Author Topic: Change password for virtual users  (Read 17030 times)

Offline xul

  • Newbie
  • *
  • Posts: 2
Change password for virtual users
« on: November 14, 2008, 03:49:50 PM »
Here's an easy modification to the "Roundcube cPanel Addons" by Roger D. Fedor, I modified it to let virtual users change their passwords (without cpanel).

I followed the Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail Guide http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu8.04 to set up a mail server but I wanted RoundCube instead of SquirrelMail. (RoundCube v 0.2 by the way)

Anyway, my rcube_save_password function in password.inc works like this:

function rcube_save_password($current_password,$new_password)
{
	
global 
$OUTPUT$RCMAIL;

	
$db rcmail::get_instance()->get_dbh();
	

	
// change query accordingly
	
$query "UPDATE mail.users SET password = ENCRYPT(".$new_password.") WHERE email = ".$_SESSION['username'].";";
	

	
$db->query($query);
	

	
$_SESSION['password'] = encrypt_password($new_password);

	
$OUTPUT->show_message('successfullysaved''confirmation');
	

}


Hope it works for you as well.
« Last Edit: November 14, 2008, 04:00:29 PM by xul »

Offline franco

  • Newbie
  • *
  • Posts: 1
Change password for virtual users
« Reply #1 on: November 26, 2008, 08:29:04 AM »
Tell me please, where can i found this "password.inc"  in standart instalation of RC v 0.2?
I have qmail+vpopmail+mysql. How is this script for my configuration?
Thank you.

Offline xul

  • Newbie
  • *
  • Posts: 2
Change password for virtual users
« Reply #2 on: November 27, 2008, 11:46:53 PM »
Hello.

The original password.inc I used is on a file is on the "Roundcube cPanel Addons" by Roger D. Fedor discussion on this forum. You can download the files from that post

I'm not sure about your configuration because I've never used it, but it should work as long as you have your users login and password information stored in a mysql table.

Offline Philippe Leroy

  • Newbie
  • *
  • Posts: 1
Change password for virtual user version 0.2-beta
« Reply #3 on: November 28, 2008, 04:32:52 AM »
Hello,

I don't know if you still need a patch for password change but I've written one for Rouncube version 0.2-beta (the last one at this date).

You can find how to install it at :
Extension Roundcube Modification du mot de passe email. - Le Blog de Philippe

It is in french but I think you will be able to see the files to be changed.

Philippe
Edit/Delete Message

Offline FleetCommand

  • Newbie
  • *
  • Posts: 2
Change password for virtual users
« Reply #4 on: December 04, 2008, 08:40:11 AM »
Quote from: Philippe Leroy;15480
Hello,

...
You can find how to install it at :
Extension Roundcube Modification du mot de passe email. - Le Blog de Philippe

It is in french but I think you will be able to see the files to be changed.

Philippe
Edit/Delete Message


Hello Philippe,

I've applied your patches according the description, but I have two problems..

First, my index.php totally differ from the one you've described. So I did the following modification to index.php:
Code: [Select]

  'settings' => array(
    'folders'       => 'manage_folders.inc',
    'create-folder' => 'manage_folders.inc',
    'rename-folder' => 'manage_folders.inc',
    'delete-folder' => 'manage_folders.inc',
    'subscribe'     => 'manage_folders.inc',
    'unsubscribe'   => 'manage_folders.inc',
    'add-identity'  => 'edit_identity.inc',
    'passwd'        => 'passwd.inc',
    'save-passwd'   => 'passwd.inc',
  )
);


The remaining files were modified by following your tutorial. The first problem is that when I go to Settings, the tab "Password" appears fine, but I can't click on it. However when I enter ..&_action=passwd in the url bar, it correctly takes me to the password changing tab.

The other problem is that whenever I try to change my password, it tells me "Wrong original password" and I have no idea, why.

Actually, I have some, just can't fix on my own :)

The SQL for getting old pass is the following:
Code: [Select]
$DB->query('select password from mail.users where email=\''.$emailuser.'\'');

This SQL must be correct, since I have put $row['password'] to the page title for testing purposes and it selects the correct encoded password.

However if ($actualCryptedPassword != $row['password']) will alway be false since the passwords in the database are encoded to be 13 characters long somehow, but the generated actualCryptedPassword is much more longer.

How could I fix it? Btw I also think that for the same reaon, the update sql query also will be wrong, since set password=\''.md5($newpassword).'\' will do some wrong thing.. probably it will be password = ENCRYPT(".$new_password.") as described here, however this doesn't helps me since that post doesn't descibe how to fix password verification.

Can you help me? :)

Offline wheaties82

  • Jr. Member
  • **
  • Posts: 11
Change password for virtual users
« Reply #5 on: December 17, 2008, 11:31:17 PM »
Quote from: xul;15259
Here's an easy modification to the "Roundcube cPanel Addons" by Roger D. Fedor, I modified it to let virtual users change their passwords (without cpanel).

I followed the Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail Guide http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu8.04 to set up a mail server but I wanted RoundCube instead of SquirrelMail. (RoundCube v 0.2 by the way)

Anyway, my rcube_save_password function in password.inc works like this:

function rcube_save_password($current_password,$new_password)
{
	
global 
$OUTPUT$RCMAIL;

	
$db rcmail::get_instance()->get_dbh();
	

	
// change query accordingly
	
$query "UPDATE mail.users SET password = ENCRYPT(".$new_password.") WHERE email = ".$_SESSION['username'].";";
	

	
$db->query($query);
	

	
$_SESSION['password'] = encrypt_password($new_password);

	
$OUTPUT->show_message('successfullysaved''confirmation');
	

}


Hope it works for you as well.



xul

Thanks for making this mod !!  This is a exactly what I was looking for.  I have almost got it working, but I am running into an error that has stumped me, maybe you can give me a pointer or two?

I copied your rcube_save_password function verbatim, but in my error logs I am getting a syntax error.  I followed the same virtual domain setup as you did -- so my db has the same name and tables.  Here is the output of the roundcube log file:

[17-Dec-2008 21:42:40] MDB2 Error: syntax error (-2): _doQuery: [Error message: Could not execute statement]
[Last executed query: UPDATE mail.users SET password = ENCRYPT(12345678) WHERE email = tester@domain.com;]
[Native code: 1064]
[Native message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@domain.com' at line 1]

[17-Dec-2008 21:42:40 -0600] DB Error: MDB2 Error: syntax error Query: _doQuery: [Error message: Could not execute statement] [Last executed query: UPDATE mail.users SET password = ENCRYPT(12345678) WHERE email = tester@domain.com;] [Native code: 1064] [Native message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@domain.com' at line 1]  in /var/www/domain/webmail/program/include/rcube_mdb2.php on line 533 (POST /?_task=settings&_action=save-password)

Any ideas how the syntax is failing in the update statement?  I have tried moving things around a bit, but still no luck . . .

Offline wheaties82

  • Jr. Member
  • **
  • Posts: 11
Change password tutorial
« Reply #6 on: December 21, 2008, 07:11:12 PM »
FYI - I have put together a tutorial on my site about how to change email password for virtual users with multiple email domains.  

Props goes to Nemesis02 and xul for the code snippets. :)

Change Roundcube Password