[imp] cached session credential reload

Hammad hammad at brisksolutions.com
Sat Feb 8 18:09:56 PST 2003


Here is the code I inserted in imp/Prefs.php in production version of Horde and 
IMP (2.0 and 3.1) respectively. I am not a programmer so its probably not going 
to be outstanding for HORDE/IMP developer but it does its job for me changing 
password with VPOPMAIL. In addition to this you'll have to put a form in 
template/prefs/changepasswd.inc. If its not clear for someone I'll explain 
again.

There can be more checks added to it but for now this is okay for me. The 
important check I want to add in this is to make sure that password is changed 
in database and not error is received, if any error is generated then don't 
update the cached password. Anyone have any idea?

case 'changepasswd':
                          $oldpasswd = Horde::getFormData('oldpasswd');
                          $newpasswd = Horde::getFormData('newpasswd');
                          $vnewpasswd = Horde::getFormData('vnewpasswd');
                          $email = Auth::getAuth();

                          if ($oldpasswd != Auth::getCredential('password')) {
                             Horde::raiseMessage(_("Old Password is 
incorrect."), HORDE_ERROR);
                          } else {
                                if ($newpasswd == $vnewpasswd) {
                                        system ("/rbin/vpasswd $email 
$newpasswd");
                                        Auth::setAuth(Auth::getAuth(), array
('password' => $newpasswd));
                                        $_SESSION['imp']['pass'] = Secret::write
(Secret::getKey('imp'), $newpasswd);
                                        Horde::raiseMessage(_("Password changed 
successfully."), HORDE_SUCCESS);
                                        $group = null;
                                } else {
                                        Horde::raiseMessage(_("New password 
verfications failed, Try Again."), HORDE_ERROR);
                                }
                          }
                          break;

--
Hammad


Quoting Eric Rostetter <eric.rostetter at physics.utexas.edu>:

| Quoting Hammad <hammad at brisksolutions.com>:
| 
| > Yes, I know there is a password module for that but last time I checked
| 
| Which was when?
| 
| > we
| > suppose to install popasswd or some other things for it to work.
| 
| It supports multiple methods, with poppassd only being one of them.
| 
| > You have to
| > open some ports too in firewall if I understood correctly.
| 
| Depends on your setup and the driver.
| 
| > That was the
| > security issue for me.
| 
| Well, there is a vpopmail driver in it, but I can't say if it would work
| for you or not.
|  
| > The way I did is just add few lines of code for password_change under
| > 'special'
| > group, link my password_change in Options and call already programmed
| script
| > which comes with vpopmail to change the password in database. The whole
| > things
| > is about less then 20 lines of code and works great. Just had problem
| with
| > the
| > cached password thing.
| 
| If you want to submit your code for consideration to be included in either
| Horde or Passwd, feel free to do so.
| 
| And as a note, you can setup the passwd module to work from a link in the
| preferences, but it isn't documented as to how you would do that.  Of
| course it will still be more than 20 lines of code ;)
| 
| > I'll download that module you mentioned and look at
| > the
| > code.
| 
| Okay.
| 
| > Someone mentioned in IMP list that the following line will take care of
| the
| > cached password but its not working for me.
| > 
| > Auth::setAuth($email, array('password' => $newpasswd));
| 
| You need to check for IMP authentication as well as horde authentication.
| The above only changes the Horde auth, not the IMP auth.
| 
| Plus there are some more details, which rarely matter but could matter
| in some rare cases, you should consider (transparent auth, etc).
| 
| This really should be on the horde (or sork) list as it really isn't 
| an IMP question.  Please send any future postings to one of those lists.
| 
| -- 
| Eric Rostetter
| The Department of Physics
| The University of Texas at Austin
| 
| Why get even? Get odd!
| 




More information about the imp mailing list