Project InfoSponsor & PartnerInstalling ispCPFAQDocumentationDevelopment
Current time: 11-15-2024, 02:29 PM Hello There, Guest! (LoginRegister)

ispCP - Board - Support / ispCP Omega Contributions Area / Enhancements v / roundcube 0.3rc1 change password plugin

Post Reply 
roundcube 0.3rc1 change password plugin
Author Message
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #3
RE: roundcube 0.3rc1 change password plugin
I checked the PW-Changer Plugin and we can directly work with a SQL-Query.
Code:
2.1. Database (sql)
-------------------

You can specify which database to connect by 'password_db_dsn' option and
what SQL query to execute by 'password_query'. See main.inc.php file for
more info.

Example implementations of an update_passwd function:

- This is for use with LMS (http://lms.org.pl) database and postgres:

        CREATE OR REPLACE FUNCTION update_passwd(hash text, account text) RETURNS integer AS $$
        DECLARE
            res integer;
        BEGIN
            UPDATE passwd SET password = hash
            WHERE login = split_part(account, '@', 1)
                AND domainid = (SELECT id FROM domains WHERE name = split_part(account, '@', 2))
            RETURNING id INTO res;
            RETURN res;
        END;
        $$ LANGUAGE plpgsql SECURITY DEFINER;

- This is for use with a SELECT update_passwd(%o,%c,%u) query
        Updates the password only when the old password matches the MD5 password
        in the database

        CREATE FUNCTION update_password (oldpass text, cryptpass text, user text) RETURNS text
            MODIFIES SQL DATA
        BEGIN
            DECLARE currentsalt varchar(20);
            DECLARE error text;
            SET error = 'incorrect current password';
            SELECT substring_index(substr(user.password,4),_latin1'$',1) INTO currentsalt FROM users WHERE username=user;
            SELECT '' INTO error FROM users WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
            UPDATE users SET password=cryptpass WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
            RETURN error;
        END

Example SQL UPDATEs:

- Plain text passwords:
    UPDATE users SET password=%p WHERE username=%u AND password=%o AND domain=%h LIMIT 1

- Crypt text passwords:
    UPDATE users SET password=%c WHERE username=%u LIMIT 1

- Use a MYSQL crypt function (*nix only) with random 8 character salt
    UPDATE users SET password=ENCRYPT(%p,concat(_utf8'$1$',right(md5(rand()),8),_utf8'$')) WHERE username=%u LIMIT 1

- MD5 stored passwords:
    UPDATE users SET password=MD5(%p) WHERE username=%u AND password=MD5(%o) LIMIT 1
What kind of crypt does ispCP use ?
Can i write the PW in plain text back in the SQL-DB and later start the engine to crypt the PW in ispCP style? Or how could it work ?

Greez BeNe
09-05-2009 12:00 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Messages In This Thread
RE: roundcube 0.3rc1 change password plugin - BeNe - 09-05-2009 12:00 AM

Forum Jump:


User(s) browsing this thread: 3 Guest(s)

Contact Us | isp Control Panel ( ispCP ) | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication