2022-03-10 19:41:12 +08:00
|
|
|
<?php
|
|
|
|
|
2023-04-11 15:14:59 +08:00
|
|
|
class ChangePasswordISPConfigDriver
|
2022-03-10 19:41:12 +08:00
|
|
|
{
|
|
|
|
const
|
|
|
|
NAME = 'ISPConfig',
|
|
|
|
DESCRIPTION = 'Change passwords in ISPConfig.';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var \RainLoop\Config\Plugin
|
|
|
|
*/
|
|
|
|
private $oConfig = null;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var \MailSo\Log\Logger
|
|
|
|
*/
|
|
|
|
private $oLogger = null;
|
|
|
|
|
|
|
|
function __construct(\RainLoop\Config\Plugin $oConfig, \MailSo\Log\Logger $oLogger)
|
|
|
|
{
|
|
|
|
$this->oConfig = $oConfig;
|
|
|
|
$this->oLogger = $oLogger;
|
|
|
|
}
|
|
|
|
|
|
|
|
public static function isSupported() : bool
|
|
|
|
{
|
|
|
|
return \class_exists('PDO', false)
|
|
|
|
// The PHP extension PDO (mysql) must be installed to use this plugin
|
|
|
|
&& \in_array('mysql', \PDO::getAvailableDrivers());
|
|
|
|
}
|
|
|
|
|
|
|
|
public static function configMapping() : array
|
|
|
|
{
|
|
|
|
return array(
|
|
|
|
\RainLoop\Plugins\Property::NewInstance('ispconfig_dsn')->SetLabel('ISPConfig PDO dsn')
|
|
|
|
->SetDefaultValue('mysql:host=localhost;dbname=dbispconfig;charset=utf8'),
|
|
|
|
\RainLoop\Plugins\Property::NewInstance('ispconfig_user')->SetLabel('User'),
|
|
|
|
\RainLoop\Plugins\Property::NewInstance('ispconfig_password')->SetLabel('Password')
|
|
|
|
->SetType(\RainLoop\Enumerations\PluginPropertyType::PASSWORD),
|
|
|
|
\RainLoop\Plugins\Property::NewInstance('ispconfig_allowed_emails')->SetLabel('Allowed emails')
|
|
|
|
->SetType(\RainLoop\Enumerations\PluginPropertyType::STRING_TEXT)
|
|
|
|
->SetDescription('Allowed emails, space as delimiter, wildcard supported. Example: user1@domain1.net user2@domain1.net *@domain2.net')
|
|
|
|
->SetDefaultValue('*')
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function ChangePassword(\RainLoop\Model\Account $oAccount, string $sPrevPassword, string $sNewPassword) : bool
|
|
|
|
{
|
|
|
|
if (!\RainLoop\Plugins\Helper::ValidateWildcardValues($oAccount->Email(), $this->oConfig->Get('plugin', 'ispconfig_allowed_emails', ''))) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
try
|
|
|
|
{
|
|
|
|
if ($this->oLogger) {
|
|
|
|
$this->oLogger->Write('ISPConfig: Try to change password for '.$oAccount->Email());
|
|
|
|
}
|
|
|
|
|
|
|
|
$oPdo = new \PDO(
|
|
|
|
$this->oConfig->Get('plugin', 'ispconfig_dsn', ''),
|
|
|
|
$this->oConfig->Get('plugin', 'ispconfig_user', ''),
|
|
|
|
$this->oConfig->Get('plugin', 'ispconfig_password', ''),
|
|
|
|
array(
|
|
|
|
\PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION
|
|
|
|
)
|
|
|
|
);
|
|
|
|
|
|
|
|
$oStmt = $oPdo->prepare('SELECT password, mailuser_id FROM mail_user WHERE login = ? LIMIT 1');
|
|
|
|
if ($oStmt->execute(array($oAccount->IncLogin()))) {
|
|
|
|
$aFetchResult = $oStmt->fetch(\PDO::FETCH_ASSOC);
|
|
|
|
if (!empty($aFetchResult['mailuser_id'])) {
|
|
|
|
$sDbPassword = $aFetchResult['password'];
|
|
|
|
$sDbSalt = \substr($sDbPassword, 0, \strrpos($sDbPassword, '$'));
|
|
|
|
if (\crypt($sPrevPassword, $sDbSalt) === $sDbPassword) {
|
|
|
|
$oStmt = $oPdo->prepare('UPDATE mail_user SET password = ? WHERE mailuser_id = ?');
|
|
|
|
return !!$oStmt->execute(array(
|
|
|
|
$this->cryptPassword($sNewPassword),
|
|
|
|
$aFetchResult['mailuser_id']
|
|
|
|
));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
catch (\Exception $oException)
|
|
|
|
{
|
|
|
|
if ($this->oLogger) {
|
|
|
|
$this->oLogger->WriteException($oException);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
private function cryptPassword(string $sPassword) : string
|
|
|
|
{
|
|
|
|
if (\defined('CRYPT_SHA512') && CRYPT_SHA512) {
|
|
|
|
$sSalt = '$6$rounds=5000$' . \bin2hex(\random_bytes(8)) . '$';
|
|
|
|
} elseif (\defined('CRYPT_SHA256') && CRYPT_SHA256) {
|
|
|
|
$sSalt = '$5$rounds=5000$' . \bin2hex(\random_bytes(8)) . '$';
|
|
|
|
} else {
|
|
|
|
$sSalt = '$1$' . \bin2hex(\random_bytes(6)) . '$';
|
|
|
|
}
|
|
|
|
return \crypt($sPassword, $sSalt);
|
|
|
|
}
|
|
|
|
}
|