[HowTo] Password changer for Roundcube Webmail

[Cube]

This HowTo describes how to implement a password changer into Roundcube.

How it works
With this mod RC will set the new pasword directly in the ispcp database and call the ispCP-daemon to update the configs.

Requirements
- a working Roundcube (version 0.1.1) which is installed in ispCP's tools-directory (Please do not ask about how to install Roundcube in this thread.)
- ispCP RC4 or later (if you upgraded to RC4 from an older version you have to set the database revision to 1 (mysql -> ispcp -> config) and check for database updates in the GUI (that's because of a bug in the update-script) / mail_addr should not be empty)

I assume that the roundcube-directory and the roundcube-user are both called roundcube.

In /var/www/ispcp/gui/tools/roundcube/program/steps/settings/func.inc before line 198

Code:

$out .= "\n</table>$form_end";

add this:

Code:

// Password MOD
  $field_id = 'rcmfd_password';
  $input_password = new passwordfield(array('name' => '_password', 'id' => $field_id, 'size' => 20));
  $out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s (empty = unchanged)</td></tr>\n",
                  $field_id,
                  rep_specialchars_output(rcube_label('password')),
                  $input_password->show());
  // End Password MOD

In /var/www/ispcp/gui/tools/roundcube/program/steps/settings/save_prefs.inc at the beginning (line 22) add this:

Code:

require '../../include/ispcp-functions.php';

This includes the functions which we need to call the ispCP-daemon.
After approximately line 31

Code:

'preview_pane' => isset($_POST['_preview_pane']) ? TRUE : FALSE,

add this:

Code:

// Password MOD
  'password'  => isset($_POST['_password']) ? TRUE : FALSE,
  // End Password MOD

After approximately line 40

Code:

$a_user_prefs[$p] = $CONFIG[$p];

add this:

Code:

// Password MOD
if (isset($_POST['_password']) && $_POST['_password']!="")
  {
  $tmpPass = $_POST['_password'];
  $tmpUser = $_SESSION['username'];

  mysql_query("UPDATE ispcp.mail_users SET mail_pass='$tmpPass', status='change' WHERE mail_addr='$tmpUser'")
    or die(mysql_error());

  send_request();

  $_SESSION['password'] = encrypt_passwd($_POST['_password']);
  }
// End Password MOD

Now we have to give the roundcube-user access to our mail_users table in the ispcp-database.
He will get only the minimum he needs: SELECT-privileges for mail_addr and UPDATE-privileges for mail_pass and status. You can do this with PMA or with the following SQL statements:

Code:

GRANT SELECT (`mail_addr`), UPDATE (`mail_pass`, `status`) ON `ispcp`.`mail_users` TO 'roundcube'@'localhost';
FLUSH PRIVILEGES;

Localization
You can translate the "(empty = unchanged)" string to your default language or remove it - it should be intuitive enough.

Test it!
After a change you will lose your connection to the IMAP server and have to login again.
Post improvements if you know some. I will merge them to a final HowTo in the docu.

[joximu]

Caution: this will work only with newer ispCP version (where mail_addr is filled in) - I think not in RC3 - nightly somewhat around end of february...

[elitepilot]

does not work for rc3 stable release?

[T0mcat]

elitepilot Wrote:does not work for rc3 stable release?

I'm running RC3, and this trick doesn't work for me

But RC4 will be out soon, so it should work.

[elitepilot]

can make it able for rc3?

[joximu]

with a much more complicated sql statement...

[Cube]

That's the reason why I made it for newer ispCP versions (at least revision 1024 from the end of February). RC4 should be released soon, so please wait for it, if you use RC3.

[gOOvER]

elitepilot Wrote:can make it able for rc3?

We don't need a Version for RC3. Rc4 is coming in the next few Days

[elitepilot]

i hope the update from rc3 to rc4 will go without erros ^^

[elitepilot]

Hi, i installed ISPCP RC4 But and follow your Howto, but i can not change Passwords.
mail_addr is empty in Database