change_sqlpass for qmailtoaster

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi

i was able to adapt the change_sqlpass plugin to suit vpopmail mysql database of qmailtoaster wherein the domains are created as domain_com.

however i got stuck at one specific point

as per the details in the config file the variable : %3 returns the domain name as : domainname.com

how do i get domainname.com within a variable so that i can replace dot with underscore ie domainname.com with domainname_com

for example i tried to use : $domainname = %3; but php throws a blank page.

if i use %3 within sql select query the domain name (domainname.com) is returned correctly.

i am not a php programmer but have a very basic knowledge only.

my change_sqlpass config file is quoted below

any help would be greatly appreciated. i am trying to figure this for so many weeks now and i am stuck at the very last step.

rajesh


<?php

/**
  * SquirrelMail Change SQL Password Plugin
  * Copyright (C) 2001-2002 Tyler Akins
  *              2002 Thijs Kinkhorst <kink@xxxxxxxxxxxxxxxxxxxxx>
  *              2002-2005 Paul Lesneiwski <paul@xxxxxxxxxxxxx>
  * This program is licensed under GPL. See COPYING for details
  *
  * @package plugins
  * @subpackage Change SQL Password
  *
  */


  // Global Variables, don't touch these unless you want to break the plugin
  //
  global $csp_dsn, $password_update_queries, $lookup_password_query,
          $force_change_password_check_query, $password_encryption,
          $csp_salt_query, $csp_salt_static, $csp_secure_port,
          $csp_non_standard_http_port, $csp_delimiter, $csp_debug,
          $min_password_length, $max_password_length, $include_digit_in_password,
          $include_uppercase_letter_in_password, $include_lowercase_letter_in_password,
          $include_nonalphanumeric_in_password;



  // csp_dsn
  //
  // Theoretically, any SQL database supported by Pear should be supported
  // here.  The DSN (data source name) must contain the information needed
  // to connect to your database backend. A MySQL example is included below.
  // For more details about DSN syntax and list of supported database types,
  // please see:
  //  http://pear.php.net/manual/en/package.database.db.intro-dsn.php
  //
  //$csp_dsn = 'mysql://user:password@localhost/email_users';
$csp_dsn = 'mysql://vpopmail:xxxxxx@localhost/vpopmail';


  // lookup_password_query
  //
  // This plugin will always verify the user's old password
  // against their login password, but an extra check can also
  // be done against the database for more security if you
  // desire.  If you do not need the extra password check,
  // make sure this setting is empty.
  //
  // This is a query that returns a positive value if a user
  // and password pair are found in the database.
  //
  // This query should return one value (one row, one column), the
  // value being ideally a one or a zero, simply indicating that
  // the user/password pair does in fact exist in the database.
  //
  //  %1 in this query will be replaced with the full username
  //      (including domain), such as "jose@xxxxxxxxxxx"
  //  %2 in this query will be replaced with the username (without
  //      any domain portion), such as "jose"
  //  %3 in this query will be replaced with the domain name,
  //      such as "example.com"
  //  %4 in this query will be replaced with the current (old)
  //      password in whatever encryption format is needed per other
  //      plugin configuration settings (Note that the syntax of
  //      the password will be provided depending on your encryption
  //      choices, so you NEVER need to provide quotes around this
  //      value in the query here.)
  //  %5 in this query will be replaced with the current (old)
  //      password in unencrypted plain text.  If you do not use any
  //      password encryption, %4 and %5 will be the same values,
  //      except %4 will have double quotes around it and %5 will not.
  //


//$domainname = %3;
//$tablename = str_replace(".","_",$domainname);

  //$lookup_password_query = '';
  // TERRIBLE SECURITY: $lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" AND plain_password = "%5"';
//  $lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" AND crypt_password = %4';

// $lookup_password_query = 'SELECT count(*) FROM $tablename WHERE pw_name = "%2" AND pw_domain = "%3" AND pw_passwd = %4';

$lookup_password_query = 'SELECT count(*) FROM mydomain_com WHERE pw_name = "%2" AND pw_passwd = %4';





  // password_update_queries
  //
  // An array of SQL queries that will all be executed
  // whenever a password change attempt is made.
  //
  // Any number of queries may be included here.
  // The queries will be executed in the order given here.
  //
  //  %1 in all queries will be replaced with the full username
  //      (including domain), such as "jose@xxxxxxxxxxx"
  //  %2 in all queries will be replaced with the username (without
  //      any domain portion), such as "jose"
  //  %3 in all queries will be replaced with the domain name,
  //      such as "example.com"
  //  %4 in all queries will be replaced with the new password
  //      in whatever encryption format is needed per other
  //      plugin configuration settings (Note that the syntax of
  //      the password will be provided depending on your
  //      encryption choices, so you NEVER need to provide quotes
  //      around this value in the queries here.)
  //  %5 in all queries will be replaced with the new password
  //      in unencrypted plain text - BEWARE!  If you do not use
  //      any password encryption, %4 and %5 will be the same
  //      values, except %4 will have double quotes around it
  //      and %5 will not.
  //
  $password_update_queries = array(

'UPDATE mydomain_com SET pw_passwd = %4 WHERE pw_name = "%2"',
'UPDATE mydomain_com SET pw_clear_passwd = %5 WHERE pw_name = "%2"',

//            'UPDATE users SET crypt_password = %4 WHERE username = "%1"',
//            'UPDATE user_flags SET force_change_pwd = 0 WHERE username = "%1"',
//            'UPDATE users SET crypt_password = %4, force_change_pwd = 0 WHERE username = "%1"',
                                  );



  // force_change_password_check_query
  //
  // A query that checks for a flag that indicates if a user
  // should be forced to change their password.  This query
  // should return one value (one row, one column) which is
  // zero if the user does NOT need to change their password,
  // or one if the user should be forced to change it now.
  //
  // This setting should be an empty string if you do not wish
  // to enable this functionality.
  //
  //  %1 in this query will be replaced with the full username
  //      (including domain), such as "jose@xxxxxxxxxxx"
  //  %2 in this query will be replaced with the username (without
  //      any domain portion), such as "jose"
  //  %3 in this query will be replaced with the domain name,
  //      such as "example.com"
  //
  //$force_change_password_check_query = 'SELECT IF(force_change_pwd = "yes", 1, 0) FROM users WHERE username = "%1"';
  //$force_change_password_check_query = 'SELECT force_change_pwd FROM users WHERE username = "%1"';
  $force_change_password_check_query = '';



  // password_encryption
  //
  // What encryption method do you use to store passwords
  // in your database?  Please use one of the following,
  // exactly as you see it:
  //
  //  NONE          Passwords are stored as plain text only
  //  MYSQLPWD      Passwords are stored using the MySQL password() function
  //  MYSQLENCRYPT  Passwords are stored using the MySQL encrypt() function
  //  PHPCRYPT      Passwords are stored using the PHP crypt() function
  //  MD5CRYPT      Passwords are stored using encrypted MD5 algorithm
  //  MD5          Passwords are stored as MD5 hash
  //
  //$password_encryption = 'MYSQLPWD';

$password_encryption = 'MD5CRYPT';


  // csp_salt_query
  // csp_salt_static
  //
  // Encryption types that need a salt need to know where to get
  // that salt.  If you have a constant, known salt value, you
  // should define it in $csp_salt_static.  Otherwise, leave that
  // value empty and define a value for the $csp_salt_query.
  //
  // Leave both values empty if you do not need (or use) salts
  // to encrypt your passwords.
  //
  // The query should return one value (one row, one column) which
  // is the salt value for the current user's password.  This
  // query is ignored if $csp_salt_static is anything but empty.
  //
  //  %1 in this query will be replaced with the full username
  //      (including domain), such as "jose@xxxxxxxxxxx"
  //  %2 in this query will be replaced with the username (without
  //      any domain portion), such as "jose"
  //  %3 in this query will be replaced with the domain name,
  //      such as "example.com"
  //
  //$csp_salt_static = 'LEFT(crypt_password, 2)';
  //$csp_salt_static = '"a4"';  // use this format with MYSQLENCRYPT
  //$csp_salt_static = '$2$blowsomefish$';  // use this format with PHPCRYPT

$csp_salt_static = '';


  //$csp_salt_query = 'SELECT SUBSTRING_INDEX(crypt_password, '$', 1) FROM users WHERE username = "%1"';
  //$csp_salt_query = 'SELECT SUBSTRING(crypt_password, (LENGTH(SUBSTRING_INDEX(crypt_password, '$', 2)) + 2)) FROM users WHERE username = "%1"';
//  $csp_salt_query = 'SELECT salt FROM users WHERE username = "%1"';
  //$csp_salt_query = '';

$csp_salt_query = 'SELECT SUBSTRING(pw_passwd,4,9) FROM mydomain_com WHERE pw_name = "%2"';


  // csp_secure_port
  //
  // You may ensure that SSL encryption is used during password
  // change by setting this to the port that your HTTPS is served
  // on (443 is typical).  Set to zero if you do not wish to force
  // an HTTPS connection when users are changing their passwords.
  //
  // You may override this value for certain domains, users, or
  // service levels through the Virtual Host Login (vlogin) plugin
  // by setting a value(s) for $vlogin_csp_secure_port in the vlogin
  // configuration.
  //
  $csp_secure_port = 0;
  //$csp_secure_port = 443;



  // csp_non_standard_http_port
  //
  // If you serve standard HTTP web requests on a non-standard
  // port (anything other than port 80), you should specify that
  // port number here.  Set to zero otherwise.
  //
  // You may override this value for certain domains, users, or
  // service levels through the Virtual Host Login (vlogin) plugin
  // by setting a value(s) for $vlogin_csp_non_standard_http_port
  // in the vlogin configuration.
  //
  //$csp_non_standard_http_port = 8080;
  $csp_non_standard_http_port = 0;



  // min_password_length
  // max_password_length
  // include_digit_in_password
  // include_uppercase_letter_in_password
  // include_lowercase_letter_in_password
  // include_nonalphanumeric_in_password
  //
  // You can set the minimum and maximum password lengths that
  // you accept or leave those settings as zero to indicate that
  // no limit should be applied.
  //
  // Turn on any of the other settings here to check that the
  // new password contains at least one digit, upper case letter,
  // lower case letter and/or one non-alphanumeric character.
  //
  $min_password_length = 8;
  $max_password_length = 12;
  $include_digit_in_password = 1;
  $include_uppercase_letter_in_password = 1;
  $include_lowercase_letter_in_password = 1;
  $include_nonalphanumeric_in_password = 0;



  // csp_delimiter
  //
  // if your system has usernames with something other than
  // an "@" sign separating the user and domain portion,
  // specify that character here
  //
  //$csp_delimiter = '|';
  $csp_delimiter = '@';



  // debug mode
  //
  $csp_debug = 0;



?>



------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users

[Index of Archives]     [Video For Linux]     [Yosemite News]     [Yosemite Photos]     [gtk]     [KDE]     [Cyrus SASL]     [Gimp on Windows]     [Steve's Art]     [Webcams]

  Powered by Linux