ISPConfig 2.2.24 | mailuser app bug?

Discussion in 'General' started by Hans, Jul 16, 2008.

  1. Hans

    Hans Moderator

    I've installed ISPConfig 2.2.24 on Debian Etch and i've noticed that not all mailusers can change their password within the mailuser application at http://www.example.com:81/mailuser (Of course i enabled "Mailuser login" for the site).

    The Administrator mailuser of the website can change the password indeed, but other mailusers which belong to the site can't change their password, while no error message appears!

    I've checked this behaviour on two servers with ISPConfig 2.2.24.
    Is this a bug? I mean it's really a must that every single mailuser can change their own password, not only the administrator user of the particular site.

    If it's not a bug, at least an error message should appear, which informs the user that there is no permission to change the password.
     
  2. till

    till Super Moderator

    I guess it must be a bug. There is no reason why non admin users shall not be able to change their password there. I added it to the bugtracker.
     
  3. Hans

    Hans Moderator

    Thanks Till for your reply. I do hope it will be fixed soon.
     
  4. sonoracomm

    sonoracomm New Member

    Sorry to be a pest, but I just wanted to find out the status of this issue.

    I have (apparently) the same problem with ISPC 2.2.24 on a Centos 5.2 server (yum updated).

    I couldn't find the bugtracker...maybe I wasn't supposed to...

    Thanks again for this great system!

    G
     
  5. Hans

    Hans Moderator

    bugtracker link

    The bugtracker is here. And i do hope that this problem will be fixed indeed soon.
     
  6. bolero

    bolero New Member

    A client just informed me about this problem and I found this thread. This seems indeed to be a bug in 2.2.24 and doesn't depend on using Debian (we use CentOS). This is a really important functionality.
    I hope this is really getting fixed soon and a patch made available (it can only be a small coding problem, I really do not want to apply a whole new ISPConfig via upgrade to my slightly customized installations just because of that tiny snippet).
    If falko or till could point me to the files that are involved I would look myself and check if I can fix it. Thanks!

    Btw, changing the users comment ("name") doesn't work either. It's saved to the db, but not to /etc/passwd. So, it seems that action is either skipped or fails. Should it appear in ispconfig.log if it is attempted?
     
    Last edited: Jul 31, 2008
  7. bolero

    bolero New Member

    Fix for 2.2.24 mailuser bug

    Ok, here's the fix. It's a stupid confusion about a variable name. The bug is in mailuser/mail/table/user.table.php. "user_name" is actually *not* the "username" (that would be user_username), but the user's name/comment field. Thus it allows many more characters than this check:
    "/^[0-9a-zA-Z_\-\.]{0,255}$/"
    This check will fail with any normal name as a full name is guaranteed to contain a space. Quick fix:
    Code:
    $table['user_name'] = array(         'datatype'                 => "VARCHAR",
                                                                              'formtype'                 => "TEXT",
                                                                              'regex'                        => "/^[0-9a-zA-Z_\-\.\s]{0,255}$/",
                                                                              'errmsg'                => "Name contains invalid charcters.",
                                                                              'value'                 => "");
    The \s was added by me. This will allow spaces and thus fix this issue for 99%of the situations. The check should be even more loose, though. Could somebody submit the check from version 2.2.23, please? user.table.php should be reverted to that version.
     
  8. Hans

    Hans Moderator

    Hereby you receive the user.table.php file from ISPConfig 2.2.23 (mailuser module).
     

    Attached Files:

  9. bolero

    bolero New Member

    Thanks. The only difference between the two files is what I explained. I suggest not going back to the 2.2.23 version as it doesn't contain any sanity check. Use this check instead:

    "/^[^:\r\n\t]{0,255}$/"

    This allows almost any character except for colons, line-feeds etc. It should be safe to use that as I think any kind of character except for these should be allowed in /etc/passwd. If you want to be more strict use the check I posted first.
     
  10. Hans

    Hans Moderator

  11. Ben

    Ben HowtoForge Supporter

    Great thing, saw it the first time... but login via email as username is not possible, right?
     
  12. till

    till Super Moderator

    Fixed this in svn.
     
  13. Hans

    Hans Moderator

    I replaced the file user.table.php with the new version from SVN and i want you to know that is works. This means, changing passwords for clients is possible again.

    Thanks for the fix!
     
  14. bolero

    bolero New Member

    Unfortunately, it stopped working for me. It worked with the change in code I made last week, but this week the user changes are not carried over to /etc/passwd, /etc/shadow, although I used the original files in /root (config.lib.php and ispconfig_system.lib.php). It seems that $mod->system->updateuser fails silently. I wanted to check against svn, but the log tells me last revision is July 9. I checked out svn://svn.ispconfig.org/ispconfig/trunk/ What should I check out instead?
     
  15. Hans

    Hans Moderator

    @Bolero,
    I have used the one from SVN stable.
    It is attached to this message. It works for me.
     

    Attached Files:

  16. bolero

    bolero New Member

    Yes, I made a stupid mistake. After having fixed it, I added a logging line in updateuser() and didn't test again. That line didn't work without access to the global $mod array. It's now working again. Thanks for the file, but I would rather check it out myself. The svn path I mentioned checks out 2.2.24. What's the path for HEAD code?
     
  17. Hans

    Hans Moderator

    Please have a look here.
    So use svn://svn.ispconfig.org/ispconfig/branches/ISPConfig-2.2.stable
     
  18. bolero

    bolero New Member

  19. bolero

    bolero New Member

    Till, you may want to correct the small typo in it as well:
    Name contains invalid charcters. ->
    Name contains invalid characters.
    I think there is also a problem with picking this error message up. I didn't check the code more thoroughly, so I don't know if there is an intention to display it. At least at the moment it doesn't display, so nobody knows that it fails silently.
     
  20. Hans

    Hans Moderator

    @Bolero,

    I've corrected the "charcters" typo on line 73 of the file and saved it to SVN.
     

Share This Page