From 2149742331282599157e4dfbf4f43b1b3fe6c5f1 Mon Sep 17 00:00:00 2001
From: Vincent Jestin <vjestin@searchxpr.com>
Date: Thu, 20 Oct 2016 19:36:47 +0200
Subject: [PATCH] added apiv6 method

---
 README            | 24 -------------
 README.md         | 46 ++++++++++++++++++++++++
 config_sample.php | 30 +++++++++++++---
 index.php         | 89 +++++++++++++++++++++++++++++------------------
 4 files changed, 127 insertions(+), 62 deletions(-)
 delete mode 100644 README
 create mode 100644 README.md

diff --git a/README b/README
deleted file mode 100644
index 00fafb6..0000000
--- a/README
+++ /dev/null
@@ -1,24 +0,0 @@
-This is a small script to setup on your OVH mutualisated server to manage email passwords
-
-To install, follow the following steps :
-1) create a config.php file. Copy the config_sample.php file to config.php and edit the file to set your OVH nic-handle and you password. The file should look like this :
-<?php
-$nic = "xxxxx-ovh"; // your ovh nichandle
-$pass = "*******"; // your ovh password
-$domain = "yourdomain.tld"; // your domain name
-$serveur="pop3.". $domain;
-$dom = "@". $domain;
-?>
-
-2) just copy all the files in a folder of your mutualisated server. For example :
-mail/common.css
-mail/config.php
-mail/config_sample.php
-mail/index.php
-mail/logo.jpg
-mail/README
-
-3) surf with your prefered navigator to yourdomain.tld/mail
-
-That's it ! Have fun
-
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..86a1f63
--- /dev/null
+++ b/README.md
@@ -0,0 +1,46 @@
+# ovhmail-password
+
+This is a small script to setup on your OVH shared hosting server to manage email accounts passwords.
+
+You have the choice between two methods:
+* [soapi](https://www.ovh.com/soapi) (deprecated)
+* [apiv6](https://api.ovh.com/): you will have to setup the access keys to the API [here](https://api.ovh.com/g934.first_step_with_api) or [here](https://api.ovh.com/createToken/index.cgi?).
+
+*IMPORTANT*: We strongly recommend you make this script available through an HTTPS connection. Otherwise the passwords would travel in clear over the network.
+
+## Installation
+
+* Create a config.php file. Copy the config_sample.php file to config.php and edit the file to set your parameters.
+
+Example configuration file with apiv6 method :
+
+```php
+<?php
+...
+$domain = ""; // your domain name
+$method = "apiv6";
+$appKey = "****************"; // your application key
+$appSecret = "********************************"; // your application secret key
+$consumerKey = "********************************"; // your consumer key
+$apiEndpoint = "ovh-eu";
+...
+?>
+```
+
+* If you use the recommended apiv6 method, get the [php-ovh](https://github.com/ovh/php-ovh/releases) wrapper for OVH APIs. Unpack the  archive content along this project files.
+
+* Copy all the files in a folder of your shared hosting server. For example :
+
+```
+mail/common.css
+mail/config.php
+mail/config_sample.php
+mail/index.php
+mail/logo.jpg
+mail/README.md
+(+ php-ovh resources if using apiv6 method)
+```
+
+* Surf with your favorite browser to yourdomain.tld/mail
+
+That's it ! Have fun
diff --git a/config_sample.php b/config_sample.php
index 7748317..af76541 100644
--- a/config_sample.php
+++ b/config_sample.php
@@ -1,7 +1,29 @@
 <?php
-$nic = "xxxxx-ovh"; // Votre nic ovh
-$pass = "********"; // Votre mot de passe ovh
-$domain = "yourdomaine.tld"; // your domain name
-$serveur="SSL0.OVH.NET"; 
+// common parameters
+$domain = ""; // your domain name
+$method = "apiv6"; // apiv6 or soapi(not recommended anymore)
+
+// soapi parameters
+$nic = "********"; // your OVH nic-handle
+$pass = "*********"; // your OVH password
+
+// apiv6 parameters (see https://api.ovh.com)
+$appKey = "****************"; // your application key
+$appSecret = "********************************"; // your application secret key
+$consumerKey = "********************************"; // your consumer key
+$apiEndpoint = "ovh-eu"; // see https://github.com/ovh/php-ovh/#supported-apis
+
+// other
+$serveur="SSL0.OVH.NET";
 $dom = "@". $domain;
+$passwordLength = array (
+  "soapi" => array(
+    "min" => 6,
+    "max" => 12
+  ),
+  "apiv6" => array(
+    "min" => 9,
+    "max" => 30
+  )
+);
 ?>
diff --git a/index.php b/index.php
index 118a908..f04aebb 100644
--- a/index.php
+++ b/index.php
@@ -4,6 +4,9 @@
 // Requires: php 5
 
 require_once(dirname(__FILE__).'/config.php');
+if($method == "apiv6") {
+	require __DIR__ . '/vendor/autoload.php';
+}
 
 $errors = array();
 $passwordmail = '';
@@ -20,13 +23,12 @@
 $mbox = @imap_open('{'.$serveur.':143}INBOX', "$email", "$passwordmail");
 if (!$mbox) {
 	if (!empty($_POST)) {
-		$errors[] = "Authentication error";
+		$errors[] = "Authentication error";//.imap_last_error();
 	}
 	$need_login = true;
 } else {
 	imap_close($mbox);
 	// Filtrage des données
-
 	foreach ($_REQUEST as $key => $val) {
 		$val = preg_replace("/[\'\"\\\?\~]/i",'', $val);
 		$_REQUEST[$key] = $val;
@@ -42,45 +44,64 @@
 	}
 
 	$success = '';
-	if (strlen($newpass) >= 8 && $newpass == $newpass2 && $_POST["newpass"]==$newpass) {
+	$minLength = 0;
+	$maxLength = 0;
+	if($method == "apiv6" || $method == "soapi") {
+		$minLength = $passwordLength[$method]["min"];
+		$maxLength = $passwordLength[$method]["max"];
+	} else {
+		$errors[] = "The configuration is incorrect. Please contact your administrator.";
+	}
+	if (empty($errors) && strlen($newpass) >= $minLength && strlen($newpass) <= $maxLength && $newpass == $newpass2 && $_POST["newpass"]==$newpass) {
 	// Vérification du bon nouveau mot de passe (avec les deux champs puis on valide si ok )
-		$soap = new SoapClient('https://www.ovh.com/soapi/soapi-1.2.wsdl');
+		$successMsg = "<h3>Your password is being changed. The operation will take effect in 5 to 10 minutes.</h3>";
+		switch($method) {
+			case "soapi":
+				$soap = new SoapClient('https://www.ovh.com/soapi/soapi-1.2.wsdl');
 
-		//login
-		try {
-			$language = null;
-			$multisession = false;
-			$session = $soap->login($nic,$pass,$language,$multisession);
-			//$success .= "login successfull<br/>";
-		} catch(SoapFault $fault) {
-			$errors[] = "Error : login";//.$fault;
-		}
-		//popModifyPassword
-		try {
-			$result = $soap->popModifyPassword($session, $domain, $email_name, $newpass, false);
-			//$success .= "popModifyPassword successfull<br/>";
-			//$success .= print_r($result);
-			//$success .= "<br/>";
-			$success .= "<h3>Thank you.<br />Password has been modified.</h3>";
-			$success .= "<h3>The change will be visible maximally in 15 minutes.</h3>";
-		} catch(SoapFault $fault) {
-			$errors[] = "Error : popModifyPassword";//.$fault;.$fault;
-		}
-		//logout
-		try {
-			$result = $soap->logout($session);
-			//$success .= "logout successfull<br/>";
-		} catch(SoapFault $fault) {
-			$errors[] = "Error : logout";//.$fault;.$fault;
+				//login
+				try {
+					$language = null;
+					$multisession = false;
+					$session = $soap->login($nic,$pass,$language,$multisession);
+				} catch(SoapFault $fault) {
+					$errors[] = "Error : login";//.$fault;
+				}
+				//popModifyPassword
+				try {
+					$result = $soap->popModifyPassword($session, $domain, $email_name, $newpass, false);
+					$success = $successMsg;
+				} catch(SoapFault $fault) {
+					$errors[] = "Error : popModifyPassword";//.$fault;
+				}
+				//logout
+				try {
+					$result = $soap->logout($session);
+
+				} catch(SoapFault $fault) {
+					$errors[] = "Error : logout";//.$fault;
+				}
+				break;
+			case "apiv6":
+				try {
+					$ovh = new \Ovh\Api( $appKey, $appSecret, $apiEndpoint, $consumerKey);
+					$result = $ovh->post("/email/domain/$domain/account/$email_name/changePassword", array(
+					    'password' => $newpass
+					));
+					$success = $successMsg;
+				} catch(Exception $fault) {
+					$errors[] = "An error occured during passwor change attempt.";//.$fault;
+				}
+				break;
 		}
 	} elseif (strlen($newpass) > 0 && $newpass != $newpass2) {
 	// ici le cas ou le premier nouveau mot de passe ne correspond pas au second
 		$errors[] = "The two passwords are not equal, please check it";
-	} elseif (strlen($newpass) > 0 && strlen($newpass) < 8) {
-	// Si le mot de passe fait moins de 8 caractères on refuse 
-		$errors[] = "Make sure your password has minimum 8 characters.";
+	} elseif (strlen($newpass) > 0 && (strlen($newpass) < $minLength || strlen($newpass) > $maxLength)) {
+	// Si le mot de passe fait moins de x caractères ou plus de y caractères on refuse
+		$errors[] = "Make sure your password length is between $minLength and $maxLength characters.";
 	} elseif ($_POST["newpass"]!=$newpass) {
-	// Si le mot de passe fait moins de 8 caractères on refuse 
+	// Si le mot de passe contient des caractères invalides on refuse
 		$errors[] = "Password contains one or more of invalid characters:<ul><li>\'</li><li>\"</li><li>\\</li><li>\?</li><li>\~</li></ul>";
 	}
 }