robin.thoni
/
docker-roundcube-server
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 10 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 Commits
2 Branches
Tree: ad3f0fe5b1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ad3f0fe5b1'
${ noResults }
docker-roundcube-server/roundcube/roundcubemail-1.3.6/plugins/password/drivers/cpanel_webmail.php

cpanel_webmail.php 4.6KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148 
  1. <?php

  2. 

  3. /**

  4.  * cPanel Webmail Password Driver

  5.  *

  6.  * It uses Cpanel's Webmail UAPI to change the users password.

  7.  *

  8.  * This driver has been tested successfully with Digital Pacific hosting.

  9.  *

  10.  * @author Maikel Linke <maikel@email.org.au>

  11.  *

  12.  * Copyright (C) 2005-2016, The Roundcube Dev Team

  13.  *

  14.  * This program is free software: you can redistribute it and/or modify

  15.  * it under the terms of the GNU General Public License as published by

  16.  * the Free Software Foundation, either version 3 of the License, or

  17.  * (at your option) any later version.

  18.  *

  19.  * This program is distributed in the hope that it will be useful,

  20.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  21.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  22.  * GNU General Public License for more details.

  23.  *

  24.  * You should have received a copy of the GNU General Public License

  25.  * along with this program. If not, see http://www.gnu.org/licenses/.

  26.  */

  27. 

  28. class rcube_cpanel_webmail_password

  29. {

  30.     /**

  31.      * Changes the user's password. It is called by password.php.

  32.      * See "Driver API" README and password.php for the interface details.

  33.      *

  34.      * @param string $curpas  current (old) password

  35.      * @param string $newpass new requested password

  36.      *

  37.      * @return mixed int code or assoc array with 'code' and 'message', see

  38.      *                   "Driver API" README and password.php

  39.      */

  40.     public function save($curpas, $newpass)

  41.     {

  42.         $user    = $_SESSION['username'];

  43.         $userpwd = "$user:$curpas";

  44.         list($login) = explode('@', $user);

  45. 

  46.         $data = array(

  47.             'email'    => $login,

  48.             'password' => $newpass

  49.         );

  50. 

  51.         $url      = self::url();

  52.         $response = $this->curl_auth_post($userpwd, $url, $data);

  53. 

  54.         return self::decode_response($response);

  55.     }

  56. 

  57.     /**

  58.      * Provides the UAPI URL of the Email::passwd_pop function.

  59.      *

  60.      * @return string HTTPS URL

  61.      */

  62.     public static function url()

  63.     {

  64.         $config       = rcmail::get_instance()->config;

  65.         $storage_host = $_SESSION['storage_host'];

  66. 

  67.         $host = $config->get('password_cpanel_webmail_host', $storage_host);

  68.         $port = $config->get('password_cpanel_webmail_port', 2096);

  69. 

  70.         return "https://$host:$port/execute/Email/passwd_pop";

  71.     }

  72. 

  73.     /**

  74.      * Converts a UAPI response to a password driver response.

  75.      *

  76.      * @param string $response JSON response by the Cpanel UAPI

  77.      *

  78.      * @return mixed response code or array, see <code>save</code>

  79.      */

  80.     public static function decode_response($response)

  81.     {

  82.         if (!$response) {

  83.             return PASSWORD_CONNECT_ERROR;

  84.         }

  85. 

  86.         // $result should be `null` or `stdClass` object

  87.         $result = json_decode($response);

  88. 

  89.         // The UAPI may return HTML instead of JSON on missing authentication

  90.         if ($result && $result->status === 1) {

  91.             return PASSWORD_SUCCESS;

  92.         }

  93. 

  94.         if ($result && is_array($result->errors) && count($result->errors) > 0) {

  95.             return array(

  96.                 'code'    => PASSWORD_ERROR,

  97.                 'message' => $result->errors[0],

  98.             );

  99.         }

  100. 

  101.         return PASSWORD_ERROR;

  102.     }

  103. 

  104.     /**

  105.      * Post data to the given URL using basic authentication.

  106.      *

  107.      * Example:

  108.      *

  109.      * <code>

  110.      * curl_auth_post('john:Secr3t', 'https://example.org', array(

  111.      *     'param' => 'value',

  112.      *     'param' => 'value'

  113.      * ));

  114.      * </code>

  115.      *

  116.      * @param string $userpwd  user name and password separated by a colon

  117.      *                         <code>:</code>

  118.      * @param string $url      the URL to post data to

  119.      * @param array  $postdata the data to post

  120.      *

  121.      * @return string|false The body of the reply, False on error

  122.      */

  123.     private function curl_auth_post($userpwd, $url, $postdata)

  124.     {

  125.         $ch = curl_init();

  126.         $postfields = http_build_query($postdata, '', '&');

  127. 

  128.         // see http://php.net/manual/en/function.curl-setopt.php

  129.         curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

  130.         curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

  131.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

  132.         curl_setopt($ch, CURLOPT_BUFFERSIZE, 131072);

  133.         curl_setopt($ch, CURLOPT_URL, $url);

  134.         curl_setopt($ch, CURLOPT_POST, 1);

  135.         curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);

  136.         curl_setopt($ch, CURLOPT_USERPWD, $userpwd);

  137. 

  138.         $result = curl_exec($ch);

  139.         $error  = curl_error($ch);

  140.         curl_close($ch);

  141. 

  142.         if ($result === false) {

  143.             rcube::raise_error("curl error: $error", true, false);

  144.         }

  145. 

  146.         return $result;

  147.     }

  148. }