<?php

function password_error($cmd, $err) {
	raise_error(array(
		'code' => 600,
		'type' => 'php',
		'file' => __FILE__, 'line' => __LINE__,
		'message' => "Password plugin: Unable to execute $cmd: error $err"
	), true, false);

    return PASSWORD_ERROR;
}

class rcube_sudopasswd_password
{
	public function save($currpass, $newpass)
	{
		$username = $_SESSION['username'];

		// Might not be necessary to sanitise..  The plugin prolly does that already
		$cmd = "/usr/bin/sudo -S -u ".escapeshellarg($username)." /usr/bin/passwd";
		$errlogfile = "/tmp/sudopasswd_log.log"; // Change this to something specific to your installation

		$descriptorSpec = array(
				0 => array("pipe", "r"),
				1 => array("pipe", "w"),
				2 => array("file", $errlogfile, "a")
		);
		$proc = proc_open($cmd, $descriptorSpec, $pipes);

		if (is_resource($proc)) {
				// I reckon it's not necessary to sanitise the input when passed this way
				// And for non-abuse-use, the plugin already checks for correctness..
				fwrite($pipes[0], "$currpass\n$currpass\n$newpass\n$newpass\n");
				fclose($pipes[0]);
				fclose($pipes[1]);
				if (proc_close($proc))
						return password_error($cmd, "could not change pw");

		} else {
				return password_error($cmd, "command execution");
		}

		return PASSWORD_SUCCESS;
	}
}