You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

password.php 24KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677
  1. <?php
  2. /**
  3. * Password Plugin for Roundcube
  4. *
  5. * @author Aleksander Machniak <alec@alec.pl>
  6. *
  7. * Copyright (C) 2005-2015, The Roundcube Dev Team
  8. *
  9. * This program is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU General Public License as published by
  11. * the Free Software Foundation, either version 3 of the License, or
  12. * (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU General Public License
  20. * along with this program. If not, see http://www.gnu.org/licenses/.
  21. */
  22. define('PASSWORD_CRYPT_ERROR', 1);
  23. define('PASSWORD_ERROR', 2);
  24. define('PASSWORD_CONNECT_ERROR', 3);
  25. define('PASSWORD_IN_HISTORY', 4);
  26. define('PASSWORD_CONSTRAINT_VIOLATION', 5);
  27. define('PASSWORD_SUCCESS', 0);
  28. /**
  29. * Change password plugin
  30. *
  31. * Plugin that adds functionality to change a users password.
  32. * It provides common functionality and user interface and supports
  33. * several backends to finally update the password.
  34. *
  35. * For installation and configuration instructions please read the README file.
  36. *
  37. * @author Aleksander Machniak
  38. */
  39. class password extends rcube_plugin
  40. {
  41. public $task = 'settings|login';
  42. public $noframe = true;
  43. public $noajax = true;
  44. private $newuser = false;
  45. function init()
  46. {
  47. $rcmail = rcmail::get_instance();
  48. $this->load_config();
  49. if ($rcmail->task == 'settings') {
  50. if (!$this->check_host_login_exceptions()) {
  51. return;
  52. }
  53. $this->add_texts('localization/');
  54. $this->add_hook('settings_actions', array($this, 'settings_actions'));
  55. $this->register_action('plugin.password', array($this, 'password_init'));
  56. $this->register_action('plugin.password-save', array($this, 'password_save'));
  57. }
  58. else if ($rcmail->config->get('password_force_new_user')) {
  59. $this->add_hook('user_create', array($this, 'user_create'));
  60. $this->add_hook('login_after', array($this, 'login_after'));
  61. }
  62. }
  63. function settings_actions($args)
  64. {
  65. // register as settings action
  66. $args['actions'][] = array(
  67. 'action' => 'plugin.password',
  68. 'class' => 'password',
  69. 'label' => 'password',
  70. 'title' => 'changepasswd',
  71. 'domain' => 'password',
  72. );
  73. return $args;
  74. }
  75. function password_init()
  76. {
  77. $this->register_handler('plugin.body', array($this, 'password_form'));
  78. $rcmail = rcmail::get_instance();
  79. $rcmail->output->set_pagetitle($this->gettext('changepasswd'));
  80. if (rcube_utils::get_input_value('_first', rcube_utils::INPUT_GET)) {
  81. $rcmail->output->command('display_message', $this->gettext('firstloginchange'), 'notice');
  82. }
  83. else if (!empty($_SESSION['password_expires'])) {
  84. if ($_SESSION['password_expires'] == 1) {
  85. $rcmail->output->command('display_message', $this->gettext('passwdexpired'), 'error');
  86. }
  87. else {
  88. $rcmail->output->command('display_message', $this->gettext(array(
  89. 'name' => 'passwdexpirewarning',
  90. 'vars' => array('expirationdatetime' => $_SESSION['password_expires'])
  91. )), 'warning');
  92. }
  93. }
  94. $rcmail->output->send('plugin');
  95. }
  96. function password_save()
  97. {
  98. $this->register_handler('plugin.body', array($this, 'password_form'));
  99. $rcmail = rcmail::get_instance();
  100. $rcmail->output->set_pagetitle($this->gettext('changepasswd'));
  101. $form_disabled = $rcmail->config->get('password_disabled');
  102. $confirm = $rcmail->config->get('password_confirm_current');
  103. $required_length = intval($rcmail->config->get('password_minimum_length'));
  104. $check_strength = $rcmail->config->get('password_require_nonalpha');
  105. if (($confirm && !isset($_POST['_curpasswd'])) || !isset($_POST['_newpasswd'])) {
  106. $rcmail->output->command('display_message', $this->gettext('nopassword'), 'error');
  107. }
  108. else {
  109. $charset = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1'));
  110. $rc_charset = strtoupper($rcmail->output->get_charset());
  111. $sespwd = $rcmail->decrypt($_SESSION['password']);
  112. $curpwd = $confirm ? rcube_utils::get_input_value('_curpasswd', rcube_utils::INPUT_POST, true, $charset) : $sespwd;
  113. $newpwd = rcube_utils::get_input_value('_newpasswd', rcube_utils::INPUT_POST, true);
  114. $conpwd = rcube_utils::get_input_value('_confpasswd', rcube_utils::INPUT_POST, true);
  115. // check allowed characters according to the configured 'password_charset' option
  116. // by converting the password entered by the user to this charset and back to UTF-8
  117. $orig_pwd = $newpwd;
  118. $chk_pwd = rcube_charset::convert($orig_pwd, $rc_charset, $charset);
  119. $chk_pwd = rcube_charset::convert($chk_pwd, $charset, $rc_charset);
  120. // WARNING: Default password_charset is ISO-8859-1, so conversion will
  121. // change national characters. This may disable possibility of using
  122. // the same password in other MUA's.
  123. // We're doing this for consistence with Roundcube core
  124. $newpwd = rcube_charset::convert($newpwd, $rc_charset, $charset);
  125. $conpwd = rcube_charset::convert($conpwd, $rc_charset, $charset);
  126. if ($chk_pwd != $orig_pwd) {
  127. $rcmail->output->command('display_message', $this->gettext('passwordforbidden'), 'error');
  128. }
  129. // other passwords validity checks
  130. else if ($conpwd != $newpwd) {
  131. $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error');
  132. }
  133. else if ($confirm && $sespwd != $curpwd) {
  134. $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
  135. }
  136. else if ($required_length && strlen($newpwd) < $required_length) {
  137. $rcmail->output->command('display_message', $this->gettext(
  138. array('name' => 'passwordshort', 'vars' => array('length' => $required_length))), 'error');
  139. }
  140. else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) {
  141. $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error');
  142. }
  143. // password is the same as the old one, warn user, return error
  144. else if ($sespwd == $newpwd && !$rcmail->config->get('password_force_save')) {
  145. $rcmail->output->command('display_message', $this->gettext('samepasswd'), 'error');
  146. }
  147. // try to save the password
  148. else if (!($res = $this->_save($curpwd, $newpwd))) {
  149. $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
  150. // allow additional actions after password change (e.g. reset some backends)
  151. $plugin = $rcmail->plugins->exec_hook('password_change', array(
  152. 'old_pass' => $curpwd, 'new_pass' => $newpwd));
  153. // Reset session password
  154. $_SESSION['password'] = $rcmail->encrypt($plugin['new_pass']);
  155. // Log password change
  156. if ($rcmail->config->get('password_log')) {
  157. rcube::write_log('password', sprintf('Password changed for user %s (ID: %d) from %s',
  158. $rcmail->get_user_name(), $rcmail->user->ID, rcube_utils::remote_ip()));
  159. }
  160. // Remove expiration date/time
  161. $rcmail->session->remove('password_expires');
  162. }
  163. else {
  164. $rcmail->output->command('display_message', $res, 'error');
  165. }
  166. }
  167. $rcmail->overwrite_action('plugin.password');
  168. $rcmail->output->send('plugin');
  169. }
  170. function password_form()
  171. {
  172. $rcmail = rcmail::get_instance();
  173. // add some labels to client
  174. $rcmail->output->add_label(
  175. 'password.nopassword',
  176. 'password.nocurpassword',
  177. 'password.passwordinconsistency'
  178. );
  179. $form_disabled = $rcmail->config->get('password_disabled');
  180. $rcmail->output->set_env('product_name', $rcmail->config->get('product_name'));
  181. $rcmail->output->set_env('password_disabled', !empty($form_disabled));
  182. $table = new html_table(array('cols' => 2));
  183. if ($rcmail->config->get('password_confirm_current')) {
  184. // show current password selection
  185. $field_id = 'curpasswd';
  186. $input_curpasswd = new html_passwordfield(array(
  187. 'name' => '_curpasswd',
  188. 'id' => $field_id,
  189. 'size' => 20,
  190. 'autocomplete' => 'off',
  191. ));
  192. $table->add('title', html::label($field_id, rcube::Q($this->gettext('curpasswd'))));
  193. $table->add(null, $input_curpasswd->show());
  194. }
  195. // show new password selection
  196. $field_id = 'newpasswd';
  197. $input_newpasswd = new html_passwordfield(array(
  198. 'name' => '_newpasswd',
  199. 'id' => $field_id,
  200. 'size' => 20,
  201. 'autocomplete' => 'off',
  202. ));
  203. $table->add('title', html::label($field_id, rcube::Q($this->gettext('newpasswd'))));
  204. $table->add(null, $input_newpasswd->show());
  205. // show confirm password selection
  206. $field_id = 'confpasswd';
  207. $input_confpasswd = new html_passwordfield(array(
  208. 'name' => '_confpasswd',
  209. 'id' => $field_id,
  210. 'size' => 20,
  211. 'autocomplete' => 'off',
  212. ));
  213. $table->add('title', html::label($field_id, rcube::Q($this->gettext('confpasswd'))));
  214. $table->add(null, $input_confpasswd->show());
  215. $rules = '';
  216. $required_length = intval($rcmail->config->get('password_minimum_length'));
  217. if ($required_length > 0) {
  218. $rules .= html::tag('li', array('id' => 'required-length'), $this->gettext(array(
  219. 'name' => 'passwordshort',
  220. 'vars' => array('length' => $required_length)
  221. )));
  222. }
  223. if ($rcmail->config->get('password_require_nonalpha')) {
  224. $rules .= html::tag('li', array('id' => 'require-nonalpha'), $this->gettext('passwordweak'));
  225. }
  226. if (!empty($rules)) {
  227. $rules = html::tag('ul', array('id' => 'ruleslist'), $rules);
  228. }
  229. $disabled_msg = '';
  230. if ($form_disabled) {
  231. $disabled_msg = is_string($form_disabled) ? $form_disabled : $this->gettext('disablednotice');
  232. $disabled_msg = html::div(array('class' => 'boxwarning', 'id' => 'password-notice'), $disabled_msg);
  233. }
  234. $submit_button = $rcmail->output->button(array(
  235. 'command' => 'plugin.password-save',
  236. 'type' => 'input',
  237. 'class' => 'button mainaction',
  238. 'label' => 'save',
  239. ));
  240. $form_buttons = html::p(array('class' => 'formbuttons'), $submit_button);
  241. $out = html::div(array('class' => 'box'),
  242. html::div(array('id' => 'prefs-title', 'class' => 'boxtitle'), $this->gettext('changepasswd'))
  243. . html::div(array('class' => 'boxcontent'),
  244. $disabled_msg . $table->show() . $rules . $form_buttons));
  245. $rcmail->output->add_gui_object('passform', 'password-form');
  246. $this->include_script('password.js');
  247. return $rcmail->output->form_tag(array(
  248. 'id' => 'password-form',
  249. 'name' => 'password-form',
  250. 'method' => 'post',
  251. 'action' => './?_task=settings&_action=plugin.password-save',
  252. ), $out);
  253. }
  254. private function _save($curpass, $passwd)
  255. {
  256. $config = rcmail::get_instance()->config;
  257. $driver = $config->get('password_driver', 'sql');
  258. $class = "rcube_{$driver}_password";
  259. $file = $this->home . "/drivers/$driver.php";
  260. if (!file_exists($file)) {
  261. rcube::raise_error(array(
  262. 'code' => 600,
  263. 'type' => 'php',
  264. 'file' => __FILE__, 'line' => __LINE__,
  265. 'message' => "Password plugin: Unable to open driver file ($file)"
  266. ), true, false);
  267. return $this->gettext('internalerror');
  268. }
  269. include_once $file;
  270. if (!class_exists($class, false) || !method_exists($class, 'save')) {
  271. rcube::raise_error(array(
  272. 'code' => 600,
  273. 'type' => 'php',
  274. 'file' => __FILE__, 'line' => __LINE__,
  275. 'message' => "Password plugin: Broken driver $driver"
  276. ), true, false);
  277. return $this->gettext('internalerror');
  278. }
  279. $object = new $class;
  280. $result = $object->save($curpass, $passwd);
  281. $message = '';
  282. if (is_array($result)) {
  283. $message = $result['message'];
  284. $result = $result['code'];
  285. }
  286. switch ($result) {
  287. case PASSWORD_SUCCESS:
  288. return;
  289. case PASSWORD_CRYPT_ERROR:
  290. $reason = $this->gettext('crypterror');
  291. break;
  292. case PASSWORD_CONNECT_ERROR:
  293. $reason = $this->gettext('connecterror');
  294. break;
  295. case PASSWORD_IN_HISTORY:
  296. $reason = $this->gettext('passwdinhistory');
  297. break;
  298. case PASSWORD_CONSTRAINT_VIOLATION:
  299. $reason = $this->gettext('passwdconstraintviolation');
  300. break;
  301. case PASSWORD_ERROR:
  302. default:
  303. $reason = $this->gettext('internalerror');
  304. }
  305. if ($message) {
  306. $reason .= ' ' . $message;
  307. }
  308. return $reason;
  309. }
  310. function user_create($args)
  311. {
  312. $this->newuser = true;
  313. return $args;
  314. }
  315. function login_after($args)
  316. {
  317. if ($this->newuser && $this->check_host_login_exceptions()) {
  318. $args['_task'] = 'settings';
  319. $args['_action'] = 'plugin.password';
  320. $args['_first'] = 'true';
  321. }
  322. return $args;
  323. }
  324. // Check if host and login is allowed to change the password, false = not allowed, true = not allowed
  325. private function check_host_login_exceptions()
  326. {
  327. $rcmail = rcmail::get_instance();
  328. // Host exceptions
  329. $hosts = $rcmail->config->get('password_hosts');
  330. if (!empty($hosts) && !in_array($_SESSION['storage_host'], (array) $hosts)) {
  331. return false;
  332. }
  333. // Login exceptions
  334. if ($exceptions = $rcmail->config->get('password_login_exceptions')) {
  335. $exceptions = array_map('trim', (array) $exceptions);
  336. $exceptions = array_filter($exceptions);
  337. $username = $_SESSION['username'];
  338. foreach ($exceptions as $ec) {
  339. if ($username === $ec) {
  340. return false;
  341. }
  342. }
  343. }
  344. return true;
  345. }
  346. /**
  347. * Hashes a password and returns the hash based on the specified method
  348. *
  349. * Parts of the code originally from the phpLDAPadmin development team
  350. * http://phpldapadmin.sourceforge.net/
  351. *
  352. * @param string Clear password
  353. * @param string Hashing method
  354. * @param bool|string Prefix string or TRUE to add a default prefix
  355. *
  356. * @return string Hashed password
  357. */
  358. static function hash_password($password, $method = '', $prefixed = true)
  359. {
  360. $method = strtolower($method);
  361. $rcmail = rcmail::get_instance();
  362. $prefix = '';
  363. $crypted = '';
  364. $default = false;
  365. if (empty($method) || $method == 'default') {
  366. $method = $rcmail->config->get('password_algorithm');
  367. $prefixed = $rcmail->config->get('password_algorithm_prefix');
  368. $default = true;
  369. }
  370. else if ($method == 'crypt') { // deprecated
  371. if (!($method = $rcmail->config->get('password_crypt_hash'))) {
  372. $method = 'md5';
  373. }
  374. if (!strpos($method, '-crypt')) {
  375. $method .= '-crypt';
  376. }
  377. }
  378. switch ($method) {
  379. case 'des':
  380. case 'des-crypt':
  381. $crypted = crypt($password, rcube_utils::random_bytes(2));
  382. $prefix = '{CRYPT}';
  383. break;
  384. case 'ext_des': // for BC
  385. case 'ext-des-crypt':
  386. $crypted = crypt($password, '_' . rcube_utils::random_bytes(8));
  387. $prefix = '{CRYPT}';
  388. break;
  389. case 'md5crypt': // for BC
  390. case 'md5-crypt':
  391. $crypted = crypt($password, '$1$' . rcube_utils::random_bytes(9));
  392. $prefix = '{CRYPT}';
  393. break;
  394. case 'sha256-crypt':
  395. $rounds = (int) $rcmail->config->get('password_crypt_rounds');
  396. $prefix = '$5$';
  397. if ($rounds > 1000) {
  398. $prefix .= 'rounds=' . $rounds . '$';
  399. }
  400. $crypted = crypt($password, $prefix . rcube_utils::random_bytes(16));
  401. $prefix = '{CRYPT}';
  402. break;
  403. case 'sha512-crypt':
  404. $rounds = (int) $rcmail->config->get('password_crypt_rounds');
  405. $prefix = '$6$';
  406. if ($rounds > 1000) {
  407. $prefix .= 'rounds=' . $rounds . '$';
  408. }
  409. $crypted = crypt($password, $prefix . rcube_utils::random_bytes(16));
  410. $prefix = '{CRYPT}';
  411. break;
  412. case 'blowfish': // for BC
  413. case 'blowfish-crypt':
  414. $cost = (int) $rcmail->config->get('password_blowfish_cost');
  415. $cost = $cost < 4 || $cost > 31 ? 12 : $cost;
  416. $prefix = sprintf('$2a$%02d$', $cost);
  417. $crypted = crypt($password, $prefix . rcube_utils::random_bytes(22));
  418. $prefix = '{CRYPT}';
  419. break;
  420. case 'md5':
  421. $crypted = base64_encode(pack('H*', md5($password)));
  422. $prefix = '{MD5}';
  423. break;
  424. case 'sha':
  425. if (function_exists('sha1')) {
  426. $crypted = pack('H*', sha1($password));
  427. }
  428. else if (function_exists('hash')) {
  429. $crypted = hash('sha1', $password, true);
  430. }
  431. else if (function_exists('mhash')) {
  432. $crypted = mhash(MHASH_SHA1, $password);
  433. }
  434. else {
  435. rcube::raise_error(array(
  436. 'code' => 600, 'file' => __FILE__, 'line' => __LINE__,
  437. 'message' => "Password plugin: Your PHP install does not have the mhash()/hash() nor sha1() function"
  438. ), true, true);
  439. }
  440. $crypted = base64_encode($crypted);
  441. $prefix = '{SHA}';
  442. break;
  443. case 'ssha':
  444. $salt = rcube_utils::random_bytes(8);
  445. if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
  446. $salt = mhash_keygen_s2k(MHASH_SHA1, $password, $salt, 4);
  447. $crypted = mhash(MHASH_SHA1, $password . $salt);
  448. }
  449. else if (function_exists('sha1')) {
  450. $salt = substr(pack("H*", sha1($salt . $password)), 0, 4);
  451. $crypted = sha1($password . $salt, true);
  452. }
  453. else if (function_exists('hash')) {
  454. $salt = substr(pack("H*", hash('sha1', $salt . $password)), 0, 4);
  455. $crypted = hash('sha1', $password . $salt, true);
  456. }
  457. else {
  458. rcube::raise_error(array(
  459. 'code' => 600, 'file' => __FILE__, 'line' => __LINE__,
  460. 'message' => "Password plugin: Your PHP install does not have the mhash()/hash() nor sha1() function"
  461. ), true, true);
  462. }
  463. $crypted = base64_encode($crypted . $salt);
  464. $prefix = '{SSHA}';
  465. break;
  466. case 'smd5':
  467. $salt = rcube_utils::random_bytes(8);
  468. if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
  469. $salt = mhash_keygen_s2k(MHASH_MD5, $password, $salt, 4);
  470. $crypted = mhash(MHASH_MD5, $password . $salt);
  471. }
  472. else if (function_exists('hash')) {
  473. $salt = substr(pack("H*", hash('md5', $salt . $password)), 0, 4);
  474. $crypted = hash('md5', $password . $salt, true);
  475. }
  476. else {
  477. $salt = substr(pack("H*", md5($salt . $password)), 0, 4);
  478. $crypted = md5($password . $salt, true);
  479. }
  480. $crypted = base64_encode($crypted . $salt);
  481. $prefix = '{SMD5}';
  482. break;
  483. case 'samba':
  484. if (function_exists('hash')) {
  485. $crypted = hash('md4', rcube_charset::convert($password, RCUBE_CHARSET, 'UTF-16LE'));
  486. $crypted = strtoupper($crypted);
  487. }
  488. else {
  489. rcube::raise_error(array(
  490. 'code' => 600, 'file' => __FILE__, 'line' => __LINE__,
  491. 'message' => "Password plugin: Your PHP install does not have hash() function"
  492. ), true, true);
  493. }
  494. break;
  495. case 'ad':
  496. $crypted = rcube_charset::convert('"' . $password . '"', RCUBE_CHARSET, 'UTF-16LE');
  497. break;
  498. case 'cram-md5': // deprecated
  499. require_once __DIR__ . '/../helpers/dovecot_hmacmd5.php';
  500. $crypted = dovecot_hmacmd5($password);
  501. $prefix = '{CRAM-MD5}';
  502. break;
  503. case 'dovecot':
  504. if (!($dovecotpw = $rcmail->config->get('password_dovecotpw'))) {
  505. $dovecotpw = 'dovecotpw';
  506. }
  507. if (!($method = $rcmail->config->get('password_dovecotpw_method'))) {
  508. $method = 'CRAM-MD5';
  509. }
  510. $spec = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('file', '/dev/null', 'a'));
  511. $pipe = proc_open("$dovecotpw -s '$method'", $spec, $pipes);
  512. if (!is_resource($pipe)) {
  513. return false;
  514. }
  515. fwrite($pipes[0], $password . "\n", 1+strlen($password));
  516. usleep(1000);
  517. fwrite($pipes[0], $password . "\n", 1+strlen($password));
  518. $crypted = trim(stream_get_contents($pipes[1]), "\n");
  519. fclose($pipes[0]);
  520. fclose($pipes[1]);
  521. proc_close($pipe);
  522. if (!preg_match('/^\{' . $method . '\}/', $crypted)) {
  523. return false;
  524. }
  525. if (!$default) {
  526. $prefixed = (bool) $rcmail->config->get('password_dovecotpw_with_method');
  527. }
  528. if (!$prefixed) {
  529. $crypted = trim(str_replace('{' . $method . '}', '', $crypted));
  530. }
  531. $prefixed = false;
  532. break;
  533. case 'hash': // deprecated
  534. if (!extension_loaded('hash')) {
  535. rcube::raise_error(array(
  536. 'code' => 600, 'file' => __FILE__, 'line' => __LINE__,
  537. 'message' => "Password plugin: 'hash' extension not loaded!"
  538. ), true, true);
  539. }
  540. if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) {
  541. $hash_algo = 'sha1';
  542. }
  543. $crypted = hash($hash_algo, $password);
  544. if ($rcmail->config->get('password_hash_base64')) {
  545. $crypted = base64_encode(pack('H*', $crypted));
  546. }
  547. break;
  548. case 'clear':
  549. $crypted = $password;
  550. }
  551. if ($crypted === null || $crypted === false) {
  552. return false;
  553. }
  554. if ($prefixed && $prefixed !== true) {
  555. $prefix = $prefixed;
  556. $prefixed = true;
  557. }
  558. if ($prefixed === true && $prefix) {
  559. $crypted = $prefix . $crypted;
  560. }
  561. return $crypted;
  562. }
  563. }