Issues with Change SQL Password plugin for Squirrel Mail on Centos 5.4 and ISPConfig3

[centosarus]

I have this setup per this howto "The Perfect Server - CentOS 5.4 x86_64 [ISPConfig 3]":
http://www.howtoforge.com/perfect-se...64-ispconfig-3

And I am trying to setup the Change SQL Password plugin per this howto: http://www.howtoforge.com/virtual-us...-5.3-x86_64-p5 ,starting from the

Quote:

SquirrelMail comes with some pre-installed plugins, unfortunately none of them is capable of letting us change our email password in our MySQL database. But there's the Change SQL Password plugin which we can install manually:

section.

However after I logged in to webmail and tried to change the password using the new plugin, I get this error:

Quote:

Could not make database connection

I am assuming that the following code in the config.php of the pluging may not be correct:

Code:

$csp_dsn = 'mysql://mail_admin:mail_admin_password@localhost/mail';

Please help. Thanks

[till]

This tutorial http://www.howtoforge.com/virtual-us...-5.3-x86_64-p5 is not compatible with ispconfig, ispconfig uses a different mail user table layout.

If you want to use a similar setup with ispconfig, you will have to change the settings in the config.php file to match the table and column names used for ispconfig email users.

[centosarus]

Thanks for the reply, Till.

I changed the necessary in order to get the DB connection going, however a "Your old password does not match" error from the Change Password screen. I think it has to do with the password encryption used.

Which encryption should I use? In the config.ph file:

Code:

// password_encryption
   //
   // What encryption method do you use to store passwords
   // in your database?  Please use one of the following,
   // exactly as you see it:
   //
   //   NONE          Passwords are stored as plain text only
   //   MYSQLPWD      Passwords are stored using the MySQL password() function
   //   MYSQLENCRYPT  Passwords are stored using the MySQL encrypt() function
   //   PHPCRYPT      Passwords are stored using the PHP crypt() function
   //   MD5CRYPT      Passwords are stored using encrypted MD5 algorithm
   //   MD5           Passwords are stored as MD5 hash
   //
   $password_encryption = 'MYSQLENCRYPT';

and this is used also:

Code:

$csp_salt_static = 'LEFT(password, 2)';

Has anyone successfully used the Change SQL Password plugin with an ISPConfig3 and Squirrelmail setup??

Thanks

[till]

I guess the correct function will be "MD5CRYPT".

Here is a short explanation on how the salt is composed for md5crypt:

http://www.howtoforge.com/forums/sho...4&postcount=12

[centosarus]

Unless I am mistaken, it appears that the salt is not static based on what I am seeing here in file /usr/local/ispconfig/interface/lib/classes/tform.inc.php:

Code:

if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
                 $salt="$1$";
                 $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';

                 for ($n=0;$n<8;$n++) {

                  //$salt.=chr(mt_rand(64,126));

                 $salt.=$base64_alphabet[mt_rand(0,63)];

                 }
          $salt.="$";

             $record[$key] = crypt($record[$key],$salt);

             $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";

} elseif { ........ }

How does Squirrelmail handle login? How is the password checked? If you could point me in that direction, I'd be able to get that plugin to work. I think or hope.

Thanks

[till]

Please see here:

http://www.howtoforge.com/forums/sho...d.php?p=226924

Post #14 and #16

[centosarus]

Thanks Till for your help. It's good now.

Here is what I did:

In the config.php of the plugin change_sqlpass, I set the following variables as followed:

Code:

$csp_dsn = 'mysql://dbuser:dbuser_pass@localhost/ISPConfigDB';

where dbuser is the user who has access to the ISPConfig database ISPConfigDB. Replace ISPConfigDB with the name of your ISPConfig database (dbispconfig by default) and dbuser_pass with the user password.

Code:

$lookup_password_query = 'SELECT count(*) FROM mail_user WHERE email = "%1" AND password = %4';

where mail_user is the table used by ISPConfig3 and email and password are the columns in that table.

Code:

$password_update_queries = array('UPDATE mail_user SET password = %4 WHERE email = "%1"');

Code:

$password_encryption = 'MYSQLENCRYPT';

Till, I know you said to use MD5CRYPT but it did not work for me. When I used it, the password I enter on the change password form as my old password could not be matched with the one in the database.

Code:

$csp_salt_static = 'LEFT(password, 12)';

That worked for me.

Thanks.