postfixadmin/model/UserHandler.php

<?php

/**
 * Simple class to represent a user.
 */
class UserHandler {
    
    /**
     * @return boolean true on success; false on failure 
     * @param string $username
     * @param string $old_password
     * @param string $new_passwords
     *
     * All passwords need to be plain text; they'll be hashed appropriately
     * as per the configuration in config.inc.php
     */
    public function change_pass($username, $old_password, $new_password) {
        global $config;
        if(!UserHandler::login($username, $old_password)) {
            return false;
        }

        $tmp = preg_split ('/@/', $username);
        $USERID_DOMAIN = $tmp[1];

        $username = escape_string($username);
        $table_mailbox = table_by_key('mailbox');

        $active = db_get_boolean(True);
        $result = db_query("SELECT * FROM $table_mailbox WHERE username='$username' AND active=$active");
        $new_db_password = escape_string(pacrypt($new_password));

        $result = db_query ("UPDATE $table_mailbox SET password='$new_db_password',modified=NOW() WHERE username='$username'");

        db_log ($username, $USERID_DOMAIN, 'edit_password', "$USERID_USERNAME");
        return true;
    }

    /**
     * Attempt to log a user in.
     * @param string $username
     * @param string $password
     * @return boolean true on successful login (i.e. password matches etc)
     */
    public static function login($username, $password) {
        global $config;
        $username = escape_string($username);

        $table_mailbox = table_by_key('mailbox');
        $active = db_get_boolean(True);
        $query = "SELECT password FROM $table_mailbox WHERE username='$username' AND active=$active";

        $result = db_query ($query);
        if ($result['rows'] == 1)
        {
            $row = db_array ($result['result']);
            $password = pacrypt ($password, $row['password']);

            if($row['password'] == $password) {
                return true;
            }
        }
        return false;
    }
}
refactoring of users (most app logic is now in /model) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@575 a1433add-5e2c-0410-b055-b7f2511e0802 16 years ago			`<?php`

			`/**`
			`* Simple class to represent a user.`
			`*/`
			`class UserHandler {`

			`/**`
			`* @return boolean true on success; false on failure`
			`* @param string $username`
			`* @param string $old_password`
			`* @param string $new_passwords`
			`*`
			`* All passwords need to be plain text; they'll be hashed appropriately`
			`* as per the configuration in config.inc.php`
			`*/`
			`public function change_pass($username, $old_password, $new_password) {`
			`global $config;`
			`if(!UserHandler::login($username, $old_password)) {`
			`return false;`
			`}`

			`$tmp = preg_split ('/@/', $username);`
			`$USERID_DOMAIN = $tmp[1];`

			`$username = escape_string($username);`
			`$table_mailbox = table_by_key('mailbox');`

			`$active = db_get_boolean(True);`
			`$result = db_query("SELECT * FROM $table_mailbox WHERE username='$username' AND active=$active");`
			`$new_db_password = escape_string(pacrypt($new_password));`

			`$result = db_query ("UPDATE $table_mailbox SET password='$new_db_password',modified=NOW() WHERE username='$username'");`

			`db_log ($username, $USERID_DOMAIN, 'edit_password', "$USERID_USERNAME");`
			`return true;`
			`}`

			`/**`
			`* Attempt to log a user in.`
			`* @param string $username`
			`* @param string $password`
			`* @return boolean true on successful login (i.e. password matches etc)`
			`*/`
			`public static function login($username, $password) {`
			`global $config;`
			`$username = escape_string($username);`

			`$table_mailbox = table_by_key('mailbox');`
			`$active = db_get_boolean(True);`
			`$query = "SELECT password FROM $table_mailbox WHERE username='$username' AND active=$active";`

			`$result = db_query ($query);`
			`if ($result['rows'] == 1)`
			`{`
			`$row = db_array ($result['result']);`
			`$password = pacrypt ($password, $row['password']);`

			`if($row['password'] == $password) {`
			`return true;`
			`}`
			`}`
			`return false;`
			`}`
			`}`