I've installed ISPConfig 2.2.24 on Debian Etch and i've noticed that not all mailusers can change their password within the mailuser application at http://www.example.com:81/mailuser (Of course i enabled "Mailuser login" for the site). The Administrator mailuser of the website can change the password indeed, but other mailusers which belong to the site can't change their password, while no error message appears! I've checked this behaviour on two servers with ISPConfig 2.2.24. Is this a bug? I mean it's really a must that every single mailuser can change their own password, not only the administrator user of the particular site. If it's not a bug, at least an error message should appear, which informs the user that there is no permission to change the password.
I guess it must be a bug. There is no reason why non admin users shall not be able to change their password there. I added it to the bugtracker.
Sorry to be a pest, but I just wanted to find out the status of this issue. I have (apparently) the same problem with ISPC 2.2.24 on a Centos 5.2 server (yum updated). I couldn't find the bugtracker...maybe I wasn't supposed to... Thanks again for this great system! G
A client just informed me about this problem and I found this thread. This seems indeed to be a bug in 2.2.24 and doesn't depend on using Debian (we use CentOS). This is a really important functionality. I hope this is really getting fixed soon and a patch made available (it can only be a small coding problem, I really do not want to apply a whole new ISPConfig via upgrade to my slightly customized installations just because of that tiny snippet). If falko or till could point me to the files that are involved I would look myself and check if I can fix it. Thanks! Btw, changing the users comment ("name") doesn't work either. It's saved to the db, but not to /etc/passwd. So, it seems that action is either skipped or fails. Should it appear in ispconfig.log if it is attempted?
Fix for 2.2.24 mailuser bug Ok, here's the fix. It's a stupid confusion about a variable name. The bug is in mailuser/mail/table/user.table.php. "user_name" is actually *not* the "username" (that would be user_username), but the user's name/comment field. Thus it allows many more characters than this check: "/^[0-9a-zA-Z_\-\.]{0,255}$/" This check will fail with any normal name as a full name is guaranteed to contain a space. Quick fix: Code: $table['user_name'] = array( 'datatype' => "VARCHAR", 'formtype' => "TEXT", 'regex' => "/^[0-9a-zA-Z_\-\.\s]{0,255}$/", 'errmsg' => "Name contains invalid charcters.", 'value' => ""); The \s was added by me. This will allow spaces and thus fix this issue for 99%of the situations. The check should be even more loose, though. Could somebody submit the check from version 2.2.23, please? user.table.php should be reverted to that version.
Thanks. The only difference between the two files is what I explained. I suggest not going back to the 2.2.23 version as it doesn't contain any sanity check. Use this check instead: "/^[^:\r\n\t]{0,255}$/" This allows almost any character except for colons, line-feeds etc. It should be safe to use that as I think any kind of character except for these should be allowed in /etc/passwd. If you want to be more strict use the check I posted first.
@Bolero, Thanks for your work so far, but my opinion is that there must be an official bugfix soon, which comes with a patch or ISPConfig 2.2.25. This bug is really not nice as it is a problem for clients and it is the reason that i've reported this. In the mean time, problems according the mailuser module are added to the bugtracker: http://bugtracker.ispconfig.org/index.php?do=details&task_id=147 http://bugtracker.ispconfig.org/index.php?do=details&task_id=146
I replaced the file user.table.php with the new version from SVN and i want you to know that is works. This means, changing passwords for clients is possible again. Thanks for the fix!
Unfortunately, it stopped working for me. It worked with the change in code I made last week, but this week the user changes are not carried over to /etc/passwd, /etc/shadow, although I used the original files in /root (config.lib.php and ispconfig_system.lib.php). It seems that $mod->system->updateuser fails silently. I wanted to check against svn, but the log tells me last revision is July 9. I checked out svn://svn.ispconfig.org/ispconfig/trunk/ What should I check out instead?
Yes, I made a stupid mistake. After having fixed it, I added a logging line in updateuser() and didn't test again. That line didn't work without access to the global $mod array. It's now working again. Thanks for the file, but I would rather check it out myself. The svn path I mentioned checks out 2.2.24. What's the path for HEAD code?
Till, you may want to correct the small typo in it as well: Name contains invalid charcters. -> Name contains invalid characters. I think there is also a problem with picking this error message up. I didn't check the code more thoroughly, so I don't know if there is an intention to display it. At least at the moment it doesn't display, so nobody knows that it fails silently.
