Fixed #4033 Special characters in email mailbox password

Author: Till Brehm

interface/lib/classes/auth.inc.php

@@ -213,7 +213,10 @@ public function get_random_password($minLength = 8, $special = false) {
 		return str_shuffle($password);
 	}
 
-	public function crypt_password($cleartext_password) {
+	public function crypt_password($cleartext_password, $charset = 'UTF-8') {
+		if($charset != 'UTF-8') {
+			$cleartext_password = mb_convert_encoding($cleartext_password, $charset, 'UTF-8');
+		}
 		$salt="$1$";
 		$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
 		for ($n=0;$n<8;$n++) {

interface/lib/classes/tform_base.inc.php

@@ -901,6 +901,9 @@ function filterField($field_name, $field_value, $filters, $filter_event) {
 				case 'IDNTOUTF8':
 					$returnval = $app->functions->idn_decode($returnval);
 					break;
+				case 'TOLATIN1':
+					$returnval = mb_convert_encoding($returnval, 'ISO-8859-1', 'UTF-8');
+					break;
 				case 'TRIM':
 					$returnval = trim($returnval);
 					break;
@@ -1263,6 +1266,10 @@ protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $
 							} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
 								$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
 								$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
+							} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPTMAIL') {
+								// The password for the mail system needs to be converted to latin1 before it is hashed.
+								$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]),'ISO-8859-1');
+								$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
 							} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
 								$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
 								$record[$key] = $tmp['crypted'];
@@ -1291,6 +1298,10 @@ protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $
 							} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
 								$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
 								$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
+							} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPTMAIL') {
+								// The password for the mail system needs to be converted to latin1 before it is hashed.
+								$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]),'ISO-8859-1');
+								$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
 							} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
 								$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
 								$record[$key] = $tmp['crypted'];

interface/web/mail/form/mail_user.tform.php

@@ -128,7 +128,7 @@
 					'errmsg' => 'weak_password_txt'
 				)
 			),
-			'encryption'=> 'CRYPT',
+			'encryption'=> 'CRYPTMAIL',
 			'default' => '',
 			'value'  => '',
 			'width'  => '30',

interface/web/mail/mail_user_edit.php

@@ -143,7 +143,6 @@ function onSubmit() {
 			if($domain["domain"] != $app->functions->idn_encode($_POST["email_domain"])) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
 		}
 
-
 		//* if its an insert, check that the password is not empty
 		if($this->id == 0 && $_POST["password"] == '') {
 			$app->tform->errorMessage .= $app->tform->lng("error_no_pwd")."<br>";