Thread: New File Added: Qmail+Mysql+Vpopmail Password Change Patch v1.0

lucifer,
Thank you so much for your excellent work! The password change for multiple domains works flawlessly with vpopmail. I didn't used the new patch though, just modified the existing code with the code from your earlier posting, changed the db update permissions and voila!!
Thanks again. This is something that I have wanted since I first started using rOundcube.

Lasty did I mention thank you! Excellent Work!
Cheers-
myrrhh

Who-ho!! i did it. Now my roundcube works with postfix+dovecot.
Just change this line:
$passwordquery = "UPDATE vpopmail.$dom_table SET pw_passwd = '$crypted',pw_clear_passwd='".$new_password."' WHERE pw_name = '$domain[0]';";

to:
$passwordquery = "UPDATE postfix.mailbox SET password = '$crypted' WHERE username = '$domain[0]@$domain[1]' and domain = '$domain[1]';"

postfix version: 2.5.6,1

it might be a good idea to modify password.inc to increase password complexity

something like that

rc_passwd_len
rc_passwd_uppcase_special_chars

to test somehow the password len and if password contains uppercases and special chars

I guess I have an old version of vpopmail, my schema just has one table "vpopmail" but it has a pw_domain column and all users are stored there.

Also, I log in using an alias domain so for this to work it needs to resolve the domain alias. I hacked together a new version of the function rcube_save_password (in program/steps/settings/password.inc) that works in my setup, maybe somebody else will find this useful:

Code:

function rcube_save_password($current_password,$new_password)
{
        global $OUTPUT, $RCMAIL;

        $emailuser=$_SESSION['username'];

        $db = rcmail::get_instance()->get_dbh();

        $crypted = '';
        $cryptedpw = mkpasswd3($new_password,$crypted);

        $domain = split("@",$emailuser);
        $true_domain = $domain[1];
        // resolve any domain aliasing (FIXME I should sanitize the dynamic part of this command)
        $true_domain = exec("/home/vpopmail/bin/vdominfo -n ".$true_domain);

        $dom_table = str_replace(".","_",$true_domain);

        // ONLY CHANGE YOUR vpopmail DATABASE NAME !!!!!

        $passwordquery = "UPDATE vpopmail.vpopmail SET "
            . "pw_passwd = " . $db->quote($crypted) . ","
            . "pw_clear_passwd = " . $db->quote($new_password)
            . " WHERE pw_domain = " . $db->quote($true_domain)
            . " AND pw_name = " . $db->quote($domain[0]) . ";";

        $db->query($passwordquery);

        $_SESSION['password'] = encrypt_password($new_password);

        $OUTPUT->show_message('successfullysaved', 'confirmation');
}

Watch out, I hardcoded the path to vdominfo (not sure how to grok it) and left a somewhat insecure "exec" call in there.

OTOH, the author should really use $db->quote as shown above to prevent SQL injection hacks (unlikely in this case but you never know). But otherwise, nice mod!!! Thanks,

-tom

Hi!
Some troubles with this patch (v1.1)
Use latest stable release of RoundCube.

After applying patch (app.js applied manualy), new tab appear in Settings, but when try click on Password tab, nothing happend.

If enter path like this: "?_task=settings&_action=password", password change form appear.

Originally Posted by Unatine

Hi!
Some troubles with this patch (v1.1)
Use latest stable release of RoundCube.

After applying patch (app.js applied manualy), new tab appear in Settings, but when try click on Password tab, nothing happend.

If enter path like this: "?_task=settings&_action=password", password change form appear.

Solved. Sorry

hi. i have a same problem too... password tab not works on new stable verion
anybody can give me new patch?
thanks

Originally Posted by Unatine

Solved. Sorry

Hi, how did you fixed it?

Originally Posted by nadir

Hi, how did you fixed it?

I too would like to know how Unatine has solved the problem with the lastest 0.2.1 version.

Furthermore, I have another, maybe Bigger problem. My mail server is not on the same machine roundcube run, so the Mysql database is not on local host but on the mail server. There is a way to manually specify the host where vpopmail database is, before open the connection to the mysql server?