Issues with Change SQL Password plugin for Squirrel Mail on Centos 5.4 and ISPConfig3

I have this setup per this howto "The Perfect Server - CentOS 5.4 x86_64 [ISPConfig 3]":
http://www.howtoforge.com/perfect-server-centos-5.4-x86_64-ispconfig-3

And I am trying to setup the Change SQL Password plugin per this howto: http://www.howtoforge.com/virtual-u...urier-mysql-squirrelmail-centos-5.3-x86_64-p5 ,starting from the

section.

However after I logged in to webmail and tried to change the password using the new plugin, I get this error:

I am assuming that the following code in the config.php of the pluging may not be correct:

Code:

$csp_dsn = 'mysql://mail_admin:mail_admin_password@localhost/mail';

Please help. Thanks

 

Thanks for the reply, Till.

I changed the necessary in order to get the DB connection going, however a "Your old password does not match" error from the Change Password screen. I think it has to do with the password encryption used.

Which encryption should I use? In the config.ph file:

Code:

// password_encryption
   //
   // What encryption method do you use to store passwords
   // in your database?  Please use one of the following,
   // exactly as you see it:
   //
   //   NONE          Passwords are stored as plain text only
   //   MYSQLPWD      Passwords are stored using the MySQL password() function
   //   MYSQLENCRYPT  Passwords are stored using the MySQL encrypt() function
   //   PHPCRYPT      Passwords are stored using the PHP crypt() function
   //   MD5CRYPT      Passwords are stored using encrypted MD5 algorithm
   //   MD5           Passwords are stored as MD5 hash
   //
   $password_encryption = 'MYSQLENCRYPT';

and this is used also:

Code:

$csp_salt_static = 'LEFT(password, 2)';

Has anyone successfully used the Change SQL Password plugin with an ISPConfig3 and Squirrelmail setup??

Thanks

 

Unless I am mistaken, it appears that the salt is not static based on what I am seeing here in file /usr/local/ispconfig/interface/lib/classes/tform.inc.php:

Code:

if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
                 $salt="$1$";
                 $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';

                 for ($n=0;$n<8;$n++) {

                  //$salt.=chr(mt_rand(64,126));

                 $salt.=$base64_alphabet[mt_rand(0,63)];

                 }
          $salt.="$";

             $record[$key] = crypt($record[$key],$salt);

             $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";

} elseif { ........ }

How does Squirrelmail handle login? How is the password checked? If you could point me in that direction, I'd be able to get that plugin to work. I think or hope.

Thanks

 

Wonderful!!!

Thanks Till for your help. It's good now.

Here is what I did:

In the config.php of the plugin change_sqlpass, I set the following variables as followed:

Code:

$csp_dsn = 'mysql://dbuser:dbuser_pass@localhost/ISPConfigDB';

where dbuser is the user who has access to the ISPConfig database ISPConfigDB. Replace ISPConfigDB with the name of your ISPConfig database (dbispconfig by default) and dbuser_pass with the user password.

Code:

$lookup_password_query = 'SELECT count(*) FROM mail_user WHERE email = "%1" AND password = %4';

where mail_user is the table used by ISPConfig3 and email and password are the columns in that table.

Code:

$password_update_queries = array('UPDATE mail_user SET password = %4 WHERE email = "%1"');

Code:

$password_encryption = 'MYSQLENCRYPT';

Till, I know you said to use MD5CRYPT but it did not work for me. When I used it, the password I enter on the change password form as my old password could not be matched with the one in the database.

Code:

$csp_salt_static = 'LEFT(password, 12)';

That worked for me.

Thanks.