On Sat, 2008-07-19 at 00:48 +0300, Bulent Kolay wrote:
> I use vpopmail5.4.x on qmail.
> I also use squirrelmail for webmail.
>
> My users sometime may forget their email passwords. So I want my mail
> server to supply a reset password tool on the webmail page.
> How can I do that?
>
> is there any tool about that?
>
I don't know how others do it, but I use vqregister with email
verification for signups, and I store plaintext passwords.
I then wrote a php script which accepts a local email address as input,
and emails the current password to both the signup address and local
address.
It's more of a notification than a reset.
Here's mine.. the actual notification script has specific errors
commented out in preference of generic errors to help prevent email
harvesting.
Rick
Web Page:
reset.php
<?php
global $email;
if ($argv[0] || $email || $_POST["email"]){
if (!$email){
if (!$argv[0]){
$email = $_POST["email"];
}else{
$email = $argv[0];
}
}
include '/usr/local/www/cgi-bin/getpass.php';
}
else{
// Print Form
print "<FORM method=\"post\" action=/reset.php>\n";
print "<INPUT type=\"text\" name=\"email\" size=\"20\">";
print "<input type=\"submit\" value=\"Submit\">";
print "</FORM></center>";
}
?>
-------------------------------------------------------------------
getpass.php:
<?php
/* Vpopmail/Vqregister password request thingy
This program accepts an email address as input,
gets the original signup address from the vqregister
table, and the password from the vpopmail table.
The current password for the local user is then
emailed to the original signup address.
I install this under /cgi-bin, and call it with a:
<?php
include '/usr/local/www/cgi-bin/getpass.php';
?>
from a stripped .php file in /data
A little 'different', but I feel a little safer :)
7/29/04 Rick Romero [EMAIL PROTECTED] 1.0
*/
global $email;
/* Set vars */
// mysql_user needs read access to both the vqregister table, and
vpopmail table.
$mysql_user = 'login';
$mysql_pass = 'password';
if ($argv[0]){
$email = $argv[0];
}
else {
if (!$argv[0] && !$email){
echo "Please enter a valid email address.";
exit;
}
}
/* Connect to SQL Server */
$link = mysql_connect('localhost', $mysql_user, $mysql_pass);
if (!$link) {
die('Could not connect: ' . mysql_error() . '\n');
}
/* Verify Username is valid, and only has characters in it (except 1 @)
*/
//Verify each char is allowed: 0-9,a-z,@A-Z,.,_
// Or see example at: http://us4.php.net/manual/en/ref.mail.php
// ASCII Codes 49-57, 97-122, 64-90, 46, 95
$ascii_array = array("46","95");
for ($i=0;$i<strlen($var);$i++){
$ascii_code=ord($var[$i]);
//if ($ascii_code >=49 && $asci_code <=57)
if ( ($ascii_code >=49 && $asci_code <=57) ||
($ascii_code >=97 && $asci_code <=122) ||
($ascii_code >=64 && $asci_code <=90) ||
in_array($ascii_code,$ascii_array) ){
continue;
}
else{
return false;
}
}
list($user, $dom) = split('@',$email);
/* Get original signup email address */
$emailquery=mysql_query("SELECT cemail from user_store.user_info where
dom LIKE '$dom' AND user LIKE '$user' order by rowno desc LIMIT 1");
// Always dump mysql_error(), just in case
if (mysql_num_rows($emailquery) == 0){
//die('Error 1. Invalid email address ' . mysql_error());
die('1 Script Complete');
}
$emailresult = mysql_result($emailquery, 0, 0);
if (!$emailresult) {
//die('Could not query:' . mysql_error());
die('2 Script Complete');
}
/* Get user's current password */
$passquery=mysql_query("SELECT pw_clear_passwd from vpopmail.vpopmail
where pw_domain LIKE '$dom' AND pw_name LIKE '$user' LIMIT 1");
if (mysql_num_rows($passquery) == 0){
//die('Error 2. Invalid email address' . mysql_error() );
die('Script Complete');
}
$passresult = mysql_result($passquery, 0, 0);
if (!$passresult) {
die('Script Complete');
}
/* Send email to user */
ini_set('sendmail_path','/var/qmail3/bin/qmail-inject');
$to = $emailresult . ",".$user."@".$dom ;
$headers = "From: \"Admin\" <[EMAIL PROTECTED] \n";
$subject = "Password request for your account.";
$body = "Hi,\n\nThe password you requested is:\n" . $passresult . "\n
Please make sure your secret word and\n your signup email address are up
to date.\n \nThanks, Management";
if (mail($to, $subject, $body, $headers))
{
//echo("<p><center>Script Complete</center></p>");
}
else
{
//echo("<p>Message delivery failed...</p>");
}
echo "Script Complete";
?>
!DSPAM:4881135132353896316474!
