Paul Oehler wrote:
There is a function that provides authentication:
vpasswd( user, domain, password, is_apop )
that returns the user's password info if valid, or 0.
The problem is, if you can execute the vpopmail library at all, you can execute every function within it. This is how QmailAdmin checks to see what you are allowed to do when you login.
Thanks for both of your responses Rick, very helpful.
Could you, or someone, point me toward where I can read about what these already built in rules are, and how they're defined and stored in the database? I'm assuming this would be "pw_gid" documentation, or code comments, or something similar?
I am afraid about the only way to do it now is to spend a week or so studying QmailAdmin and Vpopmail source code. I haven't seen much of this written down anywhere.
There is a list on the wiki of the vpopmail functions I found that QmailAdmin uses. The parm order has been changed in this list, which is the PHP side of my vpopmail extension. I think it might be a good start as a command list for the daemon.
http://www.verysmall.org/vpopmail/index.php?page=php+vpopmail+extension
There are some changes required, like having to authenticate before getting access, and adding the funcions for domain maintenance which I left out because I consider it hopeless to attempt them from PHP via an extension.
Rick
