|
0
|
1 <?php
|
|
|
2
|
|
|
3 /**
|
|
|
4 * cPanel Webmail Password Driver
|
|
|
5 *
|
|
|
6 * It uses Cpanel's Webmail UAPI to change the users password.
|
|
|
7 *
|
|
|
8 * This driver has been tested successfully with Digital Pacific hosting.
|
|
|
9 *
|
|
|
10 * @author Maikel Linke <maikel@email.org.au>
|
|
|
11 *
|
|
|
12 * Copyright (C) 2005-2016, The Roundcube Dev Team
|
|
|
13 *
|
|
|
14 * This program is free software: you can redistribute it and/or modify
|
|
|
15 * it under the terms of the GNU General Public License as published by
|
|
|
16 * the Free Software Foundation, either version 3 of the License, or
|
|
|
17 * (at your option) any later version.
|
|
|
18 *
|
|
|
19 * This program is distributed in the hope that it will be useful,
|
|
|
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
22 * GNU General Public License for more details.
|
|
|
23 *
|
|
|
24 * You should have received a copy of the GNU General Public License
|
|
|
25 * along with this program. If not, see http://www.gnu.org/licenses/.
|
|
|
26 */
|
|
|
27
|
|
|
28 class rcube_cpanel_webmail_password
|
|
|
29 {
|
|
|
30 /**
|
|
|
31 * Changes the user's password. It is called by password.php.
|
|
|
32 * See "Driver API" README and password.php for the interface details.
|
|
|
33 *
|
|
|
34 * @param string $curpas current (old) password
|
|
|
35 * @param string $newpass new requested password
|
|
|
36 *
|
|
|
37 * @return mixed int code or assoc array with 'code' and 'message', see
|
|
|
38 * "Driver API" README and password.php
|
|
|
39 */
|
|
|
40 public function save($curpas, $newpass)
|
|
|
41 {
|
|
|
42 $user = $_SESSION['username'];
|
|
|
43 $userpwd = "$user:$curpas";
|
|
|
44 list($login) = explode('@', $user);
|
|
|
45
|
|
|
46 $data = array(
|
|
|
47 'email' => $login,
|
|
|
48 'password' => $newpass
|
|
|
49 );
|
|
|
50
|
|
|
51 $url = self::url();
|
|
|
52 $response = $this->curl_auth_post($userpwd, $url, $data);
|
|
|
53
|
|
|
54 return self::decode_response($response);
|
|
|
55 }
|
|
|
56
|
|
|
57 /**
|
|
|
58 * Provides the UAPI URL of the Email::passwd_pop function.
|
|
|
59 *
|
|
|
60 * @return string HTTPS URL
|
|
|
61 */
|
|
|
62 public static function url()
|
|
|
63 {
|
|
|
64 $config = rcmail::get_instance()->config;
|
|
|
65 $storage_host = $_SESSION['storage_host'];
|
|
|
66
|
|
|
67 $host = $config->get('password_cpanel_webmail_host', $storage_host);
|
|
|
68 $port = $config->get('password_cpanel_webmail_port', 2096);
|
|
|
69
|
|
|
70 return "https://$host:$port/execute/Email/passwd_pop";
|
|
|
71 }
|
|
|
72
|
|
|
73 /**
|
|
|
74 * Converts a UAPI response to a password driver response.
|
|
|
75 *
|
|
|
76 * @param string $response JSON response by the Cpanel UAPI
|
|
|
77 *
|
|
|
78 * @return mixed response code or array, see <code>save</code>
|
|
|
79 */
|
|
|
80 public static function decode_response($response)
|
|
|
81 {
|
|
|
82 if (!$response) {
|
|
|
83 return PASSWORD_CONNECT_ERROR;
|
|
|
84 }
|
|
|
85
|
|
|
86 // $result should be `null` or `stdClass` object
|
|
|
87 $result = json_decode($response);
|
|
|
88
|
|
|
89 // The UAPI may return HTML instead of JSON on missing authentication
|
|
|
90 if ($result && $result->status === 1) {
|
|
|
91 return PASSWORD_SUCCESS;
|
|
|
92 }
|
|
|
93
|
|
|
94 if ($result && is_array($result->errors) && count($result->errors) > 0) {
|
|
|
95 return array(
|
|
|
96 'code' => PASSWORD_ERROR,
|
|
|
97 'message' => $result->errors[0],
|
|
|
98 );
|
|
|
99 }
|
|
|
100
|
|
|
101 return PASSWORD_ERROR;
|
|
|
102 }
|
|
|
103
|
|
|
104 /**
|
|
|
105 * Post data to the given URL using basic authentication.
|
|
|
106 *
|
|
|
107 * Example:
|
|
|
108 *
|
|
|
109 * <code>
|
|
|
110 * curl_auth_post('john:Secr3t', 'https://example.org', array(
|
|
|
111 * 'param' => 'value',
|
|
|
112 * 'param' => 'value'
|
|
|
113 * ));
|
|
|
114 * </code>
|
|
|
115 *
|
|
|
116 * @param string $userpwd user name and password separated by a colon
|
|
|
117 * <code>:</code>
|
|
|
118 * @param string $url the URL to post data to
|
|
|
119 * @param array $postdata the data to post
|
|
|
120 *
|
|
|
121 * @return string|false The body of the reply, False on error
|
|
|
122 */
|
|
|
123 private function curl_auth_post($userpwd, $url, $postdata)
|
|
|
124 {
|
|
|
125 $ch = curl_init();
|
|
|
126 $postfields = http_build_query($postdata, '', '&');
|
|
|
127
|
|
|
128 // see http://php.net/manual/en/function.curl-setopt.php
|
|
|
129 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
|
|
|
130 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
|
|
|
131 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
|
|
132 curl_setopt($ch, CURLOPT_BUFFERSIZE, 131072);
|
|
|
133 curl_setopt($ch, CURLOPT_URL, $url);
|
|
|
134 curl_setopt($ch, CURLOPT_POST, 1);
|
|
|
135 curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
|
|
|
136 curl_setopt($ch, CURLOPT_USERPWD, $userpwd);
|
|
|
137
|
|
|
138 $result = curl_exec($ch);
|
|
|
139 $error = curl_error($ch);
|
|
|
140 curl_close($ch);
|
|
|
141
|
|
|
142 if ($result === false) {
|
|
|
143 rcube::raise_error("curl error: $error", true, false);
|
|
|
144 }
|
|
|
145
|
|
|
146 return $result;
|
|
|
147 }
|
|
|
148 }
|
