Pretty "Change Password" patch/module for v0.1RC1(07-7-3), +cPanel, +md5

[SKaero]

Wow nice update, thanks!

[Bononi]

Very very good IQplay!! Congratulations....

[GunFro]

.......................

[bschneider]

Hi Everyone! First port here. Hopefuly this will benefit alot of people. And by the way, thank you so much for this Roundcube project. I just love the interface.

Here is what needs to be changed and modified to get the change password patch from IQPlay to work with courierpassd on port 106 for those of us that does not use cPanel or MySql with IMAP. This works with Qmail and vpopmail. Perhaps IQPlay can add it to his patch? I just did what was suggested and use the Squirrelmail plugin and modify it to work with RoundCube.


Here is the modified code for db.inc.php. There are basically two lines that were added, the last two; the first was the IP address of your IMAP/POP server and the other is the port your server is listening on, this is usually 106. Then you'll see another option to add, which is 'change_pwd_for_poppass'.

Code: [Select]

// The 'change_pwd_proc' can be 'change_pwd_for_db' or 'change_pwd_for_cpanel' or 'change_pwd_for_poppass' now,
// If 'change_pwd_for_cpanel' is selected, the value of 'db_imap_xxxxxx' is omitted
$rcmail_config['change_pwd_proc'] = 'change_pwd_for_poppass';
$rcmail_config['db_imap_dsn'] = 'mysql://ic_webmail:roundcube@localhost/roundcube';
$rcmail_config['db_imap_users_table'] = 'accountuser';
$rcmail_config['db_imap_user_field'] = 'username';
$rcmail_config['db_imap_passwd_field'] = 'password';
$rcmail_config['db_imap_passwd_type'] = '';  // '' (Plaintext), 'PASSWORD', 'MD5CRYPT', or 'ENCRYPT'
$rcmail_config['poppass_server'] = 'xxx.xxx.xxx.xxx';
$rcmail_config['poppass_port'] = '106';

Next you'll need to add three functions to the passwd.inc file. The first section is the actual code to change the password. You'll want to add it just after the function change_pwd_for_db section but before 'you may not change the code below' lines

Code: [Select]

function change_pwd_for_poppass($curpasswd, $newpasswd)
{
  global $username, $CONFIG;

  $poppass_server = $CONFIG['poppass_server'];
  $poppass_port = $CONFIG['poppass_port'];

  $pop_socket = fsockopen($poppass_server, $poppass_port);
  if (!$pop_socket) {
     return FALSE;
  }

  change_pass_readfb($pop_socket, $result);
  if(!preg_match('/^2\d\d/', $result) ) {
    change_pass_closeport($pop_socket);
     return FALSE;
  }

  fputs($pop_socket, "user $username\r\n");
  change_pass_readfb($pop_socket, $result);
  if(!preg_match('/^[23]\d\d/', $result) ) {
    change_pass_closeport($pop_socket);
    return FASLSE;
  }

  fputs($pop_socket, "pass $curpasswd\r\n");
  change_pass_readfb($pop_socket, $result);
  if(!preg_match('/^[23]\d\d/', $result) ) {
    change_pass_closeport($pop_socket);
    return FALSE;
  }

  fputs($pop_socket, "newpass $newpasswd\r\n");
  change_pass_readfb($pop_socket, $result);
  change_pass_closeport($pop_socket);
  if(!preg_match('/^2\d\d/', $result) ) {
     return FALSE;
  }


  return TRUE;
}

Then add the following two function code to the end of the file just above //add some labels to client

Code: [Select]

function change_pass_closeport($pop_socket, &$messages) {
  if ($debug) {
    array_push($messages, _("Closing Connection"));
  }
  fputs($pop_socket, "quit\r\n");
  fclose($pop_socket);
}

function change_pass_readfb($pop_socket, &$result, &$messages) {
 $strResp = '';
 $result = '';

 if (!feof($pop_socket)) {
   $strResp = fgets($pop_socket, 1024);
   $result = substr(trim($strResp), 0, 3); // 200, 500
   if(!preg_match('/^[23]\d\d/', $result) || $debug) {
     $messages[] = "--> $strResp";
   }
 }
}

That's it. Simple as that.

Bryan

[Julien PHAM]

This thing seems wonderful, but my passwords are unix passwords, stored in the .passwd stuff I think, as I use postfix, dovecot and cyrus-sasl... so is it possible to make this patch works for this kind of server?

Thanks

[yavor]

Does anyone get a blank screen after the patch?
Also in my error log there is a message:

Code: [Select]

PHP Fatal error: Call to undefined function: mcrypt_module_open() in /var/www/mydomain/rc/program/include/main.inc on line 790
How does the function's code looks like and can I define it by myself?
Please, help?

[tom28]

Does anyone get a blank screen after the patch?
Also in my error log there is a message:

Code: [Select]

PHP Fatal error: Call to undefined function: mcrypt_module_open() in /var/www/mydomain/rc/program/include/main.inc on line 790
How does the function's code looks like and can I define it by myself?
Please, help?

I also had the same problem, solved the issue by installing libmcrypt.
Thanks
Thomas

[yavor]

Yes, I've installed the php4-mcrypt module and the blank screen disappeared. But after that another issue has raised. I see the "change password" tab in the settings, but when I try to change it, it says "an error occured while saving". In the error log there is a message:

Code: [Select]

[27-Sep-2007 09:52:17 +0300] DB Error: DB Error: no such table Query: UPDATE email SET p_crypt = ENCRYPT('asd') WHERE local_part='*****' OR (local_part='*****' AND domain_name = '') [nativecode=1146 ** Table 'rc.email' doesn't exist] in /var/www/plov.net/rc/program/include/rcube_db.inc on line 505
It seems the script is trying to update a table rc.email which is actually email. I don't know why is this rc.-prefix.
Any ideas? Thanks in advance!

[tom28]

Yes, I've installed the php4-mcrypt module and the blank screen disappeared. But after that another issue has raised. I see the "change password" tab in the settings, but when I try to change it, it says "an error occured while saving". In the error log there is a message:

Code: [Select]

[27-Sep-2007 09:52:17 +0300] DB Error: DB Error: no such table Query: UPDATE email SET p_crypt = ENCRYPT('asd') WHERE local_part='*****' OR (local_part='*****' AND domain_name = '') [nativecode=1146 ** Table 'rc.email' doesn't exist] in /var/www/plov.net/rc/program/include/rcube_db.inc on line 505
It seems the script is trying to update a table rc.email which is actually email. I don't know why is this rc.-prefix.
Any ideas? Thanks in advance!

Open you db.inc.php and goto last section displayed as
// The 'change_pwd_proc' can be 'change_pwd_for_db' or 'change_pwd_for_cpanel' now,
// If 'change_pwd_for_cpanel' is selected, the value of 'db_imap_xxxxxx' is omitted

and configure this according to your mail server/IMAP tables

Thanks
Thomas

[yavor]

I did it already, but somewhere in the code something append this rc. prefix.
Here is my db.inc.php part you are talking about:

Code: [Select]

// The 'change_pwd_proc' can be 'change_pwd_for_db' or 'change_pwd_for_cpanel' now,
// If 'change_pwd_for_cpanel' is selected, the value of 'db_imap_xxxxxx' is omitted
$rcmail_config['change_pwd_proc'] = 'change_pwd_for_db';
$rcmail_config['db_imap_dsn'] = 'mysql://user:pass@localhost/rc';
$rcmail_config['db_imap_users_table'] = 'email';
$rcmail_config['db_imap_user_field'] = 'local_part';
$rcmail_config['db_imap_passwd_field'] = 'p_crypt';
$rcmail_config['db_imap_passwd_type'] = 'ENCRYPT';  // '' (Plaintext), 'PASSWORD', 'MD5CRYPT', or 'ENCRYPT'

// end db config file

Hopefully it will helps.

[driggs]

Using the RC1 version, I had to edit 'program/steps/settings/passwd.inc' to remove the hard-coded column name "domain_name" from the SQL query. This should either be removed entirely, or placed into the db config. My users' user names are their full email addresses, so the extra "or" clause wasn't needed at all.

After making this small change to the SQL query, the patch works great, and all my users are able to change their own passwords (Postfix / MySQL virtual users).

Thanks!

[ami]

dear all,

i have postfix and rouncube installed, but when i test with roundcubemail-0.1-rc1-dep-pw1.tar.gz, there are some problem, in the last my finding was like this:

[Thu Nov 01 09:46:46 2007] [error] [client 202.155.6.225] PHP Notice: DB Error: mismatch Query: UPDATE mailbox SET password =  WHERE username =  [DB Error: mismatch] in /usr/local/apache2/htdocs/tes/program/include/bugs.inc on line 80, referer:


that error shows after i remove the lines in program/steps/settings/passwd.inc, the goal is to remove the domain_name

before:
 $sqlset = "UPDATE " . $CONFIG['db_imap_users_table'] . " SET " . $CONFIG['db_imap_passwd_field'] . " = " . $sqlset .
    " WHERE " . $CONFIG['db_imap_user_field'] . "=? OR (" . $CONFIG['db_imap_user_field'] . "=? AND domain_name = '
')";


after:
  $sqlset = "UPDATE " . $CONFIG['db_imap_users_table'] . " SET " . $CONFIG['db_imap_passwd_field'] . " = " . $sqlset .
    " WHERE " . $CONFIG['db_imap_user_field'] . " =? " ;


also my db.inc was like this (using table "mailbox" in postfixadmin)
$rcmail_config['change_pwd_proc'] = 'change_pwd_for_db';
$rcmail_config['db_imap_dsn'] = 'mysql://postfix:xxxxxxxxx@localhost/postfix';
$rcmail_config['db_imap_users_table'] = 'mailbox';
$rcmail_config['db_imap_user_field'] = 'username';
$rcmail_config['db_imap_passwd_field'] = 'password';
$rcmail_config['db_imap_passwd_type'] = 'MD5CRYPT'; // '(Plaintext)', 'PASSWORD', 'MD5CRYPT', or 'ENCRYPT'


anyone can help me about this error?

rgrds,

ami

[driggs]

that error shows after i remove the lines in program/steps/settings/passwd.inc, the goal is to remove the domain_name

I believe that you must also remove it from the query in program/steps/settings/func.inc.

[ami]

hi driggs,

thanks for the info, but i didn't find the domain_name as u comment. in that file i just find the lines like this:

// get user record
$sql_result = $DB->query("SELECT username, mail_host FROM ".get_table_name('users')."
             WHERE user_id=?",
             $_SESSION['user_id']);

if ($USER_DATA = $DB->fetch_assoc($sql_result))
 $OUTPUT->set_pagetitle(sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username'], $USER_DATA['mail_host']));

and i modified the query into like this:
// get user record
$sql_result = $DB->query("SELECT username WHERE user_id=?", $_SESSION['user_id']);

if ($USER_DATA = $DB->fetch_assoc($sql_result))
 $OUTPUT->set_pagetitle(sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username']));

after that, i change the password but still error like this:
[Mon Nov 05 11:15:58 2007] [error] [client 202.155.6.225] PHP Notice: DB Error: syntax error Query: SELECT username WHERE user_id='3' [nativecode=1064 ** You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE user_id='3'' at line 1] in /usr/local/apache2/htdocs/tes/program/include/bugs.inc on line 80,

[Mon Nov 05 11:15:58 2007] [error] [client 202.155.6.225] PHP Notice: DB Error: mismatch Query: UPDATE mailbox SET password =  WHERE username =  [DB Error: mismatch] in /usr/local/apache2/htdocs/tes/program/include/bugs.inc on line 80,


fyi, my round cube db :
mysql> show tables;
+----------------+
| Tables_in_cube |
+----------------+
| cache     |
| contacts    |
| identities   |
| messages    |
| session    |
| users     |
+----------------+

mysql> desc users;
+-------------+------------------+------+-----+---------------------+----------------+
| Field    | Type       | Null | Key | Default       | Extra     |
+-------------+------------------+------+-----+---------------------+----------------+
| user_id   | int(10) unsigned | NO  | PRI | NULL        | auto_increment |
| username  | varchar(128)   | NO  |   |           |        |
| mail_host  | varchar(128)   | NO  |   |           |        |
| alias    | varchar(128)   | NO  |   |           |        |
| created   | datetime     | NO  |   | 0000-00-00 00:00:00 |        |
| last_login | datetime     | NO  |   | 0000-00-00 00:00:00 |        |
| language  | varchar(5)    | NO  |   | en         |        |
| preferences | text       | NO  |   |           |        |
+-------------+------------------+------+-----+---------------------+----------------+


the query seems not match, even i was remove the mail_host (may be i was wrong). is there anything that i can do much?

regards,

ami

[rockwilda]

Is there a working version of this patch for RC 0.1 stable?