September-14-2009
Roundcube Workaround.org Password Change
Filed Under (Mailservices with Debian Linux) by martensson

Well well,

Roundcube has just released version 0.3 stable, which triggered me to use the new version with the plugin API, which essentialy should make it more easy to enable more functionalities, without changing RC code or replacing RC’s default files.

So let’s head of with a password change functionality. Since this is a minimum for my service it had to be working before upgrading. And surprise surprise, it is actually quit easy.

So after installing Roundcube 0.3 stable, you need to enable the password plugin in the main.inc.php (Roundcube configuration file). Really easy, open your favourite editor and make sure the plugin is enabled, at least like this:


$rcmail_config['plugins'] = array(password);

And now the bitchy thing starts. Edit the config.inc.php in the pasword plugin directory (eg. /roundcube/plugins/password)

First off all, declare the DSN (Database connection) for your Workaround configuration. The line should be looking something like this.


mysql://yourusername:yourpassword@localhost/mailserver

Where ofcourse yourusername and yourpassword represents your username and password. Please do make a user (or use the one provided in the Workaround.org walkthrough) and DO NOT USE ROOT.

Then ofcourse, we have to configure the password_query (aka the query used to update the password). Since I made my own routine (Stored Procedure), I can use a call. The Stored Procedure is described below.


$rcmail_config['password_query'] = 'CALL sp_password_update(%o,%p,%l,%d)';

Declaration and usage of the %o, %p, %l %d are all explained in the config.inc.php.dist provided with roundcube.

!! If you are running Roundcube 0.3, please note, there is an issue with the %d, please update the driver.sql as described here !!

And now then, ofcourse the Stored procedure


CREATE PROCEDURE `sp_password_update`(passwordold char(40),passwordnew char(50),username char(50),domainname char(40))
BEGIN
insert into `password_changes` (`domainname`, `username`, `passwordold`, `passwordnew`,`changedate`)
values (domainname, username, md5(passwordold), md5(passwordnew), now());
update virtual_users
set password = md5(passwordnew)
where user = username
and password = md5(passwordold)
and domain_id = (select id from virtual_domains where name = domainname);

END$$
I choose to register the password changes in a seperate table, to enforce a strong and regularly update password for the users.
Hereby the SQL to create the password_change table


CREATE TABLE `password_changes` (
`domainname` char(64) NOT NULL,
`username` char(64) NOT NULL,
`passwordold` char(64) NOT NULL,
`passwordnew` char(64) NOT NULL,
`changedate` datetime NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

And there you go!

(0) Comments    Read More


Comments are closed.