root/alternc-changepass/tags/0.9.5/plugin/change.php

<?php

 if (!$already) { 
 define('SM_PATH','../../');
 
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'include/validate.php');
 require_once(SM_PATH . 'functions/page_header.php');
 require_once(SM_PATH . 'functions/imap.php');
 require_once(SM_PATH . 'include/load_prefs.php');

 /* get globals */
 sqgetGlobalVar('username', $username, SQ_SESSION);
 
 require_once (SM_PATH . "plugins/alternc_changepass/config.php");
 
 session_start();
 
 textdomain("changepass");

global $username, $base_uri, $key, $onetimepad;


if ($_POST['acp_oldpass'] && $_POST['acp_newpass'] && $_POST['acp_verify']) {
  if ($_POST['acp_newpass']!=$_POST['acp_verify']) {
    $err=_("Your new passwords are differents, pleasy try again.");
  } else {
    // Check the old password
    $db->query("SELECT password FROM mail_users WHERE alias='".addslashes($username)."'");
    if (!$db->next_record()) {
      $err=_("Your account has not been found, please try again later or ask an administrator.");
    } else {
      if ($db->f("password")!=_md5cr($_POST['acp_oldpass'],$db->f("password"))) {
    $err=_("Your current password is incorrect, please try again.");
      } else {
    // ok, let's change the password
    $newp=_md5cr($_POST['acp_newpass']);
    $un1=str_replace("@","_",$username); // version login_domain.tld
    $un2=substr($un1,0,strlen($un1)-strlen(strrchr($un1,"_")))."@".substr(strrchr($un1,"_"),1); // version login@domain.tld
    $db->query("UPDATE mail_users SET password='$newp' WHERE alias='$un1' or alias='$un2';");

    /* PATCH MAILFR 
    $ku=substr($username,0,strpos($un2,"@"));
    mysql_query("UPDATE mailfr.users SET password='".addslashes($acp_newpass)."' WHERE username='".addslashes($un2)."';");
    mysql_query("UPDATE mailfr_jabber.users SET jabberpassword='".addslashes($acp_newpass)."' WHERE username='".addslashes($ku)."';");
     /PATCH MAILFR */


    // Write new cookies for the password
    $onetimepad = OneTimePadCreate(strlen($acp_newpass));
    sqsession_register($onetimepad,'onetimepad');
    $key = OneTimePadEncrypt($acp_newpass, $onetimepad);
    setcookie("key", $key, 0, $base_uri);
    
    $err=_("Your password has been successfully changed. Don't forget to change it in your mail software if you are using one (Outlook, Mozilla, Thunderbird, Eudora ...)");
      }
    }
  }
}

 
 textdomain("squirrelmail");

 displayPageHeader($color, 'None');

 textdomain("changepass");
 
 }


if ($err) echo "<p><b>"._("Error:")." ".$err."</b></p>";

?>


<h1><?php __("Changing your mail password"); ?></h1>
<form method="post" action="change.php">
    <table>
      <tr>
   <th align="right"><label for="acp_oldpass"><?php __("Old Password:"); ?></label></th>
        <td><input type="password" name="acp_oldpass" id="acp_oldpass" value="" size="20" /></td>
      </tr>

      <tr>
   <th align="right"><label for="acp_newpass"><?php __("New Password:"); ?></label></th>
        <td><input type="password" name="acp_newpass" id="acp_newpass" value="" size="20" /></td>
      </tr>
      <tr>
   <th align="right"><label for="acp_verify"><?php __("Verify New Password:"); ?></label></th>
        <td><input type="password" name="acp_verify" id="acp_verify" value="" size="20" /></td>
      </tr>

      <tr>
        <td align="center" colspan="2"><input type="submit" value="<?php __("Change my mail password"); ?>" name="plugin_changepass" /></td>
      </tr>
    </table>

</form>

</body></html>
<?php

textdomain("squirrelmail");

?>