Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#341 ??Change Password Database??

Not Processed
closed
nobody
5
2003-09-26
2003-04-20
Ryan W. Keen
No

I don't know a lot about PHP and I just stumbled
accross SquirrellMail, but I am encountering one
problem. I would like to give my users means of
changing their passwords, however, I do not have
physical access to the server, whenever someone wants
to change their password, they have to tell me, then I
have to change it,,, anyway,,, I thought of a great idea
but I don't know how to do it myself...

Could a system of changing passwords be implimented
where a user's origional password was stored in a
database and was used to constantly access the e-mail
server, and when the user wanted to change their
password, the they would enter a new password, it
would be stored in the database alongside the origional,
and when they entered their new password to login the
origional password would be actually be used to
login...??? Is it possiable?

Discussion

  • Logged In: YES
    user_id=620333

    Can I suggest you look on te plugins page on the squirrelmail
    website. There is a number of change password plugins for
    all kinds of setups.

     
  • Ryan W. Keen
    Ryan W. Keen
    2003-04-20

    Logged In: YES
    user_id=760955

    I have tried each of the password plucins, but none of them
    are compatable, the server that I use uses Plesk Control
    Software for administration of mail, and it won't allow other
    people access..

     
  • Logged In: YES
    user_id=620333

    How does your IMAP server authenticate? Against a shadow
    file? Against LDAP? mysql? The "idea" you're suggesting is
    "spoofing" that they've changed their password, and in
    actual fact not changing it. This would be stupid if they
    are changing the password because somebody worked it out, as
    they still know the password. This'd lead to a false sense
    of security. I suggest finding out how the passwords are
    stored on the system, and reporting that.

    Of course... you could write what you're suggesting as a
    plugin, it wouldn't be that difficult at all. The hook you
    want to look into using is the login_before (I think).

     
  • Logged In: NO

    OK, I have tried every plugin there... I spoke to my host and
    the mail server is QMail... I don't know if there is any plugin
    that is compatable with the like. My host said that there is
    no way to do what I was asking, but just by looking at it I
    think there has to be... even if I have to store an admin
    username and password in a script if poss...

    And suggestions for allowing users to change their password
    with Qmail as the server?

     
  • Logged In: YES
    user_id=620333

    Qmail is smtp... you need to find out what IMAP server
    you're using, and what system that uses to authenticate.

     
    • status: open --> closed