefs']['hide_blockquote_limit'] = (int) rcube_utils::get_input_value('_hide_blockquote_limit', rcube_utils::INPUT_POST); } return $args; }
/** * */ public function import($csv) { // convert to UTF-8 $head = substr($csv, 0, 4096); $fallback = rcube::get_instance()->config->get('default_charset', 'ISO-8859-1'); // fallback to Latin-1? $charset = rcube_charset::detect($head, RCMAIL_CHARSET); $csv = rcube_charset::convert($csv, $charset); $head = ''; $this->map = array(); // Parse file foreach (preg_split("/[\r\n]+/", $csv) as $i => $line) { $line = trim($line); if (empty($line)) { continue; } $elements = rcube_utils::explode_quoted_string(',', $line); if (empty($elements)) { continue; } // Parse header if (empty($this->map)) { $this->parse_header($elements); if (empty($this->map)) { break; } } else { $this->csv_to_vcard($elements); } } }
/** * Establish a connection to the LDAP server */ public function connect($host = null) { // Net_LDAP3 does not support IDNA yet // also parse_host() here is very Roundcube specific $host = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host)); return parent::connect($host); }
/** * Handler for submitted form (ajax request) * * Check fields and save to default identity if valid. * Afterwards the session flag is removed and we're done. */ function save_data() { $rcmail = rcmail::get_instance(); $identity = $rcmail->user->get_identity(); $ident_level = intval($rcmail->config->get('identities_level', 0)); $save_data = array('name' => rcube_utils::get_input_value('_name', rcube_utils::INPUT_POST), 'email' => rcube_utils::get_input_value('_email', rcube_utils::INPUT_POST), 'organization' => rcube_utils::get_input_value('_organization', rcube_utils::INPUT_POST), 'signature' => rcube_utils::get_input_value('_signature', rcube_utils::INPUT_POST)); // don't let the user alter the e-mail address if disabled by config if (in_array($ident_level, array(1, 3, 4))) { $save_data['email'] = $identity['email']; } if (empty($save_data['name']) || empty($save_data['email'])) { $rcmail->output->show_message('formincomplete', 'error'); } else { if (!rcube_utils::check_email($save_data['email'] = rcube_utils::idn_to_ascii($save_data['email']))) { $rcmail->output->show_message('emailformaterror', 'error', array('email' => $save_data['email'])); } else { // save data $rcmail->user->update_identity($identity['identity_id'], $save_data); $rcmail->session->remove('plugin.newuserdialog'); // hide dialog $rcmail->output->command('new_user_dialog_close'); $rcmail->output->show_message('successfullysaved', 'confirmation'); } } $rcmail->output->send(); }
function save_settings($args) { if ($args['section'] == 'mailbox') { $args['prefs']['preview_pane'] = rcube_utils::get_input_value('_previewpane_layout', rcube_utils::INPUT_POST) == 'none' ? false : true; $args['prefs']['previewpane_layout'] = rcube_utils::get_input_value('_previewpane_layout', rcube_utils::INPUT_POST) != 'none' ? rcube_utils::get_input_value('_previewpane_layout', rcube_utils::INPUT_POST) : rcube::get_instance()->config->get('previewpane_layout', 'below'); } return $args; }
public function create_identity($p) { $rcmail = rcmail::get_instance(); // prefs are set in create_user() if ($this->prefs) { if ($this->prefs['full_name']) { $p['record']['name'] = $this->prefs['full_name']; } if (($this->identities_level == 0 || $this->identities_level == 2) && $this->prefs['email_address']) { $p['record']['email'] = $this->prefs['email_address']; } if ($this->prefs['___signature___']) { $p['record']['signature'] = $this->prefs['___signature___']; } if ($this->prefs['reply_to']) { $p['record']['reply-to'] = $this->prefs['reply_to']; } if (($this->identities_level == 0 || $this->identities_level == 1) && isset($this->prefs['identities']) && $this->prefs['identities'] > 1) { for ($i = 1; $i < $this->prefs['identities']; $i++) { unset($ident_data); $ident_data = array('name' => '', 'email' => ''); // required data if ($this->prefs['full_name' . $i]) { $ident_data['name'] = $this->prefs['full_name' . $i]; } if ($this->identities_level == 0 && $this->prefs['email_address' . $i]) { $ident_data['email'] = $this->prefs['email_address' . $i]; } else { $ident_data['email'] = $p['record']['email']; } if ($this->prefs['reply_to' . $i]) { $ident_data['reply-to'] = $this->prefs['reply_to' . $i]; } if ($this->prefs['___sig' . $i . '___']) { $ident_data['signature'] = $this->prefs['___sig' . $i . '___']; } // insert identity $rcmail->user->insert_identity($ident_data); } } // copy address book $contacts = $rcmail->get_address_book(null, true); if ($contacts && count($this->abook)) { foreach ($this->abook as $rec) { // #1487096 handle multi-address and/or too long items $rec['email'] = array_shift(explode(';', $rec['email'])); if (rcube_utils::check_email(rcube_utils::idn_to_ascii($rec['email']))) { $rec['email'] = rcube_utils::idn_to_utf8($rec['email']); $contacts->insert($rec, true); } } } // mark identity as complete for following hooks $p['complete'] = true; } return $p; }
public function messagecount() { $storage = rcube::get_instance()->storage; $mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST); // send output header("Content-Type: application/json; charset=" . RCUBE_CHARSET); echo json_encode(array('messagecount' => $storage->count($mbox, 'EXISTS'))); exit; }
function mark_notjunk() { $this->add_texts('localization'); $this->_set_flags(); $uids = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST); $mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST); if ($this->_ham($uids, $mbox, $this->ham_mbox)) { $this->api->output->command('display_message', $this->gettext('reportedasnotjunk'), 'confirmation'); } $this->api->output->send(); }
function lookup_user_name($args) { if ($this->init_ldap($args['host'])) { $results = $this->ldap->search('*', $args['user'], true); if (count($results->records) == 1) { $user_name = is_array($results->records[0]['name']) ? $results->records[0]['name'][0] : $results->records[0]['name']; $user_email = is_array($results->records[0]['email']) ? $results->records[0]['email'][0] : $results->records[0]['email']; $args['user_name'] = $user_name; if (!$args['user_email'] && strpos($user_email, '@')) { $args['user_email'] = rcube_utils::idn_to_ascii($user_email); } } } return $args; }
/** * Callback function used to build mailto: links around e-mail strings * * This also adds an onclick-handler to open the Rouncube compose message screen on such links * * @param array Matches result from preg_replace_callback * @return int Index of saved string value * @see rcube_string_replacer::mailto_callback() */ public function mailto_callback($matches) { $href = $matches[1]; $suffix = $this->parse_url_brackets($href); $email = $href; if (strpos($email, '?')) { list($email, ) = explode('?', $email); } // skip invalid emails if (!rcube_utils::check_email($email, false)) { return $matches[1]; } $i = $this->add(html::a(array('href' => 'mailto:' . $href, 'onclick' => "return " . rcmail_output::JS_OBJECT_NAME . ".command('compose','" . rcube::JQ($href) . "',this)"), rcube::Q($href)) . $suffix); return $i >= 0 ? $this->get_replacement($i) : ''; }
function request_action() { $this->add_texts('localization'); $uids = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST); $mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST); $rcmail = rcmail::get_instance(); $storage = $rcmail->get_storage(); $storage->unset_flag($uids, 'NONJUNK'); $storage->set_flag($uids, 'JUNK'); if (($junk_mbox = $rcmail->config->get('junk_mbox')) && $mbox != $junk_mbox) { $rcmail->output->command('move_messages', $junk_mbox); } $rcmail->output->command('display_message', $this->gettext('reportedasjunk'), 'confirmation'); $rcmail->output->send(); }
/** * User > Email */ function user2email($p) { $r = $this->findinvirtual('/\\s' . preg_quote($p['user'], '/') . '\\s*$/'); $result = array(); for ($i = 0; $i < count($r); $i++) { $arr = preg_split('/\\s+/', $r[$i]); if (count($arr) > 0 && strpos($arr[0], '@')) { $result[] = rcube_utils::idn_to_ascii(trim(str_replace('\\@', '@', $arr[0]))); if ($p['first']) { $p['email'] = $result[0]; break; } } } $p['email'] = empty($result) ? NULL : $result; return $p; }
public function readfolder() { $storage = rcube::get_instance()->storage; $cbox = rcube_utils::get_input_value('_cur', rcube_utils::INPUT_POST); $mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST); $oact = rcube_utils::get_input_value('_oact', rcube_utils::INPUT_POST); $uids = $storage->search_once($mbox, 'ALL UNSEEN', true); if ($uids->is_empty()) { return false; } $storage->set_flag($uids->get(), 'SEEN', $mbox); if ($cbox == $mbox) { $this->api->output->command('toggle_read_status', 'read', $uids->get()); } rcmail_send_unread_count($mbox, true); $this->api->output->send(); }
/** * User > Email */ function user2email($p) { $dbh = $this->get_dbh(); $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escape($p['user']), $this->config['email'])); while ($sql_arr = $dbh->fetch_array($sql_result)) { if (strpos($sql_arr[0], '@')) { if ($p['extended'] && count($sql_arr) > 1) { $result[] = array('email' => rcube_utils::idn_to_ascii($sql_arr[0]), 'name' => (string) $sql_arr[1], 'organization' => (string) $sql_arr[2], 'reply-to' => (string) rcube_utils::idn_to_ascii($sql_arr[3]), 'bcc' => (string) rcube_utils::idn_to_ascii($sql_arr[4]), 'signature' => (string) $sql_arr[5], 'html_signature' => (int) $sql_arr[6]); } else { $result[] = $sql_arr[0]; } if ($p['first']) { break; } } } $p['email'] = $result; return $p; }
/** * Authenticate hook handler */ function authenticate($args) { if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) { // Load plugin's config file $this->load_config(); $rcmail = rcmail::get_instance(); $host = $rcmail->config->get('krb_authentication_host'); if (is_string($host) && trim($host) !== '' && empty($args['host'])) { $args['host'] = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host)); } if (!empty($_SERVER['REMOTE_USER'])) { $args['user'] = $_SERVER['REMOTE_USER']; $args['pass'] = null; } $args['cookiecheck'] = false; $args['valid'] = true; } return $args; }
function mark_message() { $this->add_texts('localization'); $is_spam = rcube::get_instance()->action == 'plugin.markasjunk2.junk' ? true : false; $multi_folder = $_POST['_multifolder'] == 'true' ? true : false; $messageset = rcmail::get_uids(); $mbox_name = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST); $dest_mbox = $is_spam ? $this->spam_mbox : $this->ham_mbox; $result = $is_spam ? $this->_spam($messageset, $dest_mbox) : $this->_ham($messageset, $dest_mbox); if ($result) { if ($dest_mbox && ($mbox_name !== $dest_mbox || $multi_folder)) { $this->api->output->command('rcmail_markasjunk2_move', $dest_mbox, $this->_messageset_to_uids($messageset, $multi_folder)); } else { $this->api->output->command('command', 'list', $mbox_name); } $this->api->output->command('display_message', $is_spam ? $this->gettext('reportedasjunk') : $this->gettext('reportedasnotjunk'), 'confirmation'); } $this->api->output->send(); }
/** * Plugin initialization. */ function init() { $rcmail = rcmail::get_instance(); $this->rc = $rcmail; $section = rcube_utils::get_input_value('_section', rcube_utils::INPUT_GET); if ($this->rc->task == 'mail') { // message parse/display hooks $this->add_hook('message_part_structure', array($this, 'parse_structure')); $this->add_hook('message_body_prefix', array($this, 'status_message')); // message displaying if ($rcmail->action == 'show' || $rcmail->action == 'preview') { $this->add_hook('message_load', array($this, 'message_load')); $this->add_hook('template_object_messagebody', array($this, 'message_output')); $this->register_action('plugin.enigmaimport', array($this, 'import_file')); } else { if ($rcmail->action == 'compose') { $this->load_ui(); $this->ui->init($section); } else { if ($rcmail->action == 'sendmail') { //$this->add_hook('outgoing_message_body', array($this, 'msg_encode')); //$this->add_hook('outgoing_message_body', array($this, 'msg_sign')); } } } } else { if ($this->rc->task == 'settings') { // add hooks for Enigma settings $this->add_hook('preferences_sections_list', array($this, 'preferences_section')); $this->add_hook('preferences_list', array($this, 'preferences_list')); $this->add_hook('preferences_save', array($this, 'preferences_save')); // register handler for keys/certs management $this->register_action('plugin.enigma', array($this, 'preferences_ui')); // grab keys/certs management iframe requests if ($this->rc->action == 'edit-prefs' && preg_match('/^enigma(certs|keys)/', $section)) { $this->load_ui(); $this->ui->init($section); } } } }
function authenticate($args) { // Load plugin's config file $this->load_config(); $host = rcmail::get_instance()->config->get('http_authentication_host'); if (is_string($host) && trim($host) !== '' && empty($args['host'])) { $args['host'] = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host)); } // Allow entering other user data in login form, // e.g. after log out (#1487953) if (!empty($args['user'])) { return $args; } if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { $args['user'] = $_SERVER['PHP_AUTH_USER']; $args['pass'] = $_SERVER['PHP_AUTH_PW']; } $args['cookiecheck'] = false; $args['valid'] = true; return $args; }
function user2email($params) { $this->log_msg('Search email for user: '******'user']); if ($this->init_ldap()) { foreach ($this->ldap->search('*', $params['user'], 1)->records as $record) { $email = rcube_utils::idn_to_ascii(self::record_attr('email', $record)); $this->log_msg("Found email: {$email}"); if ($params['extended']) { $params['email'][] = array('email' => $email, 'name' => self::record_attr('name', $record), 'organization' => self::record_attr('organization', $record)); } else { $params['email'][] = $email; } if ($params['first']) { break; } } } if (!$params['email']) { $this->log_msg('No email found'); } return $params; }
public function save($currpass, $newpass) { $host = rcmail::get_instance()->config->get('password_smb_host', 'localhost'); $bin = rcmail::get_instance()->config->get('password_smb_cmd', '/usr/bin/smbpasswd'); $username = $_SESSION['username']; $host = rcube_utils::parse_host($host); $tmpfile = tempnam(sys_get_temp_dir(), 'smb'); $cmd = $bin . ' -r ' . $host . ' -s -U "' . $username . '" > ' . $tmpfile . ' 2>&1'; $handle = @popen($cmd, 'w'); fputs($handle, $currpass . "\n"); fputs($handle, $newpass . "\n"); fputs($handle, $newpass . "\n"); @pclose($handle); $res = file($tmpfile); unlink($tmpfile); if (strstr($res[count($res) - 1], 'Password changed for user') !== false) { return PASSWORD_SUCCESS; } else { rcube::raise_error(array('code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: Unable to execute {$cmd}"), true, false); } return PASSWORD_ERROR; }
function login_after($args) { $rcmail = rcmail::get_instance(); $dbh = new PDO($this->get_db_driver() . ':dbname=' . $rcmail->config->get('agendav_dbname', false) . ';host=' . $rcmail->config->get('agendav_dbhost', false), $rcmail->config->get('agendav_dbuser', false), $rcmail->config->get('agendav_dbpass', false)); $stmt = $dbh->prepare('insert into ' . $rcmail->config->get('agendav_dbprefix', false) . 'sessions(session_id, ip_address, user_agent,last_activity,user_data) values (:id, :ip, :user_agent, :last_activity, :user_data)'); $stmt->bindParam(':id', $guid); $stmt->bindParam(':ip', $ip); $stmt->bindParam(':user_agent', $user_agent); $stmt->bindParam(':last_activity', $last_activity); $stmt->bindParam(':user_data', $user_data); // encrypt password $encrypt = new CI_Encrypt(); $encrypt->set_key(md5($rcmail->config->get('agendav_encryption_key', false))); // create all necessary infos for the agendav session line $password = $encrypt->encode($rcmail->get_user_password()); $username = $rcmail->get_user_name(); $guid = sprintf('%04x%04x%04x%04x%04x%04x%04x%04x', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535)); $ip = rcube_utils::remote_addr(); $user_agent = $_SERVER['HTTP_USER_AGENT']; $last_activity = time(); // read existing preferences array $pref_stmt = $dbh->prepare('select options from ' . $rcmail->config->get('agendav_dbprefix', false) . 'prefs where username=:username'); $pref_stmt->bindParam(':username', $rcmail->get_user_name()); $pref_stmt->execute(); $prefs = $pref_stmt->fetch(PDO::FETCH_ASSOC); $options = serialize(json_decode($prefs['options'], true)); $options = $options == "N;" ? "a:0:{}" : $options; // need to replace 'null' with an empty array, otherwise agendav fails to load calendars if user prefs are empty $user_data = 'a:4:{s:4:"user";s:' . strlen($username) . ':"' . $username . '";s:6:"passwd";s:' . strlen($password) . ':"' . $password . '";s:5:"prefs";' . $options . 's:19:"available_calendars";a:0:{}}'; // create session in agendav $stmt->execute(); // destroy database connection $dbh = null; // create cookie containing the agendav session_id setcookie('agendav_sessid', $guid, 0); // save agendav session_id in the session, so it can be used on during roundcube logoff to kill the agendav session $_SESSION['agendav_sessid'] = $guid; }
private function _edit_headers(&$uids, $spam) { $rcmail = rcube::get_instance(); $args = $spam ? $rcmail->config->get('markasjunk2_spam_patterns') : $rcmail->config->get('markasjunk2_ham_patterns'); if (sizeof($args['patterns']) == 0) { return; } $mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST); $new_uids = array(); foreach (explode(",", $uids) as $uid) { $raw_message = $rcmail->storage->get_raw_body($uid); $raw_headers = $rcmail->storage->get_raw_headers($uid); $updated_headers = preg_replace($args['patterns'], $args['replacements'], $raw_headers); $raw_message = str_replace($raw_headers, $updated_headers, $raw_message); $saved = $rcmail->storage->save_message($mbox, $raw_message); if ($saved !== false) { $rcmail->output->command('rcmail_markasjunk2_move', null, $uid); array_push($new_uids, $saved); } } if (sizeof($new_uids) > 0) { $uids = implode(',', $new_uids); } }
function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); $poppassd = new Net_Socket(); $port = $rcmail->config->get('password_pop_port', 106); $host = $rcmail->config->get('password_pop_host', 'localhost'); $host = rcube_utils::parse_host($host); $result = $poppassd->connect($host, $port, null); if (is_a($result, 'PEAR_Error')) { return $this->format_error_result(PASSWORD_CONNECT_ERROR, $result->getMessage()); } $result = $poppassd->readLine(); if (!preg_match('/^2\\d\\d/', $result)) { $poppassd->disconnect(); return $this->format_error_result(PASSWORD_ERROR, $result); } $poppassd->writeLine("user " . $_SESSION['username']); $result = $poppassd->readLine(); if (!preg_match('/^[23]\\d\\d/', $result)) { $poppassd->disconnect(); return $this->format_error_result(PASSWORD_CONNECT_ERROR, $result); } $poppassd->writeLine("pass " . $curpass); $result = $poppassd->readLine(); if (!preg_match('/^[23]\\d\\d/', $result)) { $poppassd->disconnect(); return $this->format_error_result(PASSWORD_ERROR, $result); } $poppassd->writeLine("newpass " . $passwd); $result = $poppassd->readLine(); $poppassd->disconnect(); if (!preg_match('/^2\\d\\d/', $result)) { return $this->format_error_result(PASSWORD_ERROR, $result); } return PASSWORD_SUCCESS; }
function save_data() { $COMPOSE_ID = rcube_utils::get_input_value('_id', rcube_utils::INPUT_GPC); $COMPOSE = null; if ($COMPOSE_ID && $_SESSION['compose_data_' . $COMPOSE_ID]) { $SESSION_KEY = 'compose_data_' . $COMPOSE_ID; $COMPOSE =& $_SESSION[$SESSION_KEY]; } if (!$COMPOSE) { die("Invalid session var!"); } $uploadid = rcube_utils::get_input_value('_uploadid', rcube_utils::INPUT_POST); $files = rcube_utils::get_input_value('files', rcube_utils::INPUT_POST); $RCMAIL = rcmail::get_instance(); $RCMAIL->output->reset(); //rcube::write_log('dropbox_attachments', $files); if (is_array($files)) { $multiple = count($files) > 1; foreach ($files as $i => $file) { /*File checks*/ $err = false; if ($file['is_dir'] == 'true') { $err = "UPLOAD_ERR_DIRECTORY"; } // Fetch file $filepath = $this->download_fopen($file['link']); //rcube::write_log('dropbox_attachments', link); //rcube::write_log('dropbox_attachments', $filepath); rcube::write_log('dropbox_attachments', $file['link']); if (!$filepath) { $err = "UPLOAD_ERR_FETCH"; } if (!$err) { $attachment = $this->move_file(array('path' => $filepath, 'size' => $file['bytes'], 'name' => $file['name'], 'mimetype' => rcube_mime::file_content_type($filepath, $file['name']), 'group' => $COMPOSE_ID)); } //rcube::write_log('dropbox_attachments', $attachment); if (!$err && $attachment['status'] && !$attachment['abort']) { $id = $attachment['id']; // store new attachment in session unset($attachment['status'], $attachment['abort']); $RCMAIL->session->append($SESSION_KEY . '.attachments', $id, $attachment); if (($icon = $COMPOSE['deleteicon']) && is_file($icon)) { $button = html::img(array('src' => $icon, 'alt' => $RCMAIL->gettext('delete'))); } else { if ($COMPOSE['textbuttons']) { $button = rcube::Q($RCMAIL->gettext('delete')); } else { $button = ''; } } $content = html::a(array('href' => "#delete", 'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%s', this)", rcmail_output::JS_OBJECT_NAME, $id), 'title' => $RCMAIL->gettext('delete'), 'class' => 'delete'), $button); $content .= rcube::Q($attachment['name']); $RCMAIL->output->command('add2attachment_list', "rcmfile{$id}", array('html' => $content, 'name' => $attachment['name'], 'mimetype' => $attachment['mimetype'], 'classname' => rcube_utils::file2class($attachment['mimetype'], $attachment['name']), 'complete' => true), $uploadid); } else { // upload failed if ($err == "UPLOAD_ERR_DIRECTORY") { $msg = "Directory upload not allowed."; } else { if ($err == "UPLOAD_ERR_FETCH") { $msg = "Failed to download file from Dropbox"; } else { if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) { $size = $RCMAIL->show_bytes(parse_bytes(ini_get('upload_max_filesize'))); $msg = $RCMAIL->gettext(array('name' => 'filesizeerror', 'vars' => array('size' => $size))); } else { if ($attachment['error']) { $msg = $attachment['error']; } else { $msg = $RCMAIL->gettext('fileuploaderror'); } } } } if ($attachment['error'] || $err != UPLOAD_ERR_NO_FILE) { $RCMAIL->output->command('display_message', $msg, 'error'); $RCMAIL->output->command('remove_from_attachment_list', $uploadid); } } } } $RCMAIL->output->command('auto_save_start', 'false'); $RCMAIL->output->send(); }
function gen_form() { $confirm = $this->rcmail_inst->config->get('password_confirm_current'); $pwl = $this->rcmail_inst->config->get('password_min_length'); if (!empty($pwl)) { $pwl = max(6, $pwl); } else { $pwl = 6; } $this->rcmail_inst->output->add_label('ispconfig3_pass.nopassword', 'ispconfig3_pass.nocurpassword', 'ispconfig3_pass.passwordinconsistency', 'ispconfig3_pass.changepasswd', 'ispconfig3_pass.passwordminlength'); $this->rcmail_inst->output->add_script('var pw_min_length =' . $pwl . ';'); $this->rcmail_inst->output->set_env('framed', true); $out .= '<fieldset><legend>' . $this->gettext('password') . '</legend>' . "\n"; $table = new html_table(array('cols' => 2, 'class' => 'propform')); if ($confirm) { $input_newpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => 'curpasswd', 'size' => 20)); $table->add('title', rcube_utils::rep_specialchars_output($this->gettext('curpasswd'))); $table->add('', $input_newpasswd->show()); } $input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => 'newpasswd', 'size' => 20)); $table->add('title', rcube_utils::rep_specialchars_output($this->gettext('newpasswd'))); $table->add('', $input_newpasswd->show() . '<div id="pass-check">'); $input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => 'confpasswd', 'size' => 20)); $table->add('title', rcube_utils::rep_specialchars_output($this->gettext('confpasswd'))); $table->add('', $input_confpasswd->show()); $out .= $table->show(); $out .= "</fieldset>\n"; return $out; }
function password_save() { $this->register_handler('plugin.body', array($this, 'password_form')); $rcmail = rcmail::get_instance(); $rcmail->output->set_pagetitle($this->gettext('changepasswd')); $confirm = $rcmail->config->get('password_confirm_current'); $required_length = intval($rcmail->config->get('password_minimum_length')); $check_strength = $rcmail->config->get('password_require_nonalpha'); if ($confirm && !isset($_POST['_curpasswd']) || !isset($_POST['_newpasswd'])) { $rcmail->output->command('display_message', $this->gettext('nopassword'), 'error'); } else { $charset = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1')); $rc_charset = strtoupper($rcmail->output->get_charset()); $sespwd = $rcmail->decrypt($_SESSION['password']); $curpwd = $confirm ? rcube_utils::get_input_value('_curpasswd', rcube_utils::INPUT_POST, true, $charset) : $sespwd; $newpwd = rcube_utils::get_input_value('_newpasswd', rcube_utils::INPUT_POST, true); $conpwd = rcube_utils::get_input_value('_confpasswd', rcube_utils::INPUT_POST, true); // check allowed characters according to the configured 'password_charset' option // by converting the password entered by the user to this charset and back to UTF-8 $orig_pwd = $newpwd; $chk_pwd = rcube_charset::convert($orig_pwd, $rc_charset, $charset); $chk_pwd = rcube_charset::convert($chk_pwd, $charset, $rc_charset); // WARNING: Default password_charset is ISO-8859-1, so conversion will // change national characters. This may disable possibility of using // the same password in other MUA's. // We're doing this for consistence with Roundcube core $newpwd = rcube_charset::convert($newpwd, $rc_charset, $charset); $conpwd = rcube_charset::convert($conpwd, $rc_charset, $charset); if ($chk_pwd != $orig_pwd) { $rcmail->output->command('display_message', $this->gettext('passwordforbidden'), 'error'); } else { if ($conpwd != $newpwd) { $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error'); } else { if ($confirm && $sespwd != $curpwd) { $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error'); } else { if ($required_length && strlen($newpwd) < $required_length) { $rcmail->output->command('display_message', $this->gettext(array('name' => 'passwordshort', 'vars' => array('length' => $required_length))), 'error'); } else { if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) { $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error'); } else { if ($sespwd == $newpwd && !$rcmail->config->get('password_force_save')) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); } else { if (!($res = $this->_save($curpwd, $newpwd))) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); // allow additional actions after password change (e.g. reset some backends) $plugin = $rcmail->plugins->exec_hook('password_change', array('old_pass' => $curpwd, 'new_pass' => $newpwd)); // Reset session password $_SESSION['password'] = $rcmail->encrypt($plugin['new_pass']); // Log password change if ($rcmail->config->get('password_log')) { rcube::write_log('password', sprintf('Password changed for user %s (ID: %d) from %s', $rcmail->get_user_name(), $rcmail->user->ID, rcube_utils::remote_ip())); } } else { $rcmail->output->command('display_message', $res, 'error'); } } } } } } } } $rcmail->overwrite_action('plugin.password'); $rcmail->output->send('plugin'); }
function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); if (!($sql = $rcmail->config->get('password_query'))) { $sql = 'SELECT update_passwd(%c, %u)'; } if ($dsn = $rcmail->config->get('password_db_dsn')) { // #1486067: enable new_link option if (is_array($dsn) && empty($dsn['new_link'])) { $dsn['new_link'] = true; } else { if (!is_array($dsn) && !preg_match('/\\?new_link=true/', $dsn)) { $dsn .= '?new_link=true'; } } $db = rcube_db::factory($dsn, '', false); $db->set_debug((bool) $rcmail->config->get('sql_debug')); $db->db_connect('w'); } else { $db = $rcmail->get_dbh(); } if ($db->is_error()) { return PASSWORD_ERROR; } // crypted password if (strpos($sql, '%c') !== FALSE) { $salt = ''; if (!($crypt_hash = $rcmail->config->get('password_crypt_hash'))) { if (CRYPT_MD5) { $crypt_hash = 'md5'; } else { if (CRYPT_STD_DES) { $crypt_hash = 'des'; } } } switch ($crypt_hash) { case 'md5': $len = 8; $salt_hashindicator = '$1$'; break; case 'des': $len = 2; break; case 'blowfish': $cost = (int) $rcmail->config->get('password_blowfish_cost'); $cost = $cost < 4 || $cost > 31 ? 12 : $cost; $len = 22; $salt_hashindicator = sprintf('$2a$%02d$', $cost); break; case 'sha256': $len = 16; $salt_hashindicator = '$5$'; break; case 'sha512': $len = 16; $salt_hashindicator = '$6$'; break; default: return PASSWORD_CRYPT_ERROR; } //Restrict the character set used as salt (#1488136) $seedchars = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; for ($i = 0; $i < $len; $i++) { $salt .= $seedchars[rand(0, 63)]; } $sql = str_replace('%c', $db->quote(crypt($passwd, $salt_hashindicator ? $salt_hashindicator . $salt . '$' : $salt)), $sql); } // dovecotpw if (strpos($sql, '%D') !== FALSE) { if (!($dovecotpw = $rcmail->config->get('password_dovecotpw'))) { $dovecotpw = 'dovecotpw'; } if (!($method = $rcmail->config->get('password_dovecotpw_method'))) { $method = 'CRAM-MD5'; } // use common temp dir $tmp_dir = $rcmail->config->get('temp_dir'); $tmpfile = tempnam($tmp_dir, 'roundcube-'); $pipe = popen("{$dovecotpw} -s '{$method}' > '{$tmpfile}'", "w"); if (!$pipe) { unlink($tmpfile); return PASSWORD_CRYPT_ERROR; } else { fwrite($pipe, $passwd . "\n", 1 + strlen($passwd)); usleep(1000); fwrite($pipe, $passwd . "\n", 1 + strlen($passwd)); pclose($pipe); $newpass = trim(file_get_contents($tmpfile), "\n"); if (!preg_match('/^\\{' . $method . '\\}/', $newpass)) { return PASSWORD_CRYPT_ERROR; } if (!$rcmail->config->get('password_dovecotpw_with_method')) { $newpass = trim(str_replace('{' . $method . '}', '', $newpass)); } unlink($tmpfile); } $sql = str_replace('%D', $db->quote($newpass), $sql); } // hashed passwords if (preg_match('/%[n|q]/', $sql)) { if (!extension_loaded('hash')) { rcube::raise_error(array('code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: 'hash' extension not loaded!"), true, false); return PASSWORD_ERROR; } if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) { $hash_algo = 'sha1'; } $hash_passwd = hash($hash_algo, $passwd); $hash_curpass = hash($hash_algo, $curpass); if ($rcmail->config->get('password_hash_base64')) { $hash_passwd = base64_encode(pack('H*', $hash_passwd)); $hash_curpass = base64_encode(pack('H*', $hash_curpass)); } $sql = str_replace('%n', $db->quote($hash_passwd, 'text'), $sql); $sql = str_replace('%q', $db->quote($hash_curpass, 'text'), $sql); } // Handle clear text passwords securely (#1487034) $sql_vars = array(); if (preg_match_all('/%[p|o]/', $sql, $m)) { foreach ($m[0] as $var) { if ($var == '%p') { $sql = preg_replace('/%p/', '?', $sql, 1); $sql_vars[] = (string) $passwd; } else { // %o $sql = preg_replace('/%o/', '?', $sql, 1); $sql_vars[] = (string) $curpass; } } } $local_part = $rcmail->user->get_username('local'); $domain_part = $rcmail->user->get_username('domain'); $username = $_SESSION['username']; $host = $_SESSION['imap_host']; // convert domains to/from punnycode if ($rcmail->config->get('password_idn_ascii')) { $domain_part = rcube_utils::idn_to_ascii($domain_part); $username = rcube_utils::idn_to_ascii($username); $host = rcube_utils::idn_to_ascii($host); } else { $domain_part = rcube_utils::idn_to_utf8($domain_part); $username = rcube_utils::idn_to_utf8($username); $host = rcube_utils::idn_to_utf8($host); } // at least we should always have the local part $sql = str_replace('%l', $db->quote($local_part, 'text'), $sql); $sql = str_replace('%d', $db->quote($domain_part, 'text'), $sql); $sql = str_replace('%u', $db->quote($username, 'text'), $sql); $sql = str_replace('%h', $db->quote($host, 'text'), $sql); $res = $db->query($sql, $sql_vars); if (!$db->is_error()) { if (strtolower(substr(trim($sql), 0, 6)) == 'select') { if ($db->fetch_array($res)) { return PASSWORD_SUCCESS; } } else { // This is the good case: 1 row updated if ($db->affected_rows($res) == 1) { return PASSWORD_SUCCESS; } // @TODO: Some queries don't affect any rows // Should we assume a success if there was no error? } } return PASSWORD_ERROR; }