I guess I have an old version of vpopmail, my schema just has one table "vpopmail" but it has a pw_domain column and all users are stored there.
Also, I log in using an alias domain so for this to work it needs to resolve the domain alias. I hacked together a new version of the function rcube_save_password (in program/steps/settings/password.inc) that works in my setup, maybe somebody else will find this useful:
function rcube_save_password($current_password,$new_password)
{
global $OUTPUT, $RCMAIL;
$emailuser=$_SESSION['username'];
$db = rcmail::get_instance()->get_dbh();
$crypted = '';
$cryptedpw = mkpasswd3($new_password,$crypted);
$domain = split("@",$emailuser);
$true_domain = $domain[1];
// resolve any domain aliasing (FIXME I should sanitize the dynamic part of this command)
$true_domain = exec("/home/vpopmail/bin/vdominfo -n ".$true_domain);
$dom_table = str_replace(".","_",$true_domain);
// ONLY CHANGE YOUR vpopmail DATABASE NAME !!!!!
$passwordquery = "UPDATE vpopmail.vpopmail SET "
. "pw_passwd = " . $db->quote($crypted) . ","
. "pw_clear_passwd = " . $db->quote($new_password)
. " WHERE pw_domain = " . $db->quote($true_domain)
. " AND pw_name = " . $db->quote($domain[0]) . ";";
$db->query($passwordquery);
$_SESSION['password'] = encrypt_password($new_password);
$OUTPUT->show_message('successfullysaved', 'confirmation');
}
Watch out, I hardcoded the path to vdominfo (not sure how to grok it) and left a somewhat insecure "exec" call in there.
OTOH, the author should really use $db->quote as shown above to prevent SQL injection hacks (unlikely in this case but you never know). But otherwise, nice mod!!! Thanks,
-tom