How to setup the plugin change password of Roundcube with ISPConfig3

Discussion in 'Installation/Configuration' started by voltron81, Oct 13, 2009.

  1. voltron81

    voltron81 New Member

    Hi to everybody,
    I'm trying to add the plugin of Rooundcube 0.3 that allow to the customer to change the password.
    Basically with this plugin the customer have to write the old password and the new password.
    I changed the database, but I don't know the encryption that ISPConfig is using for the password.
    Finding on the forum, I discover that ISPConfig is using a crypt md5 encryption with salt, and the salt is a random 8 character value.

    So first of all I'll cancel the part concerning the "old password", so I simplify the configuration.

    Analizing the passwords, I noticed that the first 3 characters are always the same ($1$)

    Finding on internet I found this tutorial for Squirremail:

    Trying this command in mysql:
    SELECT SUBSTRING(PASSWORD, 4, 8) FROM mail_user WHERE email = "[email protected]";
    I'll have the next 8 characters of the password.

    After that the next chatacter will be $.

    How can I find the encryption for the other 22 characters?

    Thanks a lot
    Last edited: Oct 13, 2009
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The sql command you used is wrong. you have to fetch the complete password as the first part is also part of the password. The encoding that is used is a crypt-md5 encoding with salt as it is used for passwords in linux distributions, e.g. in /etc/passwd too.

    The PHP manual describes how to create these passwords:
  3. voltron81

    voltron81 New Member

    Hi Till,
    thanks for your answer.
    Ok the encryption is crypt-md5.
    There are a couple of things that I didn't get.

    1) what is exatly the string that we are going to encrypt with crypt-md5? It is for sure not only the password, but it must be also the email address.

    2) Is possible to realize the crypt-md5 encryption with mysql? I think is not possible. In that case, how can I change the the configuration file of the this roundcube 's plugin?
    I'll attach this configuration file:
    // Password Plugin options
    // -----------------------
    // A driver to use for password change. Default: "sql".
    $rcmail_config['password_driver'] = 'sql';
    // Determine whether current password is required to change password.
    // Default: false.
    $rcmail_config['password_confirm_current'] = true;
    // SQL Driver options
    // ------------------
    // PEAR database DSN for performing the query. By default
    // Roundcube DB settings are used.
    $rcmail_config['password_db_dsn'] = 'mysql://user:[email protected]/dbispconfig';
    // The SQL query used to change the password.
    // The query can contain the following macros that will be expanded as follows:
    //      %p is replaced with the plaintext new password
    //      %c is replaced with the crypt version of the new password, MD5 if available
    //         otherwise DES.
    //      %o is replaced with the password before the change
    //      %n is replaced with the hashed version of the new password
    //      %q is replaced with the hashed password before the change
    //      %h is replaced with the imap host (from the session info)
    //      %u is replaced with the username (from the session info)
    //      %l is replaced with the local part of the username
    //      %d is replaced with the domain part of the username
    //         (in case the username is an email address)
    // Escaping of macros is handled by this module.
    // Default: "SELECT update_passwd(%c, %u)"
    $rcmail_config['password_query'] = 'UPDATE mail_user SET password=%p WHERE email=%u AND password=%o LIMIT 1';
    // Using a password hash for %n and %q variables.
    // Determine which hashing algorithm should be used to generate
    // the hashed new and current password for using them within the
    // SQL query. Requires PHP's 'hash' extension.
    $rcmail_config['password_hash_algorithm'] = 'sha1';
    // You can also decide whether the hash should be provided
    // as hex string or in base64 encoded format.
    $rcmail_config['password_hash_base64'] = false;
    // Poppassd Driver options
    // -----------------------
    // The host which changes the password
    $rcmail_config['password_pop_host'] = 'localhost';
    // TCP port used for poppassd connections
    $rcmail_config['password_pop_port'] = 106;
    // SASL Driver options
    // -------------------
    // Additional arguments for the saslpasswd2 call
    $rcmail_config['password_saslpasswd_args'] = '';
    // LDAP Driver options
    // -------------------
    // LDAP server name to connect to.
    // You can provide one or several hosts in an array in which case the hosts are tried from left to right.
    // Exemple: array('', '');
    // Default: 'localhost'
    $rcmail_config['password_ldap_host'] = 'localhost';
    // LDAP server port to connect to
    // Default: '389'
    $rcmail_config['password_ldap_port'] = '389';
    // TLS is started after connecting
    // Using TLS for password modification is recommanded.
    // Default: false
    $rcmail_config['password_ldap_starttls'] = false;
    // LDAP version
    // Default: '3'
    $rcmail_config['password_ldap_version'] = '3';
    // LDAP base name (root directory)
    // Exemple: 'dc=exemple,dc=com'
    $rcmail_config['password_ldap_basedn'] = 'dc=exemple,dc=com';
    // LDAP connection method
    // There is two connection method for changing a user's LDAP password.
    // 'user': use user credential (recommanded, require password_confirm_current=true)
    // 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW)
    // Default: 'user'
    $rcmail_config['password_ldap_method'] = 'user';
    // LDAP Admin DN
    // Used only in admin connection mode
    // Default: null
    $rcmail_config['password_ldap_adminDN'] = null;
    // LDAP Admin Password
    // Used only in admin connection mode
    // Default: null
    $rcmail_config['password_ldap_adminPW'] = null;
    // LDAP user DN mask
    // The user's DN is mandatory and as we only have his login,
    // we need to re-create his DN using a mask
    // '%login' will be replaced by the current roundcube user's login
    // '%name' will be replaced by the current roundcube user's name part
    // '%domain' will be replaced by the current roundcube user's domain part
    // Exemple: 'uid=%login,ou=people,dc=exemple,dc=com'
    $rcmail_config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com';
    // LDAP password hash type
    // Standard LDAP encryption type which must be one of: crypt,
    // ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
    // Please note that most encodage types require external libraries
    // to be included in your PHP installation, see function hashPassword in drivers/ldap.php for more info.
    // Default: 'crypt'
    $rcmail_config['password_ldap_encodage'] = 'crypt';
    // LDAP password attribute
    // Name of the ldap's attribute used for storing user password
    // Default: 'userPassword'
    $rcmail_config['password_ldap_pwattr'] = 'userPassword';
    // LDAP password force replace
    // Force LDAP replace in cases where ACL allows only replace not read
    // See
    // Default: true
    $rcmail_config['password_ldap_force_replace'] = true;
    // DirectAdmin Driver options
    // --------------------------
    // The host which changes the password
    $rcmail_config['password_directadmin_host'] = 'localhost';
    // TCP port used for DirectAdmin connections
    $rcmail_config['password_directadmin_port'] = 2222;
    Thanks for your help
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    1) It is just the password and not the email address.
    2) mysql is not able to create crypt-md5 password. I posted you the link above that explains in the php-manual how to encode passwords with crypt-md5, the first post in the comments contains a complete encryption function.
  5. voltron81

    voltron81 New Member

    As readed in the link that you suggest me, the encryption string should be something like crypt-md5crypt('password', '$1$emailaddress$')
    But I don't konw how to put this command into the configuration file of this plugin, as this encryption is not working with mysql and I can not put it into the mysql command.

  6. voltron81

    voltron81 New Member

    Ok I tried this simple PHP script and is working:
    $password = crypt('password' , '[email protected]$');
    print $password . " is the CRYPT-MD5 version of mypassword<br>";
    Basically I've copied the result of this script and paste into the dbispconfig database, and is working.
    The problem now is to add this script to the Roundcube plugin.

    I tried to add something like that:
    $passwd = crypt(%p , %u);
    $rcmail_config['password_query'] = 'UPDATE mail_user SET password=$passwd WHERE email=%u LIMIT 1';
    but I've have an error (white screen).

    Any suggestion?
  7. voltron81

    voltron81 New Member

    Ok I solved it.
    Basically I created a new macro in /roundcube/plugins/password/drivers/sql.php where I'm doing the encryption and in the config file of the plugin I'll just use the result of that macro...
  8. rak

    rak New Member


    In roundcube/plugins/password/ change code to this:

    $rcmail_config['password_query'] = 'UPDATE mail_user SET password=%r WHERE email=%u LIMIT 1';
    In roundcube/plugins/password/drivers/sql.php add a new macro (I added it after %o on line 90):

    $sql = str_replace('%r', $db->quote(crypt($passwd,$_SESSION['username'])), $sql);
    Worked for me, but only the crypt() function is used, so the format of the password wouldn't be "$1$lGr|wp|f$NU.MEUHPCGqBGIcDZSi321" anymore. Maybe somebody has a suggestion for the right macro ?! :)
    Last edited: Jan 31, 2010
  9. Samgarr

    Samgarr New Member

    i configured the plugin according to rak's post but the password does not change. Any ideas? Thanks!
    [24-Feb-2011 22:14:56] MDB2 Error: syntax error (-2): _doQuery: [Error message: Could not execute statement]
    [Last executed query: UPDATE mail_user SET password=%r WHERE email='[email protected]' LIMIT 1]
    [Native code: 1064]
    [Native message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%r WHERE email=$
  10. Samgarr

    Samgarr New Member

    nobody knows? It is very important to me, thanks!
  11. Samgarr

    Samgarr New Member

    Now it works, I had a typo in SQL query: (

Share This Page