User Password Change

Use this forum if you have problems with a hMailServer script, such as hMailServer WebAdmin or code in an event handler.
Post Reply
kevinbednar
New user
New user
Posts: 2
Joined: 2008-08-20 21:09

User Password Change

Post by kevinbednar » 2008-08-20 21:17

Hey all, I'm using hMailserver with Horde Webmail and am looking for a script for the end user to be able to change their password. The phpwebadmin product doesnt seem to let a user change their own password, only the actual admin can change them. Is anyone else using hmail with horde webmail? If so, have you integrated the change password functionality? TIA to all.

Kevin

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: User Password Change

Post by ^DooM^ » 2008-08-20 21:53

There is a squirrelmail plugin to do this but I have not heard of a horde one. Perhaps you can take a look at the SM one and alter it for your needs.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

kevinbednar
New user
New user
Posts: 2
Joined: 2008-08-20 21:09

Re: User Password Change

Post by kevinbednar » 2008-08-20 21:59

Thanks Doom, I had seen that in a few posts but was trying to avoid having to figure it all out since I'm far from a PHP expert. ;) I may be forced to if I can't find another way to do it I guess.

andreww
New user
New user
Posts: 1
Joined: 2008-09-03 13:16

Re: User Password Change

Post by andreww » 2008-09-03 13:33

Hi Kevin,

I use Horde with hMailServer, and have installed the "passwd" module so that users can change their own passwords. Here's how I did it:

Download passwd and uncomment the passwd section in horde\config\registry.php.
Edit horde\passwd\config\backends.php to match your hmailserver mysql setup:

$backends['sql'] = array (
..
'params' => array(
'phptype' => 'mysql',
'hostspec' => 'localhost',
'username' => '[your hmailserver mysql username]',
'password' => '[your hmailserver mysql password]',
'encryption' => 'md5-hex',
'database' => 'hmailserver',
'table' => 'hm_accounts',
'user_col' => 'accountaddress',
'pass_col' => 'accountpassword',
'show_encryption' => false
)
);

That should do it. If you login to Horde and click the new "Password" icon, you should be able to change your password.

The only problem I had was making sure that the username that Horde was sending to mysql matched that set by hmailserver. In the mysql database the username is in the format "name@domain.com". I only use "name" to login to Horde, and have hmailserver set to add the default domain. If you also do this you'll need to add a Horde hook:

horde\config\hooks.php:
if (!function_exists('_passwd_hook_default_username')) {
function _passwd_hook_default_username($userid)
{
$host = $_SERVER['HTTP_HOST'];
$host = ereg_replace('www\.', '', $host);
$username = $userid . '@' . $host;
return $username;
}
}

There's an option on the Horde setup page you have to click to enable the hook.

Hope that helps you.
Good luck!
Andrew

alexwieder
New user
New user
Posts: 4
Joined: 2009-04-30 06:57

Re: User Password Change

Post by alexwieder » 2009-04-30 07:22

Hi Andrew,

I followed the instructions you posted, however, horde complains that it can't connect to the server. The exact error message is "Failure in changing password on hMailServerMySQL: Unable to connect to SQL server."

When I installed hMailServer, I set it to use its own instance of MySQL, which listens on port 3307 instead of the usual 3306, so I have a feeling that this has something to do with my problem.

I've tried to enter the encrypted as well as the unencrypted password for the mySQL user, but nothing works.

Do you have any advice or suggestions as to where else to look in order to fix this?

Plesk version 8.6
hMailServer version 4.4.1
MySQL version - whatever came with hMailServer

Another option would be to move the database from hMailServer's instance of MySQL to the instance that's running on the machine, but I'd also need pointers for this.

Thanks!

alex

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: User Password Change

Post by ^DooM^ » 2009-04-30 11:08

Try changing

Code: Select all

'hostspec' => 'localhost',
to

Code: Select all

'hostspec' => 'localhost:3307',
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

alexwieder
New user
New user
Posts: 4
Joined: 2009-04-30 06:57

Re: User Password Change

Post by alexwieder » 2009-05-01 16:54

Thanks, but that didn't work either. Any other ideas?

Alex

PS: I don't know if this is relevant, but this is a windows 2003 vps. Forgot to mention it before.
^DooM^ wrote:Try changing

Code: Select all

'hostspec' => 'localhost',
to

Code: Select all

'hostspec' => 'localhost:3307',

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: User Password Change

Post by ^DooM^ » 2009-05-01 17:31

Is the MySQL server on the same machine as that script?
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

alexwieder
New user
New user
Posts: 4
Joined: 2009-04-30 06:57

Re: User Password Change

Post by alexwieder » 2009-05-01 20:41

Yes, same machine.

I'm able to access the hMailServer441 database using a sql front-end called SQLExec, from a company called SnoopSoft.

Alex
^DooM^ wrote:Is the MySQL server on the same machine as that script?

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: User Password Change

Post by ^DooM^ » 2009-05-01 23:24

without seeing what that script uses hostspec var for i'm just guessing here. I suggest you contact the Horde devs for help in this regard.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

sheck
New user
New user
Posts: 5
Joined: 2008-04-14 02:14

Re: User Password Change

Post by sheck » 2009-05-15 18:30

andreww wrote:Hi Kevin,

I use Horde with hMailServer, and have installed the "passwd" module so that users can change their own passwords. Here's how I did it:

Download passwd and uncomment the passwd section in horde\config\registry.php.
Edit horde\passwd\config\backends.php to match your hmailserver mysql setup:

$backends['sql'] = array (
..
'params' => array(
'phptype' => 'mysql',
'hostspec' => 'localhost',
'username' => '[your hmailserver mysql username]',
'password' => '[your hmailserver mysql password]',
'encryption' => 'md5-hex',
'database' => 'hmailserver',
'table' => 'hm_accounts',
'user_col' => 'accountaddress',
'pass_col' => 'accountpassword',
'show_encryption' => false
)
);

That should do it. If you login to Horde and click the new "Password" icon, you should be able to change your password.

The only problem I had was making sure that the username that Horde was sending to mysql matched that set by hmailserver. In the mysql database the username is in the format "name@domain.com". I only use "name" to login to Horde, and have hmailserver set to add the default domain. If you also do this you'll need to add a Horde hook:

horde\config\hooks.php:
if (!function_exists('_passwd_hook_default_username')) {
function _passwd_hook_default_username($userid)
{
$host = $_SERVER['HTTP_HOST'];
$host = ereg_replace('www\.', '', $host);
$username = $userid . '@' . $host;
return $username;
}
}

There's an option on the Horde setup page you have to click to enable the hook.

Hope that helps you.
Good luck!
Andrew
OK. This worked for me. The only point I want to make is that 'username' is root - always, and 'password' can be found in HMailserver.ini under password=. It's encrypted and DecryptBlowfish.vbs script can be used to decrypt it - it's under ..\Addons\Utilities in HmailServer install dir. 'hostspec' => 'localhost:3307'
Also make sure that accountpwencryption is set to 2 (MD5) (this variable is stored in database. Run query on hm_accounts to see it), otherwise when changing password, Horde will report that old password in incorrrect.

gaganuiit
New user
New user
Posts: 28
Joined: 2009-06-20 12:34

Re: User Password Change

Post by gaganuiit » 2009-06-27 19:35

I have also tried the same set of procedures as discussed over here but i am getting this problem
I am using hMailServer 5.1.2 and horde groupware webmail 1.2.3
:?:
Help
Attachments
user.JPG
Screen-shot defining the error

User avatar
pepsi
Senior user
Senior user
Posts: 419
Joined: 2008-08-21 20:58
Location: Netherlands

Re: User Password Change

Post by pepsi » 2009-06-28 19:19

you need to set the password encryption to MD5 within hmailserver.ini
PreferredHashAlgorithm - This setting allows you to specify which hashing algorithm hMailServer should use for passwords in the hMailServer database. In old versions of hMailServer, passwords were stored in plain text. In hMailServer 4, passwords were stored in MD5. In hMailServer 5, the default preferred hash is now salted SHA256. The following values are valid for this setting:

* 0 - None. Store passwords in clear text. This is not recommended.
* 1 - Blowfish. Store passwords encrypted using Blowfish. This is not recommended, since the password used for encryption is known. Hence, this is no more safe than option 0.
* 2 - MD5. Store passwords in MD5 hash. This is only recommended to preserve backwards compatibility if you have application which integrates with the hMailServer database.
* 3 - SHA256 - Store passwords in SHA256 hashes. This is currently the recommended option which gives the highest level of security.

komsan
New user
New user
Posts: 4
Joined: 2009-07-16 10:58

Re: User Password Change

Post by komsan » 2009-08-14 19:55

Hi pepsi,

If I set the new password encryption to MD5 within hmailserver.ini, I can not to access to hMailServer Administrator (please see figure 1 in attachment file).

Hi Everyone,

I use Horde with hMailServer 5, and have installed the "passwd" module so that users can change their own passwords. Here's how I did it:
  1. Download passwd and uncomment the passwd section in horde\config\registry.php.
    Edit horde\passwd\config\backends.php to match your hmailserver mysql setup:

    $backends['sql'] = array (
    • ..
      'params' => array(
      • 'phptype' => 'mysql',
        'hostspec' => 'localhost',
        'username' => '[your hmailserver mysql username]',
        'password' => '[your hmailserver mysql password]',
        'encryption' => 'md5-hex',
        'database' => 'hmailserver',
        'table' => 'hm_accounts',
        'user_col' => 'accountaddress',
        'pass_col' => 'accountpassword',
        'show_encryption' => false
      )
    );
  2. you have to click to enable the $conf[hooks][full_name] on Administration > Setup > Password (passwd).
  3. UPDATE hm_accounts SET
    accountpassword = MD5('Old Password'),
    accountpwencryption = 2
That should do it. If you login to Horde and click the new "Password" icon, you should be able to change your password.

The only problem I can not to chang new password from hMailServer Administrator (please see figure 2 in attachment file).

==
OS: Windows XP
Mail Server: hMailServer 5.2 - Build 356
Web mail: Horde
==

Hope that helps you.
Attachments
hmailserver_horde.jpg

User avatar
sheffters
Senior user
Senior user
Posts: 453
Joined: 2009-07-01 20:46
Contact:

Re: User Password Change

Post by sheffters » 2009-08-14 20:06

have you really got no password for root user / running hmail as root?

If you havent then I'd suggest putting on one and trying it, so you dont get variables with null values in a script and see if that works.

You could change the passord using the GUI tools with MySQL (http://dev.mysql.com/downloads/gui-tools/5.0.html) there pritty good and run on version post MySQL 5.0 even though the GUI tools are v5.0.

Maybe one for Martin - but if you change the ini file does hmail go back and retrospectively change all the passwords to MD5 from default SHA? (although it looks like one isnt being sent by the error message).

Guessing hmail service has been restarted since you change the ini file?

Just some random thoughts - could all be wrong!

S.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: User Password Change

Post by martin » 2009-08-14 21:18

The PasswordEncryption setting in hMailServer.ini tells you what password encryption is used for the database password in hMailServer.ini. This does not effect password encryption in the database. (These are two different settings because the database password encryption, needs to be reversible but one-way hashes are preferable for account passwords.). When you start hMailServer, hMailServer checks the PasswordEncryption setting and tries to decrypt the database password using that encryption method.

komsan
New user
New user
Posts: 4
Joined: 2009-07-16 10:58

Re: User Password Change

Post by komsan » 2009-08-14 22:07

If you setting change password function for horde+Password, you can not to change password on hMailServer Administrator again.

Who have a solution for this problem?

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: User Password Change

Post by martin » 2009-08-14 22:08

What? Why can't you change the password in hMailServer Administrator?

komsan
New user
New user
Posts: 4
Joined: 2009-07-16 10:58

Re: User Password Change

Post by komsan » 2009-08-14 22:34

If I chang account password in hMailServer Administrator, accountpwencryption in hm_accounts will be change to 3.
I will be change password in Horde if accountpwencryption is 2 only. :(

How to change the code to both way?
martin wrote:What? Why can't you change the password in hMailServer Administrator?

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: User Password Change

Post by martin » 2009-08-14 22:40

You use the PreferredHashAlgorithm setting in hMailServer.ini to specify what method hMailServer Administrator should use.

komsan
New user
New user
Posts: 4
Joined: 2009-07-16 10:58

Re: User Password Change

Post by komsan » 2009-08-14 23:36

martin wrote:You use the PreferredHashAlgorithm setting in hMailServer.ini to specify what method hMailServer Administrator should use.
I have to seen http://www.hmailserver.com/documentatio ... lesettings and I can change the password to both way.

Thank you :D

bball13
New user
New user
Posts: 1
Joined: 2009-10-22 04:17

Re: User Password Change

Post by bball13 » 2009-10-22 05:25

IF YOU LOGIN TO HORDE WITH YOU FULL EMAIL ADDRESS THIS IS THE METHOD FOR YOU!!!!

First let me tell you what im running....
Windows XP Pro
Apache 2.2.0
PHP 5.2.9-1
hMailServer 5.0 B326
Horde 3.3.5
Passwd 3.1.1

OK....

Follow these steps

1. Locate and open hmailserver.ini which is located in your hmailserver directory. Ex. ---> C:\Program Files\hMailServer\Bin\hmailserver.ini

2. Change or add the following code. If it doesn't exist, add at the bottom of the file........
[Settings]
PreferredHashAlgorithm=2

3. Restart hmailserver service
A. Control Panel
B. Administrative Tools
C. Services
D. Locate hmailserver and restart.

4. Open hMailServer Administrator and delete all your users for the domain name that your using with horde then re-create the users with your default password that you want to use.(What this does is change the password storing algorithm to the MD5 if it wasn't already.)

5. Now login to horde with the username that has admin privileges.
A. Click setup under administration
B. Click the application Password to open its settings
C. Make sure you settings look like this image below
passwd-settings.jpg
6. Now go to your horde directory and open backends.php in notepad ---> horde\passwd\config\backends.php (if only backends.php.dist exist you need to copy it and rename it to backends.php)
7. In backends.php you will see a lot of $backends as you browse through it. The only one you need is $backends[‘sql’]. Cut out all the rest of the $backends and paste in a text doc just to save it. Now you need to configure your [‘sql’] backend. It should look something like this….
$backends['sql'] = array (
'name' => 'hMailServer',
'preferred' => '',
'password policy' => array(
'minLength' => 6,
'maxLength' => 15,
'maxSpace' => 0,
'minUpper' => 0,
'minLower' => 0,
'minNumeric' => 0,
'minSymbols' => 0
),
'driver' => 'sql',
'params' => array(
'phptype' => 'mysql',
'hostspec' => 'localhost',<--Change to your MySQL server
'username' => 'username', <--Change to your MySQL username
'password' => 'password', <--Change to your MySQL password
'encryption' => 'md5-hex',
'database' => 'hmailserver', <--Change to your hmailserver database
'table' => 'hm_accounts',
'user_col' => 'accountaddress',
'pass_col' => 'accountpassword',
'show_encryption' => false
// The following two settings allow you to specify custom queries for
// lookup and modify functions if special functions need to be
// performed. In places where a username or a password needs to be
// used, refer to this placeholder reference:
// %d -> gets substituted with the domain
// %u -> gets substituted with the user
// %U -> gets substituted with the user without a domain part
// %p -> gets substituted with the plaintext password
// %e -> gets substituted with the encrypted password
//
// 'query_lookup' => 'SELECT user_pass FROM horde_users WHERE user_uid = %u',
// 'query_modify' => 'UPDATE horde_users SET user_pass = %e WHERE user_uid = %u',
)
);

Now save the file.

That’s it. You should now be working! If you login with your full email address.

Post Reply