New File Added: Qmail+Mysql+Vpopmail Password Change Patch v1.0 - Page 2

lucifer · #11 02-25-2009, 07:44 AM

Qmail+Mysql+Vpopmail Password Change Patch v1.1 has been updated!

myrrhh · #12 02-25-2009, 09:44 PM

lucifer,
Thank you so much for your excellent work! The password change for multiple domains works flawlessly with vpopmail. I didn't used the new patch though, just modified the existing code with the code from your earlier posting, changed the db update permissions and voila!!
Thanks again. This is something that I have wanted since I first started using rOundcube.

Lasty did I mention thank you! Excellent Work!
Cheers-
myrrhh

nadir · #13 02-26-2009, 06:42 AM

Who-ho!! i did it. Now my roundcube works with postfix+dovecot.

Just change this line:
$passwordquery = "UPDATE vpopmail.$dom_table SET pw_passwd = '$crypted',pw_clear_passwd='".$new_password."' WHERE pw_name = '$domain[0]';";

to:
$passwordquery = "UPDATE postfix.mailbox SET password = '$crypted' WHERE username = '$domain[0]@$domain[1]' and domain = '$domain[1]';"

postfix version: 2.5.6,1

fritz001 · #14 03-03-2009, 06:23 PM

it might be a good idea to modify password.inc to increase password complexity

something like that

rc_passwd_len
rc_passwd_uppcase_special_chars

to test somehow the password len and if password contains uppercases and special chars

tjm74 · #15 03-06-2009, 02:28 AM

I guess I have an old version of vpopmail, my schema just has one table "vpopmail" but it has a pw_domain column and all users are stored there.

Also, I log in using an alias domain so for this to work it needs to resolve the domain alias. I hacked together a new version of the function rcube_save_password (in program/steps/settings/password.inc) that works in my setup, maybe somebody else will find this useful:

Code:

function rcube_save_password($current_password,$new_password)
{
        global $OUTPUT, $RCMAIL;

        $emailuser=$_SESSION['username'];

        $db = rcmail::get_instance()->get_dbh();

        $crypted = '';
        $cryptedpw = mkpasswd3($new_password,$crypted);

        $domain = split("@",$emailuser);
        $true_domain = $domain[1];
        // resolve any domain aliasing (FIXME I should sanitize the dynamic part of this command)
        $true_domain = exec("/home/vpopmail/bin/vdominfo -n ".$true_domain);

        $dom_table = str_replace(".","_",$true_domain);

        // ONLY CHANGE YOUR vpopmail DATABASE NAME !!!!!

        $passwordquery = "UPDATE vpopmail.vpopmail SET "
            . "pw_passwd = " . $db->quote($crypted) . ","
            . "pw_clear_passwd = " . $db->quote($new_password)
            . " WHERE pw_domain = " . $db->quote($true_domain)
            . " AND pw_name = " . $db->quote($domain[0]) . ";";

        $db->query($passwordquery);

        $_SESSION['password'] = encrypt_password($new_password);

        $OUTPUT->show_message('successfullysaved', 'confirmation');
}

Watch out, I hardcoded the path to vdominfo (not sure how to grok it) and left a somewhat insecure "exec" call in there.

OTOH, the author should really use $db->quote as shown above to prevent SQL injection hacks (unlikely in this case but you never know). But otherwise, nice mod!!! Thanks,

-tom

Unatine · #16 03-26-2009, 09:40 PM

Hi!
Some troubles with this patch (v1.1)
Use latest stable release of RoundCube.

After applying patch (app.js applied manualy), new tab appear in Settings, but when try click on Password tab, nothing happend.

If enter path like this: "?_task=settings&_action=password", password change form appear.

Unatine · #17 03-27-2009, 05:50 AM

Quote:

Originally Posted by Unatine

Hi!
Some troubles with this patch (v1.1)
Use latest stable release of RoundCube.

After applying patch (app.js applied manualy), new tab appear in Settings, but when try click on Password tab, nothing happend.

If enter path like this: "?_task=settings&_action=password", password change form appear.

Solved. Sorry

nadir · #18 04-06-2009, 06:22 PM

hi. i have a same problem too... password tab not works on new stable verion

anybody can give me new patch?
thanks

nadir · #19 04-15-2009, 11:20 AM

Quote:

Originally Posted by Unatine

Solved. Sorry

Hi, how did you fixed it?

alex_time · #20 04-17-2009, 07:01 PM

Quote:

Originally Posted by nadir

Hi, how did you fixed it?

I too would like to know how Unatine has solved the problem with the lastest 0.2.1 version.

Furthermore, I have another, maybe Bigger problem. My mail server is not on the same machine roundcube run, so the Mysql database is not on local host but on the mail server. There is a way to manually specify the host where vpopmail database is, before open the connection to the mysql server?

LinkBacks (?) LinkBack to this Thread: http://www.roundcubeforum.net/7-third-party-contributions/25-old-style-plug-ins/4286-new-file-added-qmail-mysql-vpopmail-password-change-patch-v1-0-a.html
Posted By	For	Type	Date
wheaties.us \|\| Andy and Natasha Wheatley's Blog	This thread	Refback	02-22-2009 08:48 AM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)