I modified drewpydraws version to do two things:
1) Use the password input field type instead of text to prevent the password from displaying on the screen.
2) Add a second password field to ensure the users doesn't typo their password when entering it.
Probably could tighten it up a bit more but hopefully you get the idea.
save_prefs.inc
// Password MOD
if (isset($_POST['_password']) && isset($_POST['_password2'])) {
if (($_POST['_password'] == $_POST['_password2']) && strlen($_POST['_password']) > 4) {
$tmpEncPass = $_POST['_password'];
mysql_query("UPDATE mail.users SET crypt = ENCRYPT('".$tmpEncPass."', \"<encrypt salt>\") WHERE email = '".$_SESSION['username']."'") or die(mysql_error());
$_SESSION['password'] = $RCMAIL->encrypt_passwd($_POST['_password']);
} else {
$passwordError = TRUE;
$OUTPUT->show_message('errorsaving', 'error');
}
}
// End Password MOD
As per drewpydraws instructions, the rest of the code in save_prefs.inc is encapsulated in an if statement to prevent it from executing if something is wrong with the passwords.
if(!$passwordError)
{
// the rest of the code.
}
func.inc
// Password MOD
$field_id = 'rcmfd_password';
$field_id = 'rcmfd_password2';
$input_password = new html_passwordfield(array('name' => '_password', 'id' => $field_id, 'size' => 20));
$input_password2 = new html_passwordfield(array('name' => '_password2', 'id' => $field_id, 'size' => 20));
$table->add('title', html::label($field_id, /*Q(rcube_label('skin'))*/ 'Password'));
$table->add('title', html::label($field_id, /*Q(rcube_label('skin'))*/ 'Re-Type Password'));
$table->add(null, $input_password->show());
$table->add(null, $input_password2->show());
// End Password MOD
Lastly, it took me a few minutes to remember that the roundcube MySQL user didn't have any privileges to my mail user database, so had to grant select and update. So, uh, don't forget to do that.