Author Topic: cant get password plugin to work with roundcube  (Read 35335 times)

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: cant get password plugin to work with roundcube
« Reply #15 on: March 25, 2012, 03:24:13 PM »
Hmm well there some progress at least, we'll need to configure how the password is stored in the DB. Do you know how your mail system stores the passwords (MD5, SHA1, etc) in the DB? If not can you give an example password from the database?

Offline Coderx

  • Jr. Member
  • **
  • Posts: 27
Re: cant get password plugin to work with roundcube
« Reply #16 on: March 25, 2012, 04:51:23 PM »
Hmm well there some progress at least, we'll need to configure how the password is stored in the DB. Do you know how your mail system stores the passwords (MD5, SHA1, etc) in the DB? If not can you give an example password from the database?
i have no idea how passwords are stored in database , although i asked in the kloxo support forum , but they have'nt still answered it . (maybe it is CRAM-MD5 ?)
for now , there is a password field for e.g test@ustmb.ir :
the password is :
Code: [Select]
123456and the field in database contains :
Code: [Select]
$1$mOiUeBAu$bDtWEyhv/IgkIB3EPO1Ef1i checked couple of online hash calculators , but none made me an equivalent code to mach the hashed password!
----------
i have a question , how is it possible for a saved password to be reset to the original value with out any temporary place of storing it in first place?
i might be wrong , but it strikes me that , the weird stuff i experienced while saving the new password , is caused by the variables content at run - time , i mean probably when updating the current password , it only checks a variable which now contains the new password , and its not fetching it each time from the database ! so when trying to set the password , the current-password variable gets a new value from the newly entered field ,before it stores it in the database , and in the meantime , saving to the database fails , but no error is generated . maybe a programming logical bug it is .
« Last Edit: March 25, 2012, 05:12:01 PM by Coderx »

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: cant get password plugin to work with roundcube
« Reply #17 on: March 25, 2012, 11:48:18 PM »
It maybe dovecot's CRAM-MD5 method (just guessing that your running dovecot) try switching out %c with %D in the query.
Quote
i have a question , how is it possible for a saved password to be reset to the original value with out any temporary place of storing it in first place?
i might be wrong , but it strikes me that , the weird stuff i experienced while saving the new password , is caused by the variables content at run - time , i mean probably when updating the current password , it only checks a variable which now contains the new password , and its not fetching it each time from the database ! so when trying to set the password , the current-password variable gets a new value from the newly entered field ,before it stores it in the database , and in the meantime , saving to the database fails , but no error is generated . maybe a programming logical bug it is .
While odd I don't think its a RoundCube problem. The new password does replace the old password in the session but only after the password has been successfully change. Now one potential problem is the sql driver returns true if the database confirms a row was successfully modified, it doesn't/can't check if the password is sotred correctly.

Offline Coderx

  • Jr. Member
  • **
  • Posts: 27
Re: cant get password plugin to work with roundcube
« Reply #18 on: March 26, 2012, 12:39:00 AM »
It maybe dovecot's CRAM-MD5 method (just guessing that your running dovecot) try switching out %c with %D in the query.
Quote
i have a question , how is it possible for a saved password to be reset to the original value with out any temporary place of storing it in first place?
i might be wrong , but it strikes me that , the weird stuff i experienced while saving the new password , is caused by the variables content at run - time , i mean probably when updating the current password , it only checks a variable which now contains the new password , and its not fetching it each time from the database ! so when trying to set the password , the current-password variable gets a new value from the newly entered field ,before it stores it in the database , and in the meantime , saving to the database fails , but no error is generated . maybe a programming logical bug it is .
While odd I don't think its a RoundCube problem. The new password does replace the old password in the session but only after the password has been successfully change. Now one potential problem is the sql driver returns true if the database confirms a row was successfully modified, it doesn't/can't check if the password is sotred correctly.
doing so gives the "couldnt save new password" error :
and in log these are generated for my multiple tries :
Code: [Select]
[26-Mar-2012 02:41:14] PHP Warning:  popen() has been disabled for security reasons in /home/admin/Public_html/mail/plugins/password/drivers/sql.php on line 73
[26-Mar-2012 02:41:27] PHP Warning:  popen() has been disabled for security reasons in /home/admin/Public_html/mail/plugins/password/drivers/sql.php on line 73
[26-Mar-2012 02:42:03] PHP Warning:  popen() has been disabled for security reasons in /home/admin/Public_html/mail/plugins/password/drivers/sql.php on line 73
[26-Mar-2012 02:44:47 -0400]: IMAP Error: Login failed for test@ustmb.ir from 31.57.160.140. LOGIN: Login failed. in /home/admin/Public_html/mail/program/include/rcube_imap.php on line 191 (POST /?_task=login&_action=login)
[26-Mar-2012 02:46:07] PHP Warning:  popen() has been disabled for security reasons in /home/admin/Public_html/mail/plugins/password/drivers/sql.php on line 73
[26-Mar-2012 02:46:58] PHP Warning:  popen() has been disabled for security reasons in /home/admin/Public_html/mail/plugins/password/drivers/sql.php on line 73

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: cant get password plugin to work with roundcube
« Reply #19 on: March 26, 2012, 06:11:35 AM »
That could be a problem, just to confirm you are using Dovecot as your mail server right?

Offline Coderx

  • Jr. Member
  • **
  • Posts: 27
Re: cant get password plugin to work with roundcube
« Reply #20 on: March 26, 2012, 07:16:58 AM »
That could be a problem, just to confirm you are using Dovecot as your mail server right?
i have no idea , but in processes there is this qmail , which i think , as the name would imply , has sth to do with mails and stuff .
how can i find about that ?

Offline mjeshtri

  • Newbie
  • *
  • Posts: 2
Re: cant get password plugin to work with roundcube
« Reply #21 on: March 26, 2012, 09:01:46 AM »
i have the same problem,

I am using it with cpanel. It says "Successfully Saved" and when I make the login I have to put the old password.


Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: cant get password plugin to work with roundcube
« Reply #22 on: March 29, 2012, 04:58:47 AM »
Sorry for the delay, can you post your qmail config?

i have the same problem,

I am using it with cpanel. It says "Successfully Saved" and when I make the login I have to put the old password.
Quick question is your cPanel install in english or a different language?

Offline Coderx

  • Jr. Member
  • **
  • Posts: 27
Re: cant get password plugin to work with roundcube
« Reply #23 on: March 29, 2012, 04:14:39 PM »
Sorry for the delay, can you post your qmail config?

i have the same problem,

I am using it with cpanel. It says "Successfully Saved" and when I make the login I have to put the old password.
Quick question is your cPanel install in english or a different language?
i thought you gave up on me :D im glad you are still following this thread thank you :)
i found out sth intersting about saving mail accounts in kloxo .
they have a vpopmail which contains the passwords in plain text! in addition to the hashed ones ! . i dont remmeber where i read about this , but i can remember that , this has sth to do with some method of securing the connection between client and server dealing with emails when ssl is not present .
and the wierd part is this , after trying to change the password using roundcube , i checked the vpopmail table , and noticed , the email account's plain password field which i tried to change password of , is become blank! if i try to change the password trough kloxo , its fine and the field representing password in plain text is there , but when it is done with roundcube , that field becomes blank!
 i dont know if this is enough hint for you to understand what we are dealing with !
and about the qmail config , what exactly are you after ? im askingbecause i have no idea what im looking for , i went to the qmail folder and there were so many files and folders which i couldnt make heads or tails of them ! so alittle hint would help alot .

again thank you the time and generosity you spend for helping us .
« Last Edit: March 30, 2012, 05:01:09 AM by Coderx »

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: cant get password plugin to work with roundcube
« Reply #24 on: March 30, 2012, 07:41:36 AM »
If you system has vpopmail try changing the $rcmail_config['password_driver'] to "vpopmaild" and see if thats works or at least what error messages you get. I was asking about the qmail config to try and see what password hashing technique it was using, I don't use qmail so I can't be to much more precise as to were the settings would be.

Offline Coderx

  • Jr. Member
  • **
  • Posts: 27
Re: cant get password plugin to work with roundcube
« Reply #25 on: March 30, 2012, 08:42:00 AM »
If you system has vpopmail try changing the $rcmail_config['password_driver'] to "vpopmaild" and see if thats works or at least what error messages you get. I was asking about the qmail config to try and see what password hashing technique it was using, I don't use qmail so I can't be to much more precise as to were the settings would be.
i get a couldnt ave password mesage in roundcube and in logs i have
 "[30-Mar-2012 10:50:51] Connection refused (111): " error .

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: cant get password plugin to work with roundcube
« Reply #26 on: March 30, 2012, 10:59:18 AM »
Ok looking back in the thread I see that you said "there is another installation of roundcube which came with koloxo" and you said that was working, whats in the password plugins config for that install?

Offline Coderx

  • Jr. Member
  • **
  • Posts: 27
Re: cant get password plugin to work with roundcube
« Reply #27 on: March 30, 2012, 03:30:53 PM »
Ok looking back in the thread I see that you said "there is another installation of roundcube which came with koloxo" and you said that was working, whats in the password plugins config for that install?
nothing . there is no password plugin enabled in that installation either . by working , i meant it in general , didnt mean that the password plugin works with that ( if it were , i would not try to install another one any way )

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: cant get password plugin to work with roundcube
« Reply #28 on: March 30, 2012, 11:38:03 PM »
Darn, well then we're back to trying to find the vpopmail or qmail configuration files to figure out how the passwords are stored. I haven't using ether so I can't be to much help in locating were the password encryption settings would be sotred with out looking at it myself.

Offline Coderx

  • Jr. Member
  • **
  • Posts: 27
Re: cant get password plugin to work with roundcube
« Reply #29 on: April 18, 2012, 03:12:45 PM »
Darn, well then we're back to trying to find the vpopmail or qmail configuration files to figure out how the passwords are stored. I haven't using ether so I can't be to much help in locating were the password encryption settings would be sotred with out looking at it myself.
i almost gave up on this , i found the qmail installation folder, but there are lots of files and folder there wich makes it kindda impossible to look for config file! .
i searched and found this : http://www.davidc.net/miscellany/qmailadmin-plugin-roundcube#comment-71
are qmail and qmailadmin different ?