mirror of
https://github.com/the-djmaze/snappymail.git
synced 2025-01-02 21:12:02 +08:00
118 lines
4.7 KiB
PHP
118 lines
4.7 KiB
PHP
<?php
|
|
|
|
class ChangePasswordDriverPDO
|
|
{
|
|
const
|
|
NAME = 'PDO',
|
|
DESCRIPTION = 'Use your own SQL (PDO) statement (with wildcards).';
|
|
|
|
/**
|
|
* @var \RainLoop\Config\Plugin
|
|
*/
|
|
private $oConfig = null;
|
|
|
|
/**
|
|
* @var \MailSo\Log\Logger
|
|
*/
|
|
private $oLogger = null;
|
|
|
|
function __construct(\RainLoop\Config\Plugin $oConfig, \MailSo\Log\Logger $oLogger)
|
|
{
|
|
$this->oConfig = $oConfig;
|
|
$this->oLogger = $oLogger;
|
|
}
|
|
|
|
public static function isSupported() : bool
|
|
{
|
|
return \class_exists('PDO', false);
|
|
}
|
|
|
|
public static function configMapping() : array
|
|
{
|
|
return array(
|
|
\RainLoop\Plugins\Property::NewInstance('pdo_dsn')->SetLabel('DSN')
|
|
->SetDefaultValue('mysql:host=localhost;dbname=snappymail;charset=utf8'),
|
|
\RainLoop\Plugins\Property::NewInstance('pdo_user')->SetLabel('User'),
|
|
\RainLoop\Plugins\Property::NewInstance('pdo_password')->SetLabel('Password')
|
|
->SetType(\RainLoop\Enumerations\PluginPropertyType::PASSWORD),
|
|
\RainLoop\Plugins\Property::NewInstance('pdo_sql')->SetLabel('Statement')
|
|
->SetType(\RainLoop\Enumerations\PluginPropertyType::STRING_TEXT)
|
|
->SetDescription('SQL statement (allowed wildcards :email, :oldpass, :newpass, :domain, :username, :login_name).')
|
|
->SetDefaultValue('UPDATE table SET password = :newpass WHERE (domain = :domain AND username = :username) OR loginname = :login_name'),
|
|
\RainLoop\Plugins\Property::NewInstance('pdo_encrypt')->SetLabel('Encryption')
|
|
->SetType(\RainLoop\Enumerations\PluginPropertyType::SELECTION)
|
|
->SetDefaultValue(array('none', 'bcrypt', 'Argon2i', 'Argon2id', 'SHA256-CRYPT', 'SHA512-CRYPT'))
|
|
->SetDescription('In what way do you want the passwords to be encrypted?'),
|
|
\RainLoop\Plugins\Property::NewInstance('pdo_encryptprefix')->SetLabel('Encrypt prefix')
|
|
->SetDescription('Optional encrypted password prefix, like {ARGON2I} or {BLF-CRYPT} or {SHA512-CRYPT}'),
|
|
\RainLoop\Plugins\Property::NewInstance('pdo_mysql_ssl')->SetLabel('MySQL SSL connection')
|
|
->SetType(\RainLoop\Enumerations\PluginPropertyType::BOOL)
|
|
->SetDefaultValue(false),
|
|
\RainLoop\Plugins\Property::NewInstance('pdo_mysql_ssl_verify')->SetLabel('MySQL SSL verify server cert')
|
|
->SetType(\RainLoop\Enumerations\PluginPropertyType::BOOL)
|
|
->SetDescription('Verify that certificate\'s Common Name of SAN matches the database server\'s hostname.')
|
|
->SetDefaultValue(false),
|
|
\RainLoop\Plugins\Property::NewInstance('pdo_mysql_ssl_ca')->SetLabel('MySQL SSL CA certificate file')
|
|
->SetDescription('Path to a file containing the CA certificate used to sign the server certificate, or a CA bundle. Required for SSL/TLS connections to work.')
|
|
->SetDefaultValue('/etc/pki/tls/certs/ca-bundle.crt')
|
|
);
|
|
}
|
|
|
|
public function ChangePassword(\RainLoop\Model\Account $oAccount, string $sPrevPassword, string $sNewPassword) : bool
|
|
{
|
|
try
|
|
{
|
|
$pdo_attr = array(
|
|
\PDO::ATTR_EMULATE_PREPARES => true,
|
|
\PDO::ATTR_PERSISTENT => true,
|
|
\PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION,
|
|
);
|
|
if ($this->oConfig->Get('plugin', 'pdo_mysql_ssl', false)) {
|
|
$pdo_attr[\PDO::MYSQL_ATTR_SSL_CA] = $this->oConfig->Get('plugin', 'pdo_mysql_ssl_ca', '');
|
|
$pdo_attr[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = $this->oConfig->Get('plugin', 'pdo_mysql_ssl_verify', true);
|
|
}
|
|
|
|
$conn = new \PDO(
|
|
$this->oConfig->Get('plugin', 'pdo_dsn', ''),
|
|
$this->oConfig->Get('plugin', 'pdo_user', ''),
|
|
$this->oConfig->Get('plugin', 'pdo_password', ''),
|
|
$pdo_attr
|
|
);
|
|
|
|
$sEmail = $oAccount->Email();
|
|
$encrypt = $this->oConfig->Get('plugin', 'pdo_encrypt', '');
|
|
$encrypt_prefix = $this->oConfig->Get('plugin', 'pdo_encryptprefix', '');
|
|
|
|
$placeholders = array(
|
|
':email' => $sEmail,
|
|
':oldpass' => $encrypt_prefix . \ChangePasswordPlugin::encrypt($encrypt, $sPrevPassword),
|
|
':newpass' => $encrypt_prefix . \ChangePasswordPlugin::encrypt($encrypt, $sNewPassword),
|
|
':domain' => \MailSo\Base\Utils::GetDomainFromEmail($sEmail),
|
|
':username' => \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail),
|
|
':login_name' => $oAccount->IncLogin()
|
|
);
|
|
|
|
$sql = $this->oConfig->Get('plugin', 'pdo_sql', '');
|
|
|
|
$statement = $conn->prepare($sql);
|
|
|
|
// we have to check that all placehoders are used in the query, passing any unused placeholders will generate an error
|
|
foreach ($placeholders as $placeholder => $value) {
|
|
if (\preg_match_all("/{$placeholder}(?![a-zA-Z0-9\-])/", $sql)) {
|
|
$statement->bindValue($placeholder, $value);
|
|
}
|
|
}
|
|
|
|
// and execute
|
|
return !!$statement->execute();
|
|
}
|
|
catch (\Exception $oException)
|
|
{
|
|
\SnappyMail\Log::error('change-password', $oException->getMessage());
|
|
if ($this->oLogger) {
|
|
$this->oLogger->WriteException($oException);
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
}
|