jhass/vmm-change-password[slash]index.php

## vmm-change-password[slash]index.php
<?php
/*
 * Afterlogic WebMail VMM password change plugin
 * Based upon http://www.afterlogic.com/wiki/Password_change_for_ISPConfig_%28WebMail_Plugins%29
 * VMM: http://vmm.localdomain.org/
 * WebMail lite: http://www.afterlogic.org/webmail-lite
 *
 * The plugin calls doveadm pw.
 *
 * You should create a dedicated role and add it to the mailsys role.
 * It needs read access to users(uid,local_part,gid,passwd) and domain_name(domainname,gid)
 * and write access to users(passwd).
 *
 * Installation:
 * 1. Put into data/plugins/vmm-change-password/index.php
 * 2. Edit data/settings.config.php
 *    a. Add 'plugins.vmm-change-password' => true,
 *    b. Add 'plugins.vmm-change-password.config.dbconnect' => 'dbname=mailsys user=webmail password=secret',
 *    c. If not using CRAM-MD5, set scheme: 'plugins.vmm-change-password.config.scheme' => 'CRAM-MD5',
 *    d. Set path to doveadm, if not /usr/bin/doveadm: 'plugins.vmm-change-password.config.doveadm' => '/usr/bin/doveadm',
 */

class_exists('CApi') or die();

CApi::Inc('common.plugins.change-password');

class CCustomChangePasswordPlugin extends AApiChangePasswordPlugin
{
  /**
   * @param CApiPluginManager $oPluginManager
   */
  public function __construct(CApiPluginManager $oPluginManager)
  {
    parent::__construct('1.0', $oPluginManager);
  }

  /**
   * @param CAccount $oAccount
   * @return bool
   */
  public function validateIfAccountCanChangePassword($oAccount)
  {
    $bResult = false;
    if ($oAccount instanceof CAccount)
    {
      $bResult = true;
    }

    return $bResult;
  }

  /**
   * @param CAccount $oAccount
   * @return bool
   */
  public function ChangePasswordProcess($oAccount)
  {
    $bResult = false;

    if (0 < strlen($oAccount->PreviousMailPassword) &&
      $oAccount->PreviousMailPassword !== $oAccount->IncomingMailPassword)
    {

      $dbConnectString = CApi::GetConf('plugins.vmm-change-password.config.dbconnect', 'dbname=mailsys user=vmm');

      //connect to vmm database
      $dbconn = pg_connect($dbConnectString);

      if ($dbconn) {
        //check old pass is correct
        list($username, $domain) = explode('@', $oAccount->IncomingMailLogin);
        $password = $oAccount->PreviousMailPassword;
        $new_password = $oAccount->IncomingMailPassword;

        $sql = "SELECT uid, passwd FROM users JOIN domain_name USING (gid) WHERE local_part = $1 AND domainname = $2";
        $result = pg_query_params($dbconn, $sql, array($username, $domain));
        $mailuser = pg_fetch_array($result);

        if ($this->verifyPassword($mailuser['passwd'], $password)) {
          //passwords match so set new password

          $new_password = $this->getPasswordHash($new_password);
          $sql = "UPDATE users SET passwd = $1 WHERE uid = $2";
          $result = pg_query_params($dbconn, $sql, array($new_password, $mailuser['uid']));

          if (!$result){
            //password update error
            throw new CApiManagerException(Errs::UserManager_AccountNewPasswordUpdateError);
          }
        } else {
          //old and new passwords dont match
          throw new CApiManagerException(Errs::UserManager_AccountOldPasswordNotCorrect);
        }
        //disconnect from database
        pg_close($dbconn);

      } else {
        //could not connect to database
        throw new CApiManagerException(Errs::UserManager_AccountNewPasswordUpdateError);
      }
    }

    return $bResult;
  }

  private function verifyPassword($hash, $password) {
    exec($this->getDoveadm()." pw -t '$hash' -p ".escapeshellarg($password), $_, $ret);
    return $ret == 0;
  }

  private function getPasswordHash($password) {
    $scheme = CApi::GetConf('plugins.vmm-change-password.config.scheme', 'CRAM-MD5');
    return exec($this->getDoveadm()." pw -s '$scheme' -p ".escapeshellarg($password));
  }

  private function getDoveadm() {
    return CApi::GetConf('plugins.vmm-change-password.config.doveadm', '/usr/bin/doveadm');
  }
}

return new CCustomChangePasswordPlugin($this);
	<?php
	/*
	* Afterlogic WebMail VMM password change plugin
	* Based upon http://www.afterlogic.com/wiki/Password_change_for_ISPConfig_%28WebMail_Plugins%29
	* VMM: http://vmm.localdomain.org/
	* WebMail lite: http://www.afterlogic.org/webmail-lite
	*
	* The plugin calls doveadm pw.
	*
	* You should create a dedicated role and add it to the mailsys role.
	* It needs read access to users(uid,local_part,gid,passwd) and domain_name(domainname,gid)
	* and write access to users(passwd).
	*
	* Installation:
	* 1. Put into data/plugins/vmm-change-password/index.php
	* 2. Edit data/settings.config.php
	* a. Add 'plugins.vmm-change-password' => true,
	* b. Add 'plugins.vmm-change-password.config.dbconnect' => 'dbname=mailsys user=webmail password=secret',
	* c. If not using CRAM-MD5, set scheme: 'plugins.vmm-change-password.config.scheme' => 'CRAM-MD5',
	* d. Set path to doveadm, if not /usr/bin/doveadm: 'plugins.vmm-change-password.config.doveadm' => '/usr/bin/doveadm',
	*/

	class_exists('CApi') or die();

	CApi::Inc('common.plugins.change-password');

	class CCustomChangePasswordPlugin extends AApiChangePasswordPlugin
	{
	/**
	* @param CApiPluginManager $oPluginManager
	*/
	public function __construct(CApiPluginManager $oPluginManager)
	{
	parent::__construct('1.0', $oPluginManager);
	}

	/**
	* @param CAccount $oAccount
	* @return bool
	*/
	public function validateIfAccountCanChangePassword($oAccount)
	{
	$bResult = false;
	if ($oAccount instanceof CAccount)
	{
	$bResult = true;
	}

	return $bResult;
	}

	/**
	* @param CAccount $oAccount
	* @return bool
	*/
	public function ChangePasswordProcess($oAccount)
	{
	$bResult = false;

	if (0 < strlen($oAccount->PreviousMailPassword) &&
	$oAccount->PreviousMailPassword !== $oAccount->IncomingMailPassword)
	{

	$dbConnectString = CApi::GetConf('plugins.vmm-change-password.config.dbconnect', 'dbname=mailsys user=vmm');

	//connect to vmm database
	$dbconn = pg_connect($dbConnectString);

	if ($dbconn) {
	//check old pass is correct
	list($username, $domain) = explode('@', $oAccount->IncomingMailLogin);
	$password = $oAccount->PreviousMailPassword;
	$new_password = $oAccount->IncomingMailPassword;

	$sql = "SELECT uid, passwd FROM users JOIN domain_name USING (gid) WHERE local_part = $1 AND domainname = $2";
	$result = pg_query_params($dbconn, $sql, array($username, $domain));
	$mailuser = pg_fetch_array($result);

	if ($this->verifyPassword($mailuser['passwd'], $password)) {
	//passwords match so set new password

	$new_password = $this->getPasswordHash($new_password);
	$sql = "UPDATE users SET passwd = $1 WHERE uid = $2";
	$result = pg_query_params($dbconn, $sql, array($new_password, $mailuser['uid']));

	if (!$result){
	//password update error
	throw new CApiManagerException(Errs::UserManager_AccountNewPasswordUpdateError);
	}
	} else {
	//old and new passwords dont match
	throw new CApiManagerException(Errs::UserManager_AccountOldPasswordNotCorrect);
	}
	//disconnect from database
	pg_close($dbconn);

	} else {
	//could not connect to database
	throw new CApiManagerException(Errs::UserManager_AccountNewPasswordUpdateError);
	}
	}

	return $bResult;
	}

	private function verifyPassword($hash, $password) {
	exec($this->getDoveadm()." pw -t '$hash' -p ".escapeshellarg($password), $_, $ret);
	return $ret == 0;
	}

	private function getPasswordHash($password) {
	$scheme = CApi::GetConf('plugins.vmm-change-password.config.scheme', 'CRAM-MD5');
	return exec($this->getDoveadm()." pw -s '$scheme' -p ".escapeshellarg($password));
	}

	private function getDoveadm() {
	return CApi::GetConf('plugins.vmm-change-password.config.doveadm', '/usr/bin/doveadm');
	}
	}

	return new CCustomChangePasswordPlugin($this);