Third Party Contributions => Old Style Plug-Ins => Topic started by: polinoma on November 04, 2006, 09:15:28 AM
Title: Change password postfix+courier+mysql
Post by: polinoma on November 04, 2006, 09:15:28 AM
It's a nice way to change password /http://postfix.pentachron.net/.
If you want, you can patch roundcube a bit so that your users can change their password in their user preferences. To do so edit the following two files:
First, open 'roundcube/program/steps/settings/func.inc' and search for 'function rcmail_user_prefs_form', then scroll down to the end of this function and add the following code before ' $out .= "\n$form_end";'
// CCC addition // show password form $field_id = 'rcmfd_password'; $input_password = new textfield(array('name' => '_password', 'id' => $field_id, 'size' => 20));
$out .= sprintf("
%s (empty = unchanged)
\n", $field_id, rep_specialchars_output(rcube_label('password')), $input_password->show($CONFIG['password'])); // end CCC addition
Then open 'roundcube/program/steps/settings/save_prefs.inc' and insert the following after the line "$a_user_prefs['prefer_html'] = isset($_POST['_prefer_html']) ? TRUE : FALSE;":
// CCC addition if ($_POST['_password'] != "") { mysql_query("UPDATE ccc.emails SET password = '".$_POST['_password']."' WHERE concat(account, '@', domain) = '".$_SESSION['username']."'") or die(mysql_error()); $_SESSION['password'] = encrypt_passwd($_POST['_password']); } // end of CCC addition
Notice: change ccc.emails to yourdatabase.emails if needed!
Notice: the roundcubemail mysql user needs update permissions for the email table!
Title: Re: Change password postfix+courier+mysql
Post by: deejmer on January 10, 2007, 09:43:45 AM
I appreciate the post....this is exactly what I'm looking for.....Pardon me, but I'm a total neub and need to ask a clarifying (probably dumb) question:
you say:
Quote
Notice: change ccc.emails to yourdatabase.emails if needed! Notice: the roundcubemail mysql user needs update permissions for the email table!
I changed my code in the two files as instructed, and the new PW change field does show in Preferences, but when I attempt to change the password, the app says that I dont have update permissions to the email table. When I look at my DB for roundcubemail in phpmyadmin, i do not see an emails table. Am I missing something? Is this outside of the roundcube DB?
If you can clarify, I'd really appreciate it.
Thanks in advance!
Title: Re: Change password postfix+courier+mysql
Post by: CReber on January 25, 2007, 01:43:41 PM
It doesn't work in an existing roundcube system, right? What do I need that it works? Can you make a detailled tutorial on that?
Title: Re: Change password postfix+courier+mysql
Post by: bswinnerton on August 24, 2007, 10:19:54 AM
Yes, I am very interested in this.
Title: Re: Change password postfix+courier+mysql
Post by: Julien on September 10, 2007, 11:51:58 AM
I wrote a pacth to do this a few months ago : http://blog.julienwadin.be/index.php/2007/05/26/72-modification-du-password-email-dans-roundcube
Title: Re: Change password postfix+courier+mysql
Post by: Le Veilleur on November 06, 2007, 08:55:15 AM
Quote from: Julien
I wrote a pacth to do this a few months ago : http://blog.julienwadin.be/index.php/2007/05/26/72-modification-du-password-email-dans-roundcube
Very Nice work, I'll try it with the RC2 this evening.
Title: Re: Change password postfix+courier+mysql
Post by: Le Veilleur on November 06, 2007, 11:39:33 AM
Quote from: Julien
I wrote a pacth to do this a few months ago : http://blog.julienwadin.be/index.php/2007/05/26/72-modification-du-password-email-dans-roundcube
There is a bug in your mod. The link to the passwd page doesn't work. Exactly the same problem that's explain in your blog's comments
Title: Re: Change password postfix+courier+mysql
Post by: stefan-becker on November 07, 2007, 11:40:24 AM
Can I use this patch with Plesk from SWSoft?
Title: Re: Change password postfix+courier+mysql
Post by: Julien on November 15, 2007, 02:15:38 PM
Quote from: Le Veilleur
Quote from: Julien
I wrote a pacth to do this a few months ago : http://blog.julienwadin.be/index.php/2007/05/26/72-modification-du-password-email-dans-roundcube
There is a bug in your mod. The link to the passwd page doesn't work. Exactly the same problem that's explain in your blog's comments
My patch works with RC1. I've not yet tested it with RC2. It will be done quickly. Stay in touch.
Title: Re: Change password postfix+courier+mysql
Post by: Dexterp37 on November 27, 2007, 03:43:32 AM
Hello there, I just wanted to tell you that I slightly modified your code to make it work for RC2. Works smoothly ;)
Aproximately near line 29 in file "program\steps\settings\save_prefs.inc", there is a block where an array is declared. It starts with "$a_user_prefs = array(". Just add the following line under the "'prefer_html' => isset($_POST['_prefer_html']) ? TRUE : FALSE," line
// Password MOD 'password' => isset($_POST['_password']) ? TRUE : FALSE, // End Password MOD
Now just AFTER the "foreach ((array)$CONFIG['dont_override'] as $p) ..." near line 39, add the block which handles password saving to DB
// Password MOD if (isset($_POST['_password'])) { $tmpEncPass = YourEncryptionFunctionHERE($_POST['_password'], "");
mysql_query("UPDATE CCC.TableWithPasswordHERE SET password = '".$tmpEncPass."' WHERE username = '".$_SESSION['username']."'") or die(mysql_error());
$_SESSION['password'] = encrypt_passwd($_POST['_password']); } // End Password MOD
Now in "program\steps\settings\func.inc", around line 200, there is some code like "$out .= "\n$form_end";". Just BEFORE this line, add the following block:
// Password MOD $field_id = 'rcmfd_password'; $input_password = new textfield(array('name' => '_password', 'id' => $field_id, 'size' => 20));
$out .= sprintf("
%s (empty = unchanged)
\n", $field_id, rep_specialchars_output(rcube_label('password')), $input_password->show($CONFIG['password'])); // End Password MOD
It should work :) One problem I'm experiencing is that the field is not empty when Preferences menu is opened, it has a "1" in it.
Title: Re: Change password postfix+courier+mysql
Post by: Dexterp37 on January 25, 2008, 04:53:44 AM
Little update: instead of passing $CONFIG['password'] as a parameter for the show function, remove it from function parameters so that the show call looks like this:
$input_password->show()
This is needed to prevent users to erroneously change their password because field has a '1' in it.
Title: Re: Change password postfix+courier+mysql
Post by: rockwilda on March 13, 2008, 03:22:29 PM
Does this work with rc 0.1 stable?
Is there a patch file?
best regards, Nico
Title: Re: Change password postfix+courier+mysql
Post by: Dexterp37 on March 14, 2008, 06:19:13 AM
I don't know yet, didn't had a chance to test. Will do soon, a release a patch in case :)
Title: Re: Change password postfix+courier+mysql
Post by: Dexterp37 on March 16, 2008, 05:54:06 AM
I just applied this mod to 0.1stable, and it works flawlessly. I've attached the patch to this post. Let me know if it works, that's my first patch!
Title: Re: Change password postfix+courier+mysql
Post by: rockwilda on March 16, 2008, 10:42:42 AM
Hey thanks for your patch file! But I'm unable to unzip it ... tried it with linux and windows ...
Title: Re: Change password postfix+courier+mysql
Post by: Dexterp37 on March 16, 2008, 03:38:34 PM
Ouch, try this one, which is .txt but the other one works fine for me :| (WinZip) Please note that you may need to change the query to suit your database, in save_prefs.inc.
I also wrote a short tutorial to help adding this mod to your roundcube installation which can be found here (http://www.a2p.it/wordpress/tech-stuff/tips-and-tricks/roundcube-allow-users-to-change-their-own-passwords/).
Title: Re: Change password postfix+courier+mysql
Post by: speedyboy on March 24, 2008, 02:28:43 PM
I have a problem with the password, unfortunately for me ENCRYPT not works.
And md5 is not works.
In my database the password is ENCRYPT Function, unfortunately when I modify it the roundcube , that password is not going though already.
Thank You
And sorry about my bad english
Title: Re: Change password postfix+courier+mysql
Post by: speedyboy on March 24, 2008, 02:35:34 PM
error log
[24-Mar-2008 20:02:01] PHP Fatal error: Call to undefined function ENCRYPT()
Title: Re: Change password postfix+courier+mysql
Post by: Dexterp37 on March 24, 2008, 03:30:04 PM
It looks like you have no ENCRYPT function in your sources. Are you sure there's such a function in your code? What are you using to store passwords?
Title: Re: Change password postfix+courier+mysql
Post by: speedyboy on March 25, 2008, 07:21:13 AM
program\steps\settings\save_prefs.inc // Password MOD password' => isset($_POST['_password']) ? TRUE : FALSE, // End Password MOD
// Password MOD if (isset($_POST['_password'])) { $tmpEncPass = ENCRYPT($_POST['_password'], "");
mysql_query("UPDATE CCC.TableWithPasswordHERE SET password = '".$tmpEncPass."' WHERE username = '".$_SESSION['username']."'") or die(mysql_error());
$_SESSION['password'] = encrypt_passwd($_POST['_password']); } // End Password MOD
$tmpEncPass = ENCRYPT($_POST['_password'], ""); In order to match the encryption you use to store your passwords in your database. If your passwords are stored as md5 hashes, you could use php native md5 function referenced here (http://it.php.net/md5) in PHP manual.
Don't forget the query as well to suit your database structure.
Title: Re: Change password postfix+courier+mysql
Post by: speedyboy on March 25, 2008, 10:14:15 AM
Thanks for the idea, Dexterp37 O0
Title: Re: Change password postfix+courier+mysql
Post by: LaPanthere on March 28, 2008, 09:12:11 AM
for native DES crypt you need to change the crypt like :
$tmpEncPass = crypt($_POST['_password'],'xx');
regards
Title: Re: Change password postfix+courier+mysql
Post by: Martin2008 on April 05, 2008, 05:25:08 AM
Quote from: Dexterp37
I just applied this mod to 0.1stable, and it works flawlessly. I've attached the patch to this post. Let me know if it works, that's my first patch!
Hello,
I really like this plugin and I am not really a coder but I was wondering where do I get the specific info on the following:
1. YourEncryptionFunctionHERE 2. UPDATE CCC.TableWithPasswordHERE SET
I apologize for my ignorance on this matter. Thanks.
Martin
Title: Re: Change password postfix+courier+mysql
Post by: Dexterp37 on April 06, 2008, 01:34:11 PM
Since you also left a comment on my blog, I also replied there :)
Title: Re: Change password postfix+courier+mysql
Post by: acadia on April 10, 2008, 11:07:37 PM
So, I'm new to roundcube, quick question, does a plugin already exist for mysql,exim,courier mail to change password (virtual user setup), or do I have to write my own? Basically, how would you do changepassword with roundcube given mysql,exim,courier mail virtual user setup? What I'm reading here are people are writing some bits of their own code, is this standard fair?
Title: Re: Change password postfix+courier+mysql
Post by: Dexterp37 on April 11, 2008, 02:58:09 AM
Yes, sort of. AFAIK, there's no intention to bring change password functionality in roundcube because of the very different behavior each backend software has. The code I posted works directly on the underlying database to write password in it. You should be able to use it as well, if exim stores passwords in a database.
Title: Re: Change password postfix+courier+mysql
Post by: speedyboy on April 13, 2008, 11:04:42 AM
Hello boys
And Thanks for the ideas
How it would be possible to rewrite this md5 to native DES crypt (ENCRYPT) whit this script.
function rcmail_save_passwd($curpassword, $newpassword){ global $DB, $CONFIG, $OUTPUT;
$DB->query('select password from postfix.mailbox where username=\''.$_SESSION['username'].'\''); $row = $DB->fetch_assoc(); $actualCryptedPassword = md5($curpassword);
if ($actualCryptedPassword != $row['password']) return false; else {//ok, we can proceed $DB->query('update postfix.mailbox set password=\''.md5($newpassword).'\',modified=NOW() where username=\''.$_SESSION['username'].'\''); if (!$DB->is_error()) { $_SESSION['password'] = encrypt_passwd($newpassword); //save the new password in the session return true; } else return false;
Title: what about roundcube-rc2-stable?
Post by: CPECAH on January 11, 2009, 03:57:24 AM
it looks like there is some change in the code - because in the program\steps\settings\func.inc i can not find where to put the password box. can you help ?
Quote from: speedyboy;11090
program\steps\settings\save_prefs.inc // Password MOD password' => isset($_POST['_password']) ? TRUE : FALSE, // End Password MOD
// Password MOD if (isset($_POST['_password'])) { $tmpEncPass = ENCRYPT($_POST['_password'], "");
mysql_query("UPDATE CCC.TableWithPasswordHERE SET password = '".$tmpEncPass."' WHERE username = '".$_SESSION['username']."'") or die(mysql_error());
$_SESSION['password'] = encrypt_passwd($_POST['_password']); } // End Password MOD
\n", $field_id, rep_specialchars_output(rcube_label('password')), $input_password->show(); // End Password MOD
Title: Change password postfix+courier+mysql
Post by: lion_kg on January 20, 2009, 07:04:42 AM
I am using roundcube 0.2.1 too and cannot find where to put the change password section in settings. I mean the part that should go into program\steps\settings\func.inc. Has anyone applied this patch on stable version?
Title: Change password postfix+courier+mysql
Post by: Dexterp37 on February 11, 2009, 03:27:53 AM
I've successfully modded 0.2-beta to support mysql+postfix password hack. I'm applying that to 0.2-stable this morning and will post a patch file and a tutorial once done ;)
Title: Change password postfix+courier+mysql
Post by: Lukather on February 13, 2009, 08:33:58 AM
Quote from: Dexterp37;16968
I've successfully modded 0.2-beta to support mysql+postfix password hack. I'm applying that to 0.2-stable this morning and will post a patch file and a tutorial once done ;)
Hi Dexter , is possible get your patch for 0.2 stable version ? , I need to do a update for my webmail and the patch is very important to me.
Thanks for your time. bye.
Title: Change password postfix+courier+mysql
Post by: Dexterp37 on February 13, 2009, 02:59:34 PM
That's the updated tutorial which makes the hack work on rc 0.2stable
Based on your modification , I introduce "some little changes" for compatibility with the howto from HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com) (Falko Timme) about virtual users.
In save_prefs.inc , after the “foreach ((array)$CONFIG['dont_override'] as $p)” near line 39, add the following block
// Password MOD if (isset($_POST['_password'])) { $tmpEncPass = $_POST['_password']; mysql_query("UPDATE mail.users SET password = ENCRYPT('".$tmpEncPass."') WHERE email = '".$_SESSION['username']."'") or die(mysql_error());
$_SESSION['password'] = $RCMAIL->encrypt_passwd($_POST['_password']); } // End Password MOD
// where "mail" is the database and "users" the table.
If your prefer , download the func.inc and the save_prefs.inc to 0.2 stable version (virtual users from Falko Timme , howtoforge.com) from http://www.opensynapse.cl/solutions/pass-files.tar.gz
Thanks.
Title: Change password postfix+courier+mysql
Post by: Dexterp37 on February 15, 2009, 10:55:46 AM
Thank you for your changes :)
Title: Change password postfix+courier+mysql
Post by: Lukather on February 16, 2009, 08:29:03 AM
Hey , a little bug ocurred when the password field is blank (and you save other options). The result is blank password.
Please modify :
if ($_POST['_password']) {
// Password MOD if (isset($_POST['_password'])) { $tmpEncPass = $_POST['_password']; mysql_query("UPDATE mail.users SET password = ENCRYPT('".$tmpEncPass."') WHERE email = '".$_SESSION['username']."'") or die(mysql_error());
$_SESSION['password'] = $RCMAIL->encrypt_passwd($_POST['_password']); } // End Password MOD } // where "mail" is the database and "users" the table.
Update files , on my server.
Thanks
Title: Change password postfix+courier+mysql
Post by: Dexterp37 on February 17, 2009, 09:45:20 AM
Thank you for the fix! I just updated the tutorial :)
Title: Change password postfix+courier+mysql
Post by: ThanhBT on February 21, 2009, 11:16:21 AM
UPDATE command denied to user 'roundcube'@'localhost' for table 'users' Anyone help me?
Title: Change password postfix+courier+mysql
Post by: ThanhBT on February 21, 2009, 11:21:36 AM
I found reason! DB Roundcube # DB users
Grant permission Roundcube users to DB users to resolve/.
Title: Change password postfix+courier+mysql
Post by: drewpydraws on February 21, 2009, 10:12:29 PM
Thanks for this. Thought I would share my little tweak of the safe_prefs.inc file. This let's you specify the minimum number of characters and makes sure they aren't setting the password to only whitespace.
// Password MOD drew if (isset($_POST['_password']) && !empty($_POST['_password'])) { $tmpEncPass = $_POST['_password']; if(strlen($tmpEncPass)>6) { mysql_query("UPDATE mail.users SET password = ENCRYPT('".$tmpEncPass."') WHERE email = '".$_SESSION['username']."'") or die(mysql_error());
$_SESSION['password'] = $RCMAIL->encrypt_passwd($_POST['_password']); } else { $OUTPUT->show_message('errorsaving', 'error'); $passwordError=TRUE; } } // End Password MOD
Then wrap the rest of the file in if(!$passwordError) { // the rest of the code. }
Title: How to configure?
Post by: juliomoraes on March 31, 2009, 03:32:04 PM
Hey folks :D,
I need to configure tihs line:confused::
mysql_query("UPDATE CCC.TableWithPasswordHERE SET password = '".$tmpEncPass."' WHERE username = '".$_SESSION['username']."'")
Anyone can show me a exemple more compreensive? I´m not a programmer, only a designer :( and have no sufficient knowledgement about SQl queries...
Thanks!
Title: Change password postfix+courier+mysql
Post by: ddimick on May 15, 2009, 05:31:33 PM
I modified drewpydraws version to do two things:
1) Use the password input field type instead of text to prevent the password from displaying on the screen. 2) Add a second password field to ensure the users doesn't typo their password when entering it.
Probably could tighten it up a bit more but hopefully you get the idea.
save_prefs.inc
// Password MOD if (isset($_POST['_password']) && isset($_POST['_password2'])) {
if (($_POST['_password'] == $_POST['_password2']) && strlen($_POST['_password']) > 4) { $tmpEncPass = $_POST['_password']; mysql_query("UPDATE mail.users SET crypt = ENCRYPT('".$tmpEncPass."', \"\") WHERE email = '".$_SESSION['username']."'") or die(mysql_error()); $_SESSION['password'] = $RCMAIL->encrypt_passwd($_POST['_password']); } else { $passwordError = TRUE; $OUTPUT->show_message('errorsaving', 'error'); } } // End Password MOD
As per drewpydraws instructions, the rest of the code in save_prefs.inc is encapsulated in an if statement to prevent it from executing if something is wrong with the passwords.
$table->add('title', html::label($field_id, /*Q(rcube_label('skin'))*/ 'Password')); $table->add('title', html::label($field_id, /*Q(rcube_label('skin'))*/ 'Re-Type Password')); $table->add(null, $input_password->show()); $table->add(null, $input_password2->show()); // End Password MOD
Lastly, it took me a few minutes to remember that the roundcube MySQL user didn't have any privileges to my mail user database, so had to grant select and update. So, uh, don't forget to do that.
Title: Change password postfix+courier+mysql
Post by: ddimick on May 15, 2009, 07:43:32 PM
As a small addendum, this is probably unsecure code and you shouldn't use it in a production environment. I don't know Roundcube well enough to understand if any sanitization of the password input field/MySQL query is being done and may be possible for a user to do things not intended (or desired) by you.
Just saying.
Title: Change password postfix+courier+mysql
Post by: sekundek on June 01, 2009, 02:36:35 AM
I just want to add this about insecure code. If all of you are using this change, than you're all vulnerable to big exploit. I created a small patch for version 0.2.2 with using PDO module. If anyone like to test it, let me know and i'll paste it here.