diff options
| author | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2009-06-20 07:28:33 +0000 |
|---|---|---|
| committer | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2009-06-20 07:28:33 +0000 |
| commit | 69ded50fd8a2f1275523e55cca605a6f00ae435d (patch) | |
| tree | 6e23fa7e98ddeaeeb2b9d956fa0777df0acb80e0 /roundcubemail/plugins/password/drivers/sql.php | |
| parent | 28c502b6494e7abeee8eb41af828089e48ca559a (diff) | |
- Password plugin: implemented drivers
- removed password_sasl plugin
git-svn-id: https://svn.roundcube.net/trunk@2664 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/plugins/password/drivers/sql.php')
| -rw-r--r-- | roundcubemail/plugins/password/drivers/sql.php | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/roundcubemail/plugins/password/drivers/sql.php b/roundcubemail/plugins/password/drivers/sql.php new file mode 100644 index 000000000..3cac8d4dc --- /dev/null +++ b/roundcubemail/plugins/password/drivers/sql.php @@ -0,0 +1,66 @@ +<?php + +/** + * SQL Password Driver + * + * Driver for passwords stored in SQL database + * + * @version 1.0 + * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl> + * + */ + +function password_save($curpass, $passwd) +{ + $rcmail = rcmail::get_instance(); + + if (!($sql = $rcmail->config->get('password_query'))) + $sql = 'SELECT update_passwd(%c, %u)'; + + if ($dsn = $rcmail->config->get('password_db_dsn')) { + $db = new rcube_mdb2($dsn, '', FALSE); + $db->set_debug((bool)$rcmail->config->get('sql_debug')); + $db->db_connect('w'); + } else { + $db = $rcmail->get_dbh(); + } + + if ($err = $db->is_error()) + return PASSWORD_ERROR; + + if (strpos($sql, '%c') !== FALSE) { + $salt = ''; + if (CRYPT_MD5) { + $len = rand(3, CRYPT_SALT_LENGTH); + } else if (CRYPT_STD_DES) { + $len = 2; + } else { + return PASSWORD_CRYPT_ERROR; + } + for ($i = 0; $i < $len ; $i++) { + $salt .= chr(rand(ord('.'), ord('z'))); + } + $sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql); + } + + $sql = str_replace('%u', $db->quote($_SESSION['username'],'text'), $sql); + $sql = str_replace('%p', $db->quote($passwd,'text'), $sql); + $sql = str_replace('%o', $db->quote($curpass,'text'), $sql); + $sql = str_replace('%h', $db->quote($_SESSION['imap_host'],'text'), $sql); + + $res = $db->query($sql); + + if (!$db->is_error()) { + if (strtolower(substr(trim($query),0,6))=='select') { + if ($result = $db->fetch_array($res)) + return PASSWORD_SUCCESS; + } else { + if ($db->affected_rows($res) == 1) + return PASSWORD_SUCCESS; // This is the good case: 1 row updated + } + } + + return PASSWORD_ERROR; +} + +?> |