How To Configure SquirrelMail To Allow Users To Change Their Email Passwords On An ISPConfig 3 Server

This guide explains how you can configure your SquirrelMail webmail application on an ISPConfig 3 server so that email users can change their passwords themselves directly in SquirrelMail. I make this guide to help in this thread: https://www.howtoforge.com/forums/showthread.php?t=35297

I do not issue any guarantee that this will work for you!

 

1 - Download and install change_sqlpass plugin

cd /usr/share/squirrelmail/plugins/
wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fchange_sqlpass-3.3-1.2.tar.gz
tar zxvf change_sqlpass-3.3-1.2.tar.gz
cd change_sqlpass

 

2 - Patch functions.php (BUG with md5crypt)

vi functions.php

Search for this:

case strtolower(PASSWORD_ENCRYPTION_MD5CRYPT):
return '"' . md5crypt($password, $salt) . '"';

Change to:

case strtolower(PASSWORD_ENCRYPTION_MD5CRYPT):
include_once(SM_PATH . 'plugins/change_sqlpass/md5crypt.php');
return '"' . md5crypt($password, $salt) . '"';

 

3 - Create new config.php with this content (don’t use the default config.php.sample)

vi config.php

Before you copy the content, change this line with your MySQL password (your_mysql_password):

$csp_dsn = 'mysql://root:[email protected]/dbispconfig';

Here's the full config.php file: 

<?php

/**
  * SquirrelMail Change SQL Password Plugin
  * Copyright (C) 2001-2002 Tyler Akins
  *               2002 Thijs Kinkhorst <[email protected]>
  *               2002-2005 Paul Lesneiwski <[email protected]>
  * This program is licensed under GPL. See COPYING for details
  *
  * @package plugins
  * @subpackage Change SQL Password
  *
  */


   // Global Variables, don't touch these unless you want to break the plugin
   //
   global $csp_dsn, $password_update_queries, $lookup_password_query,
          $force_change_password_check_query, $password_encryption,
          $csp_salt_query, $csp_salt_static, $csp_secure_port,
          $csp_non_standard_http_port, $csp_delimiter, $csp_debug,
          $min_password_length, $max_password_length, $include_digit_in_password,
          $include_uppercase_letter_in_password, $include_lowercase_letter_in_password,
          $include_nonalphanumeric_in_password;



   // csp_dsn
   //
   // Theoretically, any SQL database supported by Pear should be supported
   // here.  The DSN (data source name) must contain the information needed
   // to connect to your database backend. A MySQL example is included below.
   // For more details about DSN syntax and list of supported database types,
   // please see:
   //   http://pear.php.net/manual/en/package.database.db.intro-dsn.php
   //
   $csp_dsn = 'mysql://root:[email protected]/dbispconfig';



   // lookup_password_query
   //
   // This plugin will always verify the user's old password
   // against their login password, but an extra check can also
   // be done against the database for more security if you
   // desire.  If you do not need the extra password check,
   // make sure this setting is empty.
   //
   // This is a query that returns a positive value if a user
   // and password pair are found in the database.
   //
   // This query should return one value (one row, one column), the
   // value being ideally a one or a zero, simply indicating that
   // the user/password pair does in fact exist in the database.
   //
   //   %1 in this query will be replaced with the full username
   //      (including domain), such as "[email protected]"
   //   %2 in this query will be replaced with the username (without
   //      any domain portion), such as "jose"
   //   %3 in this query will be replaced with the domain name,
   //      such as "example.com"
   //   %4 in this query will be replaced with the current (old)
   //      password in whatever encryption format is needed per other
   //      plugin configuration settings (Note that the syntax of
   //      the password will be provided depending on your encryption
   //      choices, so you NEVER need to provide quotes around this
   //      value in the query here.)
   //   %5 in this query will be replaced with the current (old)
   //      password in unencrypted plain text.  If you do not use any
   //      password encryption, %4 and %5 will be the same values,
   //      except %4 will have double quotes around it and %5 will not.
   //
   //$lookup_password_query = '';
   // TERRIBLE SECURITY: $lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" AND plain_password = "%5"';
   $Lookup_Password_Query = 'SELECT count(*) FROM mail_user WHERE email = "%1" AND crypt_password = %4';
   //$Lookup_Password_Query = '';



   // password_update_queries
   //
   // An array of SQL queries that will all be executed
   // whenever a password change attempt is made.
   //
   // Any number of queries may be included here.
   // The queries will be executed in the order given here.
   //
   //   %1 in all queries will be replaced with the full username
   //      (including domain), such as "[email protected]le.com"
   //   %2 in all queries will be replaced with the username (without
   //      any domain portion), such as "jose"
   //   %3 in all queries will be replaced with the domain name,
   //      such as "example.com"
   //   %4 in all queries will be replaced with the new password
   //      in whatever encryption format is needed per other
   //      plugin configuration settings (Note that the syntax of
   //      the password will be provided depending on your
   //      encryption choices, so you NEVER need to provide quotes
   //      around this value in the queries here.)
   //   %5 in all queries will be replaced with the new password
   //      in unencrypted plain text - BEWARE!  If you do not use
   //      any password encryption, %4 and %5 will be the same
   //      values, except %4 will have double quotes around it
   //      and %5 will not.
   //
   $password_update_queries = array(
            'UPDATE mail_user SET password = %4 WHERE email = "%1"',
//            'UPDATE users SET crypt_password = %4 WHERE username = "%1"',
//            'UPDATE user_flags SET force_change_pwd = 0 WHERE username = "%1"',
//            'UPDATE users SET crypt_password = %4, force_change_pwd = 0 WHERE username = "%1"',
                                   );



   // force_change_password_check_query
   //
   // A query that checks for a flag that indicates if a user
   // should be forced to change their password.  This query
   // should return one value (one row, one column) which is
   // zero if the user does NOT need to change their password,
   // or one if the user should be forced to change it now.
   //
   // This setting should be an empty string if you do not wish
   // to enable this functionality.
   //
   //   %1 in this query will be replaced with the full username
   //      (including domain), such as "[email protected]"
   //   %2 in this query will be replaced with the username (without
   //      any domain portion), such as "jose"
   //   %3 in this query will be replaced with the domain name,
   //      such as "example.com"
   //
   //$force_change_password_check_query = 'SELECT IF(force_change_pwd = "yes", 1, 0) FROM users WHERE username = "%1"';
   //$force_change_password_check_query = 'SELECT force_change_pwd FROM users WHERE username = "%1"';
   //$force_change_password_check_query = 'SELECT force_change_pwd FROM mail_user WHERE email = "%1"';
   $force_change_password_check_query = '';



   // password_encryption
   //
   // What encryption method do you use to store passwords
   // in your database?  Please use one of the following,
   // exactly as you see it:
   //
   //   NONE          Passwords are stored as plain text only
   //   MYSQLPWD      Passwords are stored using the MySQL password() function
   //   MYSQLENCRYPT  Passwords are stored using the MySQL encrypt() function
   //   PHPCRYPT      Passwords are stored using the PHP crypt() function
   //   MD5CRYPT      Passwords are stored using encrypted MD5 algorithm
   //   MD5           Passwords are stored as MD5 hash
   //
   $password_encryption = 'MD5CRYPT';



   // csp_salt_query
   // csp_salt_static
   //
   // Encryption types that need a salt need to know where to get
   // that salt.  If you have a constant, known salt value, you
   // should define it in $csp_salt_static.  Otherwise, leave that
   // value empty and define a value for the $csp_salt_query.
   //
   // Leave both values empty if you do not need (or use) salts
   // to encrypt your passwords.
   //
   // The query should return one value (one row, one column) which
   // is the salt value for the current user's password.  This
   // query is ignored if $csp_salt_static is anything but empty.
   //
   //   %1 in this query will be replaced with the full username
   //      (including domain), such as "[email protected]"
   //   %2 in this query will be replaced with the username (without
   //      any domain portion), such as "jose"
   //   %3 in this query will be replaced with the domain name,
   //      such as "example.com"
   //
   //$csp_salt_static = 'LEFT(crypt_password, 2)';
   //$csp_salt_static = '"a4"';  // use this format with MYSQLENCRYPT
   //$csp_salt_static = '$2$blowsomefish$';  // use this format with PHPCRYPT


   //$csp_salt_query = 'SELECT SUBSTRING_INDEX(crypt_password, '$', 1) FROM mail_user WHERE email = "%1"';
   //$csp_salt_query = 'SELECT SUBSTRING(crypt_password, (LENGTH(SUBSTRING_INDEX(crypt_password, '$', 2)) + 2)) FROM users WHERE username = "%1"';
   //$csp_salt_query = 'SELECT salt FROM users WHERE username = "%1"';
   $csp_salt_query = 'SELECT SUBSTRING(PASSWORD, 4, 8) FROM mail_user WHERE email = "%1"';




   // csp_secure_port
   //
   // You may ensure that SSL encryption is used during password
   // change by setting this to the port that your HTTPS is served
   // on (443 is typical).  Set to zero if you do not wish to force
   // an HTTPS connection when users are changing their passwords.
   //
   // You may override this value for certain domains, users, or
   // service levels through the Virtual Host Login (vlogin) plugin
   // by setting a value(s) for $vlogin_csp_secure_port in the vlogin
   // configuration.
   //
   $csp_secure_port = 0;
   //$csp_secure_port = 443;



   // csp_non_standard_http_port
   //
   // If you serve standard HTTP web requests on a non-standard
   // port (anything other than port 80), you should specify that
   // port number here.  Set to zero otherwise.
   //
   // You may override this value for certain domains, users, or
   // service levels through the Virtual Host Login (vlogin) plugin
   // by setting a value(s) for $vlogin_csp_non_standard_http_port
   // in the vlogin configuration.
   //
   //$csp_non_standard_http_port = 8080;
   $csp_non_standard_http_port = 0;



   // min_password_length
   // max_password_length
   // include_digit_in_password
   // include_uppercase_letter_in_password
   // include_lowercase_letter_in_password
   // include_nonalphanumeric_in_password
   //
   // You can set the minimum and maximum password lengths that
   // you accept or leave those settings as zero to indicate that
   // no limit should be applied.
   //
   // Turn on any of the other settings here to check that the
   // new password contains at least one digit, upper case letter,
   // lower case letter and/or one non-alphanumeric character.
   //
   $min_password_length = 6;
   $max_password_length = 0;
   $include_digit_in_password = 0;
   $include_uppercase_letter_in_password = 0;
   $include_lowercase_letter_in_password = 0;
   $include_nonalphanumeric_in_password = 0;



   // csp_delimiter
   //
   // if your system has usernames with something other than
   // an "@" sign separating the user and domain portion,
   // specify that character here
   //
   //$csp_delimiter = '|';
   $csp_delimiter = '@';



   // debug mode
   //
   $csp_debug = 0;



?>

 

4 - Download and install compatibility plugin

cd ..
wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fcompatibility-2.0.14-1.0.tar.gz
tar zxvf compatibility-2.0.14-1.0.tar.gz

NOTE: This plugin doesn't need activation, only decompress the plugin.

 

5 - Install pear DB

pear install DB

 

6 - Clean the installation

cd ..
rm change_sqlpass-3.3-1.2.tar.gz
rm compatibility-2.0.14-1.0.tar.gz

 

7 - Activate the plugin in SquirrelMail

squirrelmail-configure
8. Plugins
x. change_sqlpass

Save S and exit Q.

Now test your installation. ;)

Share this page:

Suggested articles

26 Comment(s)

Add comment

Comments

By:
Reply  

Thanks for the clear guide CubAfull

I also had the header errors. This was caused because I had two "enters" after the ?> at the bottom. Deleted the "enters" and it works perfectly!

Cheers,

Rudolf.

 

By:
Reply  

Thanks for this plugin, it seems to work very well.

Just a little thing : the last "cd .." command is wrong, isn't it ?

 

Thanks you very much !

By:
Reply  

After the install of the plugin (on a ubuntu 9.10 fresh install with ISPconfig3), it worked ok and users could change passwords, but they (the users) got two header errors after inputting the new password, which caused them to have to reenter .../webmail to continue with the new password.

If anyone else got them, i've fixed the errors by editing the config.php and functions.php of the plugin at the lines shown in the error statements. Just comment out the lines and it will work ok..

 Also, remember not to have any blank lines before <?php  in the beginning of the files and after the ending ?> at the end of the configs. My default config.php had 2 extra lines..

Mitz

By:
Reply  

works like a charm. Just installed squirrelmail on an ispconfig3 server yesterday and looked for a way to let my users changing password for themselves.

great job!

magenbrot

By: Tom
Reply  

I received an error when I used this line from the config.php file:

$Lookup_Password_Query = 'SELECT count(*) FROM mail_user WHERE email = "%1" AND crypt_password = %4';

The error said that the old password could not be located [paraphrased].  When I double checked the fields in the ISPConfig database, I did not see a field named crypt_password.  I changed the query to use the password field and then it worked.

By: Tosin
Reply  

Hi am having similar problem, can u explain better where you changed the query to use password field.

By:
Reply  

This is the squirrelmail problem:

 Could not find Pear DB library

But this is my pear list:

 Installed packages, channel pear.php.net:
=========================================
Package          Version State
Console_Getopt   1.2.3   stable
DB               1.7.13  stable
MDB2             2.4.1   stable
PEAR             1.9.0   stable
Structures_Graph 1.0.3   stable
XML_Parser       1.3.2   stable
XML_Util         1.2.1   stable

I don't understand

By: MrMark
Reply  

I have the same problem:

Installed packages, channel pear.php.net:
=========================================
Package                   Version  State
Archive_Tar               1.3.5    stable
Config                    1.10.11  stable
Console_Color             1.0.2    stable
Console_CommandLine       1.0.6    stable
Console_Getopt            1.2.3    stable
Console_Table             1.1.3    stable
DB                        1.7.13   stable
DBA                       1.1.1    stable
DB_DataObject             1.8.7    stable
DB_DataObject_FormBuilder 1.0.0RC5 beta
DB_NestedSet              1.3.6    beta
DB_Pager                  0.7.2    beta
DB_QueryTool              1.1.0    stable
DB_Sqlite_Tools           0.1.6    alpha
DB_Table                  1.5.6    stable
DB_ldap                   1.2.0    stable
DB_ldap2                  0.5.0    beta
Date                      1.5.0a1  alpha
HTML_Common               1.2.5    stable
HTML_QuickForm            3.2.10   stable
HTML_Template_IT          1.2.1    stable
HTML_TreeMenu             1.2.1    stable
Image_GraphViz            1.2.1    stable
Log                       1.11.6   stable
MDB2                      2.4.1    stable
MDB2_Driver_mysql         1.4.1    stable
Mail                      1.1.14   stable
Net_FTP                   1.3.7    stable
Net_UserAgent_Detect      2.5.0    stable
PEAR                      1.7.2    stable
PEAR_Frontend_Web         0.7.3    beta
Structures_Graph          1.0.2    stable
XML_Parser                1.3.2    stable
XML_Tree                  2.0.0RC2 beta
[13:20:02 [email protected]:php]# pear install DB
Ignoring installed package pear/DB
Nothing to install
 

Could not find Pear DB library

Maybe  plugin Change SQL Password is incompatibility with DB 1.7.13 ?

Mark

By: roller24
Reply  

Mine works, but in my pear list I have

Auth

perhaps that is the pear mod you need.

 

also check the config files from the plugin and make sure that pear is in the directory that is getting called.

 

By: Anonymous
Reply  

my server debian squeeze with bind and dovecot ispconfig3 and i follow this configuration "https://www.howtoforge.com/perfect-server-debian-squeeze-with-bind-and-dovecot-ispconfig-3" i create ftp and database for my website and it's work,

but i can't open www.domain.com/webmail so i must do step "20.2"

but when i follow this configuration to change password user i got this error when i change password "Could not find Pear DB library" 

when i don't do step "20.2" i succeed change password but i can't open www.domain.com/webmail, i open webmail using ip 192.168.0.100/webmail


anyone can help me so 

1. i can create ftp and database for my website

2. i can open www.domain.com/webmail and

3. i can change password succeed ?


thx before

By:
Reply  

I had the same error.

Found this link which details how to fix it..

http://www.evilbox.ro/linux/change-password-plugin-for-squirrelmail-on-ispconfig-3/

 

By: laxminarayan
Reply  

hello sir ,

plese kya koi mere pc ko remote access leke squirrelmail ki configuratiopn kar sakta hai .....!

By: Cristian
Reply  

Very nice place, thank you very much!!!

By: bighorn
Reply  

when ever i want change pwd...it gave error

"Could not make database connection"

Can someone point me where to look??

im sure i put mysql pswd correct.

By: T4nu
Reply  

open the config.php at /usr/share/squirrelmail/plugins

find the line $csp_dsn = .... and fix that to your setting.

By: bighorn
Reply  

After done all the steps, when ever try to change password...my webmail give error "couldn't make database connection".

 i'm not installing any ISPconfig, maybe thats why config file cant find "dbispconfig" in my mysql which is the db is not exist...

 So, for my case (no ISPconfig installed) what i got to change to make it work?

 Please help...thanks

By: Louis
Reply  
By: Louis
Reply  

Hai,

i run the perfect setup on debian Squeeze, this all went ok, and ispconfig is running fine.

now i want this also in squirrelmail.
i added the plugings, configured them as on the site is standing.
did the:   vi functions.php
als the : vi config.php

checked the whole config.php

but at first i got : DATABASE ERROR: could not lookup salt:
this was a change in the config.php ( of the plugin ) the password_encryption was MYSQLPWD
so i changed that to MD5CRYPT.

now i get: unable to get old password.

Someone else tried this.

By: Augusto Valdez
Reply  

In step 4, the compatibility plugin works well in SquirrelMail version 1.5.1 or greater or SquirrelMail version 1.4.13 or greater. But in older versions we must to patch the plugin.

Patch your SquirrelMail source code - a new plugin hook is necessary for this plugin, and it can easily be added to most SquirrelMail versions. Make sure you use the patch file that pertains to your version of SquirrelMail, this files are in patches/compability_patch-1.*.*.diff.

The patch command can be run from the compatibility plugin directory :

$ patch -p0 < patches/compatibility_patch-1.4.8.diff

 

Note for Windows users: you can get native patch functionality by installing this very useful package: http://unxutils.sourceforge.net/ I had a Centos 5.5 with squirremail version 1.4.8, after applying this patch works the plugin change_slqpass

By: Jack Hornsberry
Reply  

If you had customized mail server setup, you could really easy write your own plugin, just like that guy did, see http://belsky.info/archives/31-SquirrellMail-Change-Password-Plugin.html

Tried the stuff and rewritten that to work with my database config, it works ... so it might be also useful.

By: Anonymous
Reply  

Hi All,

 I followed the tutorial but changed the compatibility to version 2.0.16-1.0

 

My problem is that when I do 

 squirrelmail-configure 

I get the error : command not found

 From which directory do we run the command.

 

Thanks in advance for your help.

By: Anonymous
Reply  

Did you solve this issue?? i cannot run the command ..

 

By: Anonymous
Reply  

Hi,

I have installed ISPConfig3 on a fresh Ubuntu 14.04 64bit

 Followed the instal guides to the letter and everything works fine except for the Squirrelmail password-change function.  I get an error: Could not find Pear DB library

After following every possible fix I could find I am still at a loss as to how to remedy this.

Any suggestions would be greatly appreciated.

By: Daniel Nascimento
Reply  

To fix the pear DB problem:

 

double check you have installed pear DB thru pear command:

 

<code>

pear install DB

</code>

If its missing some libs: to fear the shell, you should not padawan - just repeat pear install *MISSING* with the dependency.

After, it is a simple line that will do the trick - I dont know why isnt in the How To ... it was a nightmare to find that out too:

 

<code>

apt-get install php-pear php-db

</code>I was so worried about pear modules beeing loaded.. that when I did a stupid "ls" into /usr/share/php .. i noticed that DB wasnt there! It is a Debian like system so ... is there any package for it? voi la! solved.I hope it will work out for you guys.Thank you!Daniel Nascimento:.

By: sidik
Reply  

nice

By: Gregg Woodcock
Reply  

Use conf.pl intead: find / -name squirrelmailIt should be in .../squirrelmail/config/conf.pl