Pretty "Change Password" patch/module for v0.1RC1(07-7-3), +cPanel, +md5

[ufocek]

Hi all

Today I find this patch and install , it's work wery vell , but I have question about password encryption
I use postfixadmin and when I add user his encrypted password like this:
$1$d1X891Cx$LGqdWmPk/mUEt5f5JHYhW. = test123
Now If change password with RC ,his encrypted password like Z15Vz.eugYaj2 , because I use "encrypt" options
but in postfixadmin i use "md5crypt", it's possibly add this options to this patch ?

[Heritz]

Can I do any modification to this script to update the passwords stored in shadow files?

My EXIM is configured to store the passwords in shadow files. What can I do about it?

[kmikze]

Hello,

when trying to change my passwd, i got this error:
DB Error: DB Error: no such field Query: UPDATE users SET password = ENCRYPT('test') WHERE email='kmikze@fragtime.net' OR (email='kmikze@fragtime.net' AND domain_name = '') [nativecode=1054 ** Unknown column 'domain_name' in 'where clause'] in /var/www/www-root/roundcubemail/program/include/rcube_db.inc on line 479

Using RC beta2 already patch.
here's my SQL users table:
+----------+-------------+------+-----+------------+-------+---------------------------------+
| Field  | Type    | Null | Key | Default  | Extra | Privileges           |
+----------+-------------+------+-----+------------+-------+---------------------------------+
| email  | varchar(80) |   | PRI |      |    | select,insert,update,references |
| password | varchar(20) |   |   |      |    | select,insert,update,references |
| quota  | int(10)   | YES |   | 1073741824 |    | select,insert,update,references |
+----------+-------------+------+-----+------------+-------+---------------------------------+

and my RC db.inc.php for changing password:
//Chagement de mot de passe:
$rcmail_config['db_imap_dsn'] = 'mysql://*****:*****@localhost/mail';
$rcmail_config['db_imap_users_table'] = 'users';
$rcmail_config['db_imap_user_field'] = 'email';
$rcmail_config['db_imap_passwd_field'] = 'password';
$rcmail_config['db_imap_passwd_type'] = 'ENCRYPT';       // ''-- for Plaintext, 'ENCRYPT', 'PASSWORD'


Any idea ??
thanks for your help

[jeeth]

Thanks For posting this, It will be a good tool!

I have chaged the function rcmail_save_passwd() in file program/steps/settings/passwd.inc , which now can accept the imap password change through the port 106, let me know if it is usefull.

Thanks
jeeth
-----------------------------------------------------------------
function rcmail_save_passwd($new_pw){
 global $CONFIG, $_SESSION;
 $poppassd_server = "localhost"; //imap server address

 $old_pw = decrypt_passwd($_SESSION['password']);
 $username = $_SESSION['username'];

 $pop_socket = fsockopen($poppassd_server, 106, $errno, $errstr);
  if (!$pop_socket) {
    $messages[] = _("ERROR") . ': ' . "$errstr ($errno)";
    return FALSE;
    return $messages;
  }

  cpw_poppassd_readfb($pop_socket, $result, $messages, $debug);
  if(!preg_match('/^2\d\d/', $result) ) {
    cpw_poppassd_closeport($pop_socket, $messages, $debug);
    return FALSE;
    return $messages;
  }

  fputs($pop_socket, "user $username\r\n");
  cpw_poppassd_readfb($pop_socket, $result, $messages, $debug);
  if(!preg_match('/^[23]\d\d/', $result) ) {
    cpw_poppassd_closeport($pop_socket, $messages, $debug);
    return FALSE;
    return $messages;
  }


 fputs($pop_socket, "pass $old_pw\r\n");
  cpw_poppassd_readfb($pop_socket, $result, $messages, $debug);
  if(!preg_match('/^[23]\d\d/', $result) ) {
    cpw_poppassd_closeport($pop_socket, $messages, $debug);
    return FALSE;
    return $messages;
  }
 fputs($pop_socket, "newpass $new_pw\r\n");
  cpw_poppassd_readfb($pop_socket, $result, $messages, $debug);
  cpw_poppassd_closeport($pop_socket, $messages, $debug);
   $_SESSION['password'] = encrypt_passwd($new_pw);
  if(!preg_match('/^2\d\d/', $result) ) {
    return FALSE;
    return $messages;
  }

  return TRUE;

}

[oslad]

Hello,

when trying to change my passwd, i got this error:
DB Error: DB Error: no such field Query: UPDATE users SET password = ENCRYPT('test') WHERE email='kmikze@fragtime.net' OR (email='kmikze@fragtime.net' AND domain_name = '') [nativecode=1054 ** Unknown column 'domain_name' in 'where clause'] in /var/www/www-root/roundcubemail/program/include/rcube_db.inc on line 479

Using RC beta2 already patch.
here's my SQL users table:
+----------+-------------+------+-----+------------+-------+---------------------------------+
| Field  | Type    | Null | Key | Default  | Extra | Privileges           |
+----------+-------------+------+-----+------------+-------+---------------------------------+
| email  | varchar(80) |   | PRI |      |    | select,insert,update,references |
| password | varchar(20) |   |   |      |    | select,insert,update,references |
| quota  | int(10)   | YES |   | 1073741824 |    | select,insert,update,references |
+----------+-------------+------+-----+------------+-------+---------------------------------+

sorry for the long delay!

you can modify "program/steps/settings/passwd.inc" file:
change:

Code: [Select]

$IMAPDB->query("UPDATE " . $CONFIG['db_imap_users_table'] .
             " SET " . $CONFIG['db_imap_passwd_field'] . " = " . $CONFIG['db_imap_passwd_type'] . "(?)" .
       " WHERE " . $CONFIG['db_imap_user_field'] . "=? OR (" . $CONFIG['db_imap_user_field'] . "=? AND domain_name = '')",
       $newpasswd, $_SESSION['username'], $_SESSION['username']);
to:

Code: [Select]

$IMAPDB->query("UPDATE " . $CONFIG['db_imap_users_table'] .
             " SET " . $CONFIG['db_imap_passwd_field'] . " = " . $CONFIG['db_imap_passwd_type'] . "(?)" .
       " WHERE " . $CONFIG['db_imap_user_field'] . "=?", $newpasswd, $_SESSION['username']);

OR add a field "domain_name" to your users table.

[oslad]

Thanks for your work! jeeth.

Code: [Select]

which now can accept the imap password change through the port 106
It's POP/IMAP, not only IMAP

Code: [Select]

let me know if it is usefull.at least, it is not work for me now. i've found your code is from SquirrelMail directly, but some function's define is missing.

i'll try to port it for next release of RoundCube mail, so this patch can change password for most IMAP/POP mail server.

THANK YOU, JEETH!

[kmikze]

sorry for the long delay!

you can modify "program/steps/settings/passwd.inc" file:
change:

Code: [Select]

$IMAPDB->query("UPDATE " . $CONFIG['db_imap_users_table'] .
             " SET " . $CONFIG['db_imap_passwd_field'] . " = " . $CONFIG['db_imap_passwd_type'] . "(?)" .
       " WHERE " . $CONFIG['db_imap_user_field'] . "=? OR (" . $CONFIG['db_imap_user_field'] . "=? AND domain_name = '')",
       $newpasswd, $_SESSION['username'], $_SESSION['username']);
to:

Code: [Select]

$IMAPDB->query("UPDATE " . $CONFIG['db_imap_users_table'] .
             " SET " . $CONFIG['db_imap_passwd_field'] . " = " . $CONFIG['db_imap_passwd_type'] . "(?)" .
       " WHERE " . $CONFIG['db_imap_user_field'] . "=?", $newpasswd, $_SESSION['username']);

OR add a field "domain_name" to your users table.

Thanks a lot, i've just added domain_name field in users table. Working fine !

[awmartin]

Thanks For posting this, It will be a good tool!

I have chaged the function rcmail_save_passwd() in file program/steps/settings/passwd.inc , which now can accept the imap password change through the port 106, let me know if it is usefull.

Thanks
jeeth
-----------------------------------------------------------------
function rcmail_save_passwd($new_pw){
 global $CONFIG, $_SESSION;
 $poppassd_server = "localhost"; //imap server address

 $old_pw = decrypt_passwd($_SESSION['password']);
 $username = $_SESSION['username'];

 $pop_socket = fsockopen($poppassd_server, 106, $errno, $errstr);
  if (!$pop_socket) {
    $messages[] = _("ERROR") . ': ' . "$errstr ($errno)";
    return FALSE;
    return $messages;
  }

  cpw_poppassd_readfb($pop_socket, $result, $messages, $debug);
  if(!preg_match('/^2\d\d/', $result) ) {
    cpw_poppassd_closeport($pop_socket, $messages, $debug);
    return FALSE;
    return $messages;
  }

  fputs($pop_socket, "user $username\r\n");
  cpw_poppassd_readfb($pop_socket, $result, $messages, $debug);
  if(!preg_match('/^[23]\d\d/', $result) ) {
    cpw_poppassd_closeport($pop_socket, $messages, $debug);
    return FALSE;
    return $messages;
  }


 fputs($pop_socket, "pass $old_pw\r\n");
  cpw_poppassd_readfb($pop_socket, $result, $messages, $debug);
  if(!preg_match('/^[23]\d\d/', $result) ) {
    cpw_poppassd_closeport($pop_socket, $messages, $debug);
    return FALSE;
    return $messages;
  }
 fputs($pop_socket, "newpass $new_pw\r\n");
  cpw_poppassd_readfb($pop_socket, $result, $messages, $debug);
  cpw_poppassd_closeport($pop_socket, $messages, $debug);
   $_SESSION['password'] = encrypt_passwd($new_pw);
  if(!preg_match('/^2\d\d/', $result) ) {
    return FALSE;
    return $messages;
  }

  return TRUE;

}

After I applied this to the Patch it just gives me a blank screen when I submit the new password change. I checked in the errors log file and it shows this:

[19-Oct-2006 09:15:17] PHP Fatal error: Call to undefined function: cpw_poppassd_readfb() in /mail/program/steps/settings/passwd.inc on line 34

I would assume that I would need to define that function, but I'm not sure exactly where i need to define it.

Any Ideas???

[jnorth]

After I applied this to the Patch it just gives me a blank screen when I submit the new password change. I checked in the errors log file and it shows this:

[19-Oct-2006 09:15:17] PHP Fatal error: Call to undefined function: cpw_poppassd_readfb() in /mail/program/steps/settings/passwd.inc on line 34

I would assume that I would need to define that function, but I'm not sure exactly where i need to define it.

Any Ideas???

I would really like to use the MySQL version of this but my hosting setup (VHCS2.4.7.1) uses its own table and request engine to change passwords, and it's a bit hard (for me) to rewrite the passwd.inc function to work with its tables.

So - I'm attempting to use the poppassd daemon as described here. I had the same error as awmartin initially, so I found that adding this to the passwd.inc file, just above the rcmail_save_passwd function, took care of the missing functions:

Code: [Select]

function cpw_poppassd_readfb($pop_socket, &$result, &$messages, $debug = 0) {
  $strResp = '';
  $result = '';

  if (!feof($pop_socket)) {
   $strResp = fgets($pop_socket, 1024);
   $result = substr(trim($strResp), 0, 3); // 200, 500
   if(!preg_match('/^[23]\d\d/', $result) || $debug) {
     $messages[] = "--> $strResp";
   }
  }
}

function cpw_poppassd_closeport($pop_socket, &$messages, $debug = 0) {
  if ($debug) {
    array_push($messages, _("Closing Connection"));
  }
  fputs($pop_socket, "quit\r\n");
  fclose($pop_socket);
}
Now - I'm back to the "Error occurred while saving" error and I can;t find any entries in log files to help me figure out what the error is.

Help?

[jnorth]

OK, I think I can help now -

I'm getting an 'incorrect old password' error in my logs now. So, trying to run telnet localhost 106 on my server, entering "user josh@domain.com", waiting, then "pass oldpassword" - I still get the error.

So - it seems as if once you get the functions in place it would work. Except I am using virtual users for email accounts, so I don't think (from what I can find) that poppassd will work with them.

Please let me know if I am incorrect!

[diego]

Hi

I modify passwd.inc to support md5crypt password (like postfixadmin).

program/steps/settings/passwd.inc
find

Code: [Select]

function rcmail_save_passwd($newpasswd)
 {
 global $CONFIG, $_SESSION;
append

Code: [Select]

  if($CONFIG['db_imap_passwd_type'] == 'crypt'){
  $newpasswd = crypt($newpasswd);
$sqlset = "(?)";
  }else{
$sqlset = $CONFIG['db_imap_passwd_type'] . "(?)";
  }

find

Code: [Select]

" SET " . $CONFIG['db_imap_passwd_field'] . " = " . $CONFIG['db_imap_passwd_type'] . "(?)" .
replace with

Code: [Select]

" SET " . $CONFIG['db_imap_passwd_field'] . " = " . $sqlset .

now the crypt settings in config/db.inc.php
find

Code: [Select]

$rcmail_config['db_imap_passwd_type'] = ''; // ''(Plaintext) or 'ENCRYPT', 'PASSWORD'replace with

Code: [Select]

$rcmail_config['db_imap_passwd_type'] = 'crypt'; // ''(Plaintext), 'ENCRYPT', 'PASSWORD', 'crypt'(md5crypt)
I know, it is a dirty code, but it works and I'm not a programmer

[psenechal]

Need a little help if someone has experience applying this patch to hMail.

I downloaded the patched version of RoundCube and added my IMAP database settings to the db.inc.php file. I can login and everything works fine. When I go to the password screen and change my password, it says the action completed successfully, but the password has not been changed.

I've been trying to track down the problem and the only thing I can think of is that the hMail database field for username is actually username@domain.com not just username.

Does this patch anticipate that, or do I need to add something so it looks for the right entry in the hMail table?

Anyone have success applying this to hMail and did you need to change anything to make it work?

Thanks for the help

[toto99x]

This sounds good, but I'm pretty paranoid about something going wrong, so...

Could someone clarify whether this patch changes the password at the OS level, or is it a db thing? 'Cos my users are all in /etc/passwd. Does this change the UNIX password, à la passwd ?

Thanks.

[daashag]

Here's the patch you want to change shadow passwords.

http://roundcubeforum.net/forum/index.php?topic=551.0

[oslad]

Need a little help if someone has experience applying this patch to hMail.
.......
I've been trying to track down the problem and the only thing I can think of is that the hMail database field for username is actually username@domain.com not just username.

you can modify the SQL update clause
See: http://roundcubeforum.net/forum/index.php?topic=42.msg3213#msg3213