/** * ZPanelX SQL Password Driver * * Driver for passwords stored in SQL database * * @version 1.

0 * @author * */ class rcube_zpmail_password { function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); $local_part = $rcmail->user->get_username('local'); $domain_part = $rcmail->user->get_username('domain'); $username = $_SESSION['username']; $host = $_SESSION['imap_host']; // convert domains to/from punnycode if ($rcmail->config->get('password_idn_ascii')) { $domain_part = rcube_idn_to_ascii($domain_part); $username = rcube_idn_to_ascii($username); $host = rcube_idn_to_ascii($host); } else { $domain_part = rcube_idn_to_utf8($domain_part); $username = rcube_idn_to_utf8($username); $host = rcube_idn_to_utf8($host); } $sql = 'SELECT password FROM mailbox WHERE username="'.$username.'"'; $host = "mysqlhost"; // Usually localhost $dbName = "zpanel_postfix"; // your ZPanelX postfix database. Default va lue here $dbUser = "databaseusername"; $dbPass = "databasepassword"; try { $db = new PDO("mysql:host={$host};dbname={$dbName}", $dbUser, $dbPas s); $db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING ); } catch (PDOException $e) { //echo 'Database error: '. $e->getMessage() . ' '; return PASSWORD_CONNECT_ERROR; } $res = $db->query($sql); $result = $res->fetch();$pass = $result["password"]; $hash = str_replace("{PLAIN-MD5}", "", $pass); if (md5($curpass) != $hash) { // echo "Password mismatch error"; return PASSWORD_ERROR; }

$pass = "{PLAIN-MD5}".md5($passwd); $sql = 'UPDATE mailbox SET password="'.$pass.'" WHERE username="'.$usern ame.'"'; $res = $db->query($sql); if (!$db->is_error()) { // This is the good case: 1 row updated // if ($db->affected_rows($res) == 1) // return PASSWORD_SUCCESS; // @TODO: Some queries don't affect any rows // Should we assume a success if there was no error? We'll do th at for now: return PASSWORD_SUCCESS; } return PASSWORD_ERROR; } }