Source for file mysql.php
Documentation is available at mysql.php
* MySQL change password backend
* @author Thijs Kinkhorst <kink at squirrelmail.org>
* @copyright 2003-2020 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: mysql.php 14845 2020-01-07 08:09:34Z pdontthink $
* @subpackage change_password
global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
$mysql_password_field, $mysql_manager_id, $mysql_manager_pw,
$mysql_saslcrypt, $mysql_unixcrypt, $cpw_mysql;
$mysql_server =
'localhost';
$mysql_database =
'email';
// The names of the user ID and password columns
$mysql_userid_field =
'id';
$mysql_password_field =
'password';
// The user to log into MySQL with (must have rights)
$mysql_manager_id =
'email_admin';
$mysql_manager_pw =
'xxxxxxx';
// saslcrypt checked first - if it is 1, UNIX crypt is not used.
$mysql_saslcrypt =
0; // use MySQL password() function
$mysql_unixcrypt =
0; // use UNIX crypt() function
// get overrides from config.
if ( isset
($cpw_mysql) &&
is_array($cpw_mysql) &&
!empty($cpw_mysql) )
foreach ( $cpw_mysql as $key =>
$value )
if ( isset
($
{'mysql_'.
$key}) )
$
{'mysql_'.
$key} =
$value;
global $squirrelmail_plugin_hooks;
$squirrelmail_plugin_hooks['change_password_dochange']['mysql'] =
* This is the function that is specific to your backend. It takes
* the current password (as supplied by the user) and the desired
* new password. It will return an array of messages. If everything
* was successful, the array will be empty. Else, it will contain
* Constants to be used for these messages:
* CPW_CURRENT_NOMATCH -> "Your current password is not correct."
* CPW_INVALID_PW -> "Your new password contains invalid characters."
* @param array data The username/currentpw/newpw data.
* @return array Array of error messages.
// unfortunately, we can only pass one parameter to a hook function,
// so we have to pass it as an array.
$username =
$data['username'];
global $mysql_server, $mysql_database, $mysql_table, $mysql_userid_field,
$mysql_password_field, $mysql_manager_id, $mysql_manager_pw,
$mysql_saslcrypt, $mysql_unixcrypt;
// TODO: allow to choose between mysql_connect() and mysql_pconnect() functions.
$ds =
mysql_pconnect($mysql_server, $mysql_manager_id, $mysql_manager_pw);
array_push($msgs, _("Cannot connect to Database Server, please try later!"));
$query_string =
'SELECT ' .
$mysql_userid_field .
',' .
$mysql_password_field
.
' FROM ' .
$mysql_table
.
' AND ' .
$mysql_password_field;
} elseif ($mysql_unixcrypt) {
// FIXME: why password field name is used for salting
array_push($msgs, _("SQL call failed, try again later."));
//make sure we only have 1 uid
array_push($msgs, _("Duplicate login entries detected, cannot change password!"));
$update_string =
'UPDATE '.
$mysql_table .
' SET ' .
$mysql_password_field;
} elseif ($mysql_unixcrypt) {
// FIXME: use random salt when you create new password
array_push($msgs, _("Password change was not successful!"));
Documentation generated on Mon, 13 Jan 2020 04:23:11 +0100 by phpDocumentor 1.4.3