Mercurial > hg > rc1
comparison plugins/password/drivers/cpanel_webmail.php @ 0:1e000243b222
vanilla 1.3.3 distro, I hope
| author | Charlie Root |
|---|---|
| date | Thu, 04 Jan 2018 15:50:29 -0500 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:1e000243b222 |
|---|---|
| 1 <?php | |
| 2 | |
| 3 /** | |
| 4 * cPanel Webmail Password Driver | |
| 5 * | |
| 6 * It uses Cpanel's Webmail UAPI to change the users password. | |
| 7 * | |
| 8 * This driver has been tested successfully with Digital Pacific hosting. | |
| 9 * | |
| 10 * @author Maikel Linke <maikel@email.org.au> | |
| 11 * | |
| 12 * Copyright (C) 2005-2016, The Roundcube Dev Team | |
| 13 * | |
| 14 * This program is free software: you can redistribute it and/or modify | |
| 15 * it under the terms of the GNU General Public License as published by | |
| 16 * the Free Software Foundation, either version 3 of the License, or | |
| 17 * (at your option) any later version. | |
| 18 * | |
| 19 * This program is distributed in the hope that it will be useful, | |
| 20 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 22 * GNU General Public License for more details. | |
| 23 * | |
| 24 * You should have received a copy of the GNU General Public License | |
| 25 * along with this program. If not, see http://www.gnu.org/licenses/. | |
| 26 */ | |
| 27 | |
| 28 class rcube_cpanel_webmail_password | |
| 29 { | |
| 30 /** | |
| 31 * Changes the user's password. It is called by password.php. | |
| 32 * See "Driver API" README and password.php for the interface details. | |
| 33 * | |
| 34 * @param string $curpas current (old) password | |
| 35 * @param string $newpass new requested password | |
| 36 * | |
| 37 * @return mixed int code or assoc array with 'code' and 'message', see | |
| 38 * "Driver API" README and password.php | |
| 39 */ | |
| 40 public function save($curpas, $newpass) | |
| 41 { | |
| 42 $user = $_SESSION['username']; | |
| 43 $userpwd = "$user:$curpas"; | |
| 44 list($login) = explode('@', $user); | |
| 45 | |
| 46 $data = array( | |
| 47 'email' => $login, | |
| 48 'password' => $newpass | |
| 49 ); | |
| 50 | |
| 51 $url = self::url(); | |
| 52 $response = $this->curl_auth_post($userpwd, $url, $data); | |
| 53 | |
| 54 return self::decode_response($response); | |
| 55 } | |
| 56 | |
| 57 /** | |
| 58 * Provides the UAPI URL of the Email::passwd_pop function. | |
| 59 * | |
| 60 * @return string HTTPS URL | |
| 61 */ | |
| 62 public static function url() | |
| 63 { | |
| 64 $config = rcmail::get_instance()->config; | |
| 65 $storage_host = $_SESSION['storage_host']; | |
| 66 | |
| 67 $host = $config->get('password_cpanel_webmail_host', $storage_host); | |
| 68 $port = $config->get('password_cpanel_webmail_port', 2096); | |
| 69 | |
| 70 return "https://$host:$port/execute/Email/passwd_pop"; | |
| 71 } | |
| 72 | |
| 73 /** | |
| 74 * Converts a UAPI response to a password driver response. | |
| 75 * | |
| 76 * @param string $response JSON response by the Cpanel UAPI | |
| 77 * | |
| 78 * @return mixed response code or array, see <code>save</code> | |
| 79 */ | |
| 80 public static function decode_response($response) | |
| 81 { | |
| 82 if (!$response) { | |
| 83 return PASSWORD_CONNECT_ERROR; | |
| 84 } | |
| 85 | |
| 86 // $result should be `null` or `stdClass` object | |
| 87 $result = json_decode($response); | |
| 88 | |
| 89 // The UAPI may return HTML instead of JSON on missing authentication | |
| 90 if ($result && $result->status === 1) { | |
| 91 return PASSWORD_SUCCESS; | |
| 92 } | |
| 93 | |
| 94 if ($result && is_array($result->errors) && count($result->errors) > 0) { | |
| 95 return array( | |
| 96 'code' => PASSWORD_ERROR, | |
| 97 'message' => $result->errors[0], | |
| 98 ); | |
| 99 } | |
| 100 | |
| 101 return PASSWORD_ERROR; | |
| 102 } | |
| 103 | |
| 104 /** | |
| 105 * Post data to the given URL using basic authentication. | |
| 106 * | |
| 107 * Example: | |
| 108 * | |
| 109 * <code> | |
| 110 * curl_auth_post('john:Secr3t', 'https://example.org', array( | |
| 111 * 'param' => 'value', | |
| 112 * 'param' => 'value' | |
| 113 * )); | |
| 114 * </code> | |
| 115 * | |
| 116 * @param string $userpwd user name and password separated by a colon | |
| 117 * <code>:</code> | |
| 118 * @param string $url the URL to post data to | |
| 119 * @param array $postdata the data to post | |
| 120 * | |
| 121 * @return string|false The body of the reply, False on error | |
| 122 */ | |
| 123 private function curl_auth_post($userpwd, $url, $postdata) | |
| 124 { | |
| 125 $ch = curl_init(); | |
| 126 $postfields = http_build_query($postdata, '', '&'); | |
| 127 | |
| 128 // see http://php.net/manual/en/function.curl-setopt.php | |
| 129 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); | |
| 130 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); | |
| 131 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
| 132 curl_setopt($ch, CURLOPT_BUFFERSIZE, 131072); | |
| 133 curl_setopt($ch, CURLOPT_URL, $url); | |
| 134 curl_setopt($ch, CURLOPT_POST, 1); | |
| 135 curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); | |
| 136 curl_setopt($ch, CURLOPT_USERPWD, $userpwd); | |
| 137 | |
| 138 $result = curl_exec($ch); | |
| 139 $error = curl_error($ch); | |
| 140 curl_close($ch); | |
| 141 | |
| 142 if ($result === false) { | |
| 143 rcube::raise_error("curl error: $error", true, false); | |
| 144 } | |
| 145 | |
| 146 return $result; | |
| 147 } | |
| 148 } |