<?php

/***************************************************************************
 *
 * vMail.Admin2:  $Id: functions/password_tools.php,v 1.0 15/02/2006 juan Exp $
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/
 
/***************************************************************************
 *
 * Table of functions:
 *			crypt_password ( )
 *			security_graphic ( )
 *			generate_code ( )
 *			clean_confirm_table ( )
 *
 ***************************************************************************/

if ( !defined('IN_VMA') )
{
	die('Illegal operation...');
	exit;
}

/**
*
* Function:
*	crypt_password ( )
*
* Since each user has 2 password cells (one for email, the
* other for vMail.Admin), we keep them the same by using this
* hook. Takes incoming password and returns and array of
* 2 passwords. The first, the email password which can be
* clear text or encrypted. The seconds is the md5 encrypted
* version of the password used for vMail.Admin sessions.
*
* @param		@string	$this_password Password to play with
* @param		@string	$use_salt Salt the password?
* @return	@array Passwords
*
**/
function crypt_password($password,$db_salt=NULL)
{
	global $config;
	$password_type = (int)$config['password_type'];
	
	if ( !get_magic_quotes_gpc() )
	{
		$password = (DATABASE == 'postgre') ? pg_escape_string($password) : mysql_real_escape_string($password);
	}
	
	switch ( $password_type )
	{		
		case PW_MD5:
			$saltprefix	= '$1$';
			$saltphrase	= substr(md5(generate_code()),0,12);
			$salt			= empty($db_salt) ? $saltprefix.$saltphrase : $db_salt;
	      $password	= crypt($password,$salt);
			break;
		
		case PW_DES:
			$saltprefix	= '$';
			$saltphrase	= substr(md5(generate_code()),0,9);
			$salt			= empty($db_salt) ? $saltprefix.$saltphrase : $db_salt;
			$password	= crypt($password,$salt);
			break;
					
		case PW_TXT:
			$password = $password;
			break;
	}
	
	return ( $password );
}

/**
*
* Function: 
*	security_graphic ( )
*
* This function returns an image with text superimposed
*
* @param		@integer	$code Sequence of text superimpose on image
* @return	NULL exit after print
*
* Based on:
*		http://blog.theoconcept.com/static/distortion/distortion-source.php
*
**/
function security_graphic($confirm_id)
{
	global $db,$config,$user;
	
	if ( !isset($config['enable_convert']) || !preg_match('/^[A-Za-z0-9]+$/',$confirm_id) )
	{
		return;
	}
	
	/**
	*
	* Get code from DB from input
	*
	**/
	$sql = sprintf("SELECT code
						FROM %s
						WHERE confirm_id = '%s'
						AND token = '%s'",
						CONFIRM_TABLE,$confirm_id,$user->data['token']);
	
	if ( !($result = $db->sql_query($sql)) )
	{
		report_error(GENERAL_ERROR,'Error 27601: '.sprintf(_('Unable to query: %s'),CONFIRM_TABLE),$sql, __FILE__,__LINE__);
	}
	$row	= $db->sql_fetchrow($result);
	$db->sql_freeresult($result);
	$code = $row['code'];

	/**
	*
	* Set our image parameters
	*
	**/	
	$font			= $user->style['sc_graphic']['font'];
	$font_size	= $user->style['sc_graphic']['font_size'];
	$bgdcolor	= $user->style['sc_graphic']['bgcolor'];
	$txtcolor	= $user->style['sc_graphic']['textcolor'];
	$width		= $user->style['sc_graphic']['width'];
	$height		= $user->style['sc_graphic']['height'];
	$axisx		= $user->style['sc_graphic']['axisx'];
	$axisy		= $user->style['sc_graphic']['axisy'];
	$distortion	= $user->style['sc_graphic']['distortion'];
	
	/**
	*
	*  Convert color codes to hex
	*
	**/
	$preg_hex	= '[0-9A-Fa-f][0-9A-Fa-f]';
	$bgdcolors	= preg_match("/^#?($preg_hex)($preg_hex)($preg_hex)$/",$bgdcolor,$chunk) ? array(hexdec($chunk[1]),hexdec($chunk[2]),hexdec($chunk[3])) : array(255,255,255);
	$txtcolors	= preg_match("/^#?($preg_hex)($preg_hex)($preg_hex)$/",$txtcolor,$chunk) ? array(hexdec($chunk[1]),hexdec($chunk[2]),hexdec($chunk[3])) : array(0,0,0);
	
	/**
	*
	* Begin sending headers
	*
	**/
	Header('Content-type: image/png');
	Header('Cache-control: no-cache, no-store');
		
	$gdfontpath = sprintf('GDFONTPATH=%s',realpath(dirname($font)));
	putenv($gdfontpath);
	$font = basename($font);

	/**
	*
	* Create the source image with GD Image
	*
	* @ Allocate colors
	* @ Draw and fill in background color
	* @ Set text parameters and coordinates
	* @ Create temporary files
	* @ Create image (ImageMagick)
	* @ Delete temporary files
	* @ Print image to screen
	* @ Destroy image (free up memory used by image
	* @ Exit
	*
	**/	
	if ( $image = imagecreatetruecolor($width,$height) )
	{
		$bgdcolor	= imagecolorallocate($image,$bgdcolors[0],$bgdcolors[1],$bgdcolors[2]);
		$txtcolor	= imagecolorallocate($image,$txtcolors[0],$txtcolors[1],$txtcolors[2]);
		imagefilledrectangle($image,0,0,$width,$height,$bgdcolor);
		imagettftext($image,$font_size,0,$axisx,$axisy,$txtcolor,$font,$code);
		
		$temp[1] = tempnam($config['cache_directory'],"vma_code_");
		$temp[2] = tempnam($config['cache_directory'],"vma_code_");
		imagepng($image,$temp[1]);
		
		if ( $distortion > 0 )
		{
			$distort = sprintf("-swirl %d",mt_rand(($distortion - ($distortion*2)),$distortion));
	 	}
 		$command = sprintf("%s %s %s %s",$config['convert'],$distort,$temp[1],$temp[2]);
		exec($command);
		$graphic = file_get_contents($temp[2]);
		
		@unlink($temp[1]);
		@unlink($temp[2]);
		
		print ( $graphic );
		imagedestroy($image);
	}
	
	exit;
}

/**
*
* Function: 
*	generate_code ( )
*
* This function returns a random generated
* code for security graphic and/or random
* generated passwords
*
* @param		@integer	$var Generate code for password
* @return	@string	generated code
*
**/
function generate_code($create_password=FALSE)
{
	global $config;
	
	unset($code);
	$chars	= array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',  'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',  'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0');
	$count	= count($chars);
	$round	= round($count / 2);
	
	srand((float) microtime() * 10000000);
	$key = array_rand($chars,$count);

	for ( $i = 0; $i < $count; $i++ )
	{
		$char = str_replace('0','Z',$chars[$key[$i]]);
		$code = !isset($code) ? $char : sprintf("%s%s",$code,$char);
	}
	
	return ( ($create_password ? substr($code,2,$config['min_pass']) : substr($code,$round,6)) );
}

/**
*
* Function: 
*	clean_confirm_table ( )
*
* This function cleans out stale confirm_id's over 5 minutes old
*
* @return	NULL
*
**/
function clean_confirm_table()
{
	global $config,$db;

	$config['confirm_grace'] = 300;
	
	$elapsed_time = $config['current_time'] - $config['confirm_grace'];
	$sql = sprintf("DELETE FROM %s
						WHERE time < '%d'",
						CONFIRM_TABLE,$elapsed_time);

	if ( !$db->sql_query($sql) )
	{
		report_error(GENERAL_ERROR,'Error 27655: '.sprintf(_('Unable to query: %s'),CONFIRM_TABLE),$sql, __FILE__,__LINE__);
	}
	
	return;
}

?>