SHARE
TWEET

Ovidiu

a guest May 22nd, 2009 854 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. /**
  4.   * SquirrelMail Change SQL Password Plugin
  5.   * Copyright (C) 2001-2002 Tyler Akins
  6.   *               2002 Thijs Kinkhorst <kink@users.sourceforge.net>
  7.   *               2002-2005 Paul Lesneiwski <paul@openguild.net>
  8.   * This program is licensed under GPL. See COPYING for details
  9.   *
  10.   * @package plugins
  11.   * @subpackage Change SQL Password
  12.   *
  13.   */
  14.  
  15.  
  16.    // Global Variables, don't touch these unless you want to break the plugin
  17.    //
  18.    global $csp_dsn, $password_update_queries, $lookup_password_query,
  19.           $force_change_password_check_query, $password_encryption,
  20.           $csp_salt_query, $csp_salt_static, $csp_secure_port,
  21.           $csp_non_standard_http_port, $csp_delimiter, $csp_debug,
  22.           $min_password_length, $max_password_length, $include_digit_in_password,
  23.           $include_uppercase_letter_in_password, $include_lowercase_letter_in_password,
  24.           $include_nonalphanumeric_in_password;
  25.  
  26.  
  27.  
  28.    // csp_dsn
  29.    //
  30.    // Theoretically, any SQL database supported by Pear should be supported
  31.    // here.  The DSN (data source name) must contain the information needed
  32.    // to connect to your database backend. A MySQL example is included below.
  33.    // For more details about DSN syntax and list of supported database types,
  34.    // please see:
  35.    //   http://pear.php.net/manual/en/package.database.db.intro-dsn.php
  36.    //
  37.    $csp_dsn = 'mysql://user:password@localhost/email_users';
  38.  
  39.  
  40.  
  41.    // lookup_password_query
  42.    //
  43.    // This plugin will always verify the user's old password
  44.    // against their login password, but an extra check can also
  45.    // be done against the database for more security if you
  46.    // desire.  If you do not need the extra password check,
  47.    // make sure this setting is empty.
  48.    //
  49.    // This is a query that returns a positive value if a user
  50.    // and password pair are found in the database.
  51.    //
  52.    // This query should return one value (one row, one column), the
  53.    // value being ideally a one or a zero, simply indicating that
  54.    // the user/password pair does in fact exist in the database.
  55.    //
  56.    //   %1 in this query will be replaced with the full username
  57.    //      (including domain), such as "jose@example.com"
  58.    //   %2 in this query will be replaced with the username (without
  59.    //      any domain portion), such as "jose"
  60.    //   %3 in this query will be replaced with the domain name,
  61.    //      such as "example.com"
  62.    //   %4 in this query will be replaced with the current (old)
  63.    //      password in whatever encryption format is needed per other
  64.    //      plugin configuration settings (Note that the syntax of
  65.    //      the password will be provided depending on your encryption
  66.    //      choices, so you NEVER need to provide quotes around this
  67.    //      value in the query here.)
  68.    //   %5 in this query will be replaced with the current (old)
  69.    //      password in unencrypted plain text.  If you do not use any
  70.    //      password encryption, %4 and %5 will be the same values,
  71.    //      except %4 will have double quotes around it and %5 will not.
  72.    //
  73.    //$lookup_password_query = '';
  74.    // TERRIBLE SECURITY: $lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" AND plain_password = "%5"';
  75.    $lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" AND crypt_password = %4';
  76.  
  77.  
  78.  
  79.    // password_update_queries
  80.    //
  81.    // An array of SQL queries that will all be executed
  82.    // whenever a password change attempt is made.
  83.    //
  84.    // Any number of queries may be included here.
  85.    // The queries will be executed in the order given here.
  86.    //
  87.    //   %1 in all queries will be replaced with the full username
  88.    //      (including domain), such as "jose@example.com"
  89.    //   %2 in all queries will be replaced with the username (without
  90.    //      any domain portion), such as "jose"
  91.    //   %3 in all queries will be replaced with the domain name,
  92.    //      such as "example.com"
  93.    //   %4 in all queries will be replaced with the new password
  94.    //      in whatever encryption format is needed per other
  95.    //      plugin configuration settings (Note that the syntax of
  96.    //      the password will be provided depending on your
  97.    //      encryption choices, so you NEVER need to provide quotes
  98.    //      around this value in the queries here.)
  99.    //   %5 in all queries will be replaced with the new password
  100.    //      in unencrypted plain text - BEWARE!  If you do not use
  101.    //      any password encryption, %4 and %5 will be the same
  102.    //      values, except %4 will have double quotes around it
  103.    //      and %5 will not.
  104.    //
  105.    $password_update_queries = array(
  106.             'UPDATE users SET crypt_password = %4 WHERE username = "%1"',
  107. //            'UPDATE user_flags SET force_change_pwd = 0 WHERE username = "%1"',
  108. //            'UPDATE users SET crypt_password = %4, force_change_pwd = 0 WHERE username = "%1"',
  109.                                    );
  110.  
  111.  
  112.  
  113.    // force_change_password_check_query
  114.    //
  115.    // A query that checks for a flag that indicates if a user
  116.    // should be forced to change their password.  This query
  117.    // should return one value (one row, one column) which is
  118.    // zero if the user does NOT need to change their password,
  119.    // or one if the user should be forced to change it now.
  120.    //
  121.    // This setting should be an empty string if you do not wish
  122.    // to enable this functionality.
  123.    //
  124.    //   %1 in this query will be replaced with the full username
  125.    //      (including domain), such as "jose@example.com"
  126.    //   %2 in this query will be replaced with the username (without
  127.    //      any domain portion), such as "jose"
  128.    //   %3 in this query will be replaced with the domain name,
  129.    //      such as "example.com"
  130.    //
  131.    //$force_change_password_check_query = 'SELECT IF(force_change_pwd = "yes", 1, 0) FROM users WHERE username = "%1"';
  132.    //$force_change_password_check_query = 'SELECT force_change_pwd FROM users WHERE username = "%1"';
  133.    $force_change_password_check_query = '';
  134.  
  135.  
  136.  
  137.    // password_encryption
  138.    //
  139.    // What encryption method do you use to store passwords
  140.    // in your database?  Please use one of the following,
  141.    // exactly as you see it:
  142.    //
  143.    //   NONE          Passwords are stored as plain text only
  144.    //   MYSQLPWD      Passwords are stored using the MySQL password() function
  145.    //   MYSQLENCRYPT  Passwords are stored using the MySQL encrypt() function
  146.    //   PHPCRYPT      Passwords are stored using the PHP crypt() function
  147.    //   MD5CRYPT      Passwords are stored using encrypted MD5 algorithm
  148.    //   MD5           Passwords are stored as MD5 hash
  149.    //
  150.    $password_encryption = 'MYSQLPWD';
  151.  
  152.  
  153.  
  154.    // csp_salt_query
  155.    // csp_salt_static
  156.    //
  157.    // Encryption types that need a salt need to know where to get
  158.    // that salt.  If you have a constant, known salt value, you
  159.    // should define it in $csp_salt_static.  Otherwise, leave that
  160.    // value empty and define a value for the $csp_salt_query.
  161.    //
  162.    // Leave both values empty if you do not need (or use) salts
  163.    // to encrypt your passwords.
  164.    //
  165.    // The query should return one value (one row, one column) which
  166.    // is the salt value for the current user's password.  This
  167.    // query is ignored if $csp_salt_static is anything but empty.
  168.    //
  169.    //   %1 in this query will be replaced with the full username
  170.    //      (including domain), such as "jose@example.com"
  171.    //   %2 in this query will be replaced with the username (without
  172.    //      any domain portion), such as "jose"
  173.    //   %3 in this query will be replaced with the domain name,
  174.    //      such as "example.com"
  175.    //
  176.    //$csp_salt_static = 'LEFT(crypt_password, 2)';
  177.    //$csp_salt_static = '"a4"';  // use this format with MYSQLENCRYPT
  178.    //$csp_salt_static = '$2$blowsomefish$';  // use this format with PHPCRYPT
  179.    $csp_salt_static = '';
  180.  
  181.    //$csp_salt_query = 'SELECT SUBSTRING_INDEX(crypt_password, '$', 1) FROM users WHERE username = "%1"';
  182.    //$csp_salt_query = 'SELECT SUBSTRING(crypt_password, (LENGTH(SUBSTRING_INDEX(crypt_password, '$', 2)) + 2)) FROM users WHERE username = "%1"';
  183.    $csp_salt_query = 'SELECT salt FROM users WHERE username = "%1"';
  184.    //$csp_salt_query = '';
  185.  
  186.  
  187.  
  188.    // csp_secure_port
  189.    //
  190.    // You may ensure that SSL encryption is used during password
  191.    // change by setting this to the port that your HTTPS is served
  192.    // on (443 is typical).  Set to zero if you do not wish to force
  193.    // an HTTPS connection when users are changing their passwords.
  194.    //
  195.    // You may override this value for certain domains, users, or
  196.    // service levels through the Virtual Host Login (vlogin) plugin
  197.    // by setting a value(s) for $vlogin_csp_secure_port in the vlogin
  198.    // configuration.
  199.    //
  200.    $csp_secure_port = 0;
  201.    //$csp_secure_port = 443;
  202.  
  203.  
  204.  
  205.    // csp_non_standard_http_port
  206.    //
  207.    // If you serve standard HTTP web requests on a non-standard
  208.    // port (anything other than port 80), you should specify that
  209.    // port number here.  Set to zero otherwise.
  210.    //
  211.    // You may override this value for certain domains, users, or
  212.    // service levels through the Virtual Host Login (vlogin) plugin
  213.    // by setting a value(s) for $vlogin_csp_non_standard_http_port
  214.    // in the vlogin configuration.
  215.    //
  216.    //$csp_non_standard_http_port = 8080;
  217.    $csp_non_standard_http_port = 0;
  218.  
  219.  
  220.  
  221.    // min_password_length
  222.    // max_password_length
  223.    // include_digit_in_password
  224.    // include_uppercase_letter_in_password
  225.    // include_lowercase_letter_in_password
  226.    // include_nonalphanumeric_in_password
  227.    //
  228.    // You can set the minimum and maximum password lengths that
  229.    // you accept or leave those settings as zero to indicate that
  230.    // no limit should be applied.
  231.    //
  232.    // Turn on any of the other settings here to check that the
  233.    // new password contains at least one digit, upper case letter,
  234.    // lower case letter and/or one non-alphanumeric character.
  235.    //
  236.    $min_password_length = 6;
  237.    $max_password_length = 0;
  238.    $include_digit_in_password = 0;
  239.    $include_uppercase_letter_in_password = 0;
  240.    $include_lowercase_letter_in_password = 0;
  241.    $include_nonalphanumeric_in_password = 0;
  242.  
  243.  
  244.  
  245.    // csp_delimiter
  246.    //
  247.    // if your system has usernames with something other than
  248.    // an "@" sign separating the user and domain portion,
  249.    // specify that character here
  250.    //
  251.    //$csp_delimiter = '|';
  252.    $csp_delimiter = '@';
  253.    
  254.  
  255.  
  256.    // debug mode
  257.    //
  258.    $csp_debug = 0;
  259.  
  260.  
  261.  
  262. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top