Re: [SM-USERS] change_sqlpass for qmailtoaster

2015-01-16 Thread Rajesh M
paul

can you help please

rajesh

- Original Message -
From: Rajesh M [mailto:24x7ser...@24x7server.net]
To: squirrelmail-users@lists.sourceforge.net
Sent: Thu, 15 Jan 2015 06:45:35 +0530
Subject: [SM-USERS] change_sqlpass for qmailtoaster

hi

i was able to adapt the change_sqlpass plugin to suit vpopmail mysql database 
of qmailtoaster wherein the domains are created as domain_com.

however i got stuck at one specific point

as per the details in the config file the variable : %3 returns the domain name 
as : domainname.com

how do i get domainname.com within a variable so that i can replace dot with 
underscore ie domainname.com with domainname_com

for example i tried to use : $domainname = %3; but php throws a blank page.

if i use %3 within sql select query the domain name (domainname.com) is 
returned correctly.

i am not a php programmer but have a very basic knowledge only.

my change_sqlpass config file is quoted below

any help would be greatly appreciated. i am trying to figure this for so many 
weeks now and i am stuck at the very last step.

rajesh



  *  2002-2005 Paul Lesneiwski 
  * This program is licensed under GPL. See COPYING for details
  *
  * @package plugins
  * @subpackage Change SQL Password
  *
  */


  // Global Variables, don't touch these unless you want to break the plugin
  //
  global $csp_dsn, $password_update_queries, $lookup_password_query,
  $force_change_password_check_query, $password_encryption,
  $csp_salt_query, $csp_salt_static, $csp_secure_port,
  $csp_non_standard_http_port, $csp_delimiter, $csp_debug,
  $min_password_length, $max_password_length, 
$include_digit_in_password,
  $include_uppercase_letter_in_password, 
$include_lowercase_letter_in_password,
  $include_nonalphanumeric_in_password;



  // csp_dsn
  //
  // Theoretically, any SQL database supported by Pear should be supported
  // here.  The DSN (data source name) must contain the information needed
  // to connect to your database backend. A MySQL example is included below.
  // For more details about DSN syntax and list of supported database types,
  // please see:
  //  http://pear.php.net/manual/en/package.database.db.intro-dsn.php
  //
  //$csp_dsn = 'mysql://user:password@localhost/email_users';
$csp_dsn = 'mysql://vpopmail:xx@localhost/vpopmail';


  // lookup_password_query
  //
  // This plugin will always verify the user's old password
  // against their login password, but an extra check can also
  // be done against the database for more security if you
  // desire.  If you do not need the extra password check,
  // make sure this setting is empty.
  //
  // This is a query that returns a positive value if a user
  // and password pair are found in the database.
  //
  // This query should return one value (one row, one column), the
  // value being ideally a one or a zero, simply indicating that
  // the user/password pair does in fact exist in the database.
  //
  //  %1 in this query will be replaced with the full username
  //  (including domain), such as "j...@example.com"
  //  %2 in this query will be replaced with the username (without
  //  any domain portion), such as "jose"
  //  %3 in this query will be replaced with the domain name,
  //  such as "example.com"
  //  %4 in this query will be replaced with the current (old)
  //  password in whatever encryption format is needed per other
  //  plugin configuration settings (Note that the syntax of
  //  the password will be provided depending on your encryption
  //  choices, so you NEVER need to provide quotes around this
  //  value in the query here.)
  //  %5 in this query will be replaced with the current (old)
  //  password in unencrypted plain text.  If you do not use any
  //  password encryption, %4 and %5 will be the same values,
  //  except %4 will have double quotes around it and %5 will not.
  //


//$domainname = %3;
//$tablename = str_replace(".","_",$domainname);

  //$lookup_password_query = '';
  // TERRIBLE SECURITY: $lookup_password_query = 'SELECT count(*) FROM users 
WHERE username = "%1" AND plain_password = "%5"';
//  $lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" 
AND crypt_password = %4';

// $lookup_password_query = 'SELECT count(*) FROM $tablename WHERE pw_name = 
"%2" AND pw_domain = "%3" AND pw_passwd = %4';

$lookup_password_query = 'SELECT count(*) FROM mydomain_com WHERE pw_name = 
"%2" AND pw_passwd = %4';





  // password_update_queries
  //
  // An array of SQL queries that will all be executed
  // whenever a password change attempt is made.
  //
  // Any number of queries may be included here.
  // The queries will be executed in the order given here.
  //
  //  %1 in all queries will be replaced with the full username
  //  (including domain), such as "j...@example.com"
  //  %2 in all queries will be replaced with the username (without

[SM-USERS] Show HTML Version by Default" -- any issues?

2015-01-16 Thread Paul Lesniewski
NOTE:  SourceForge is currently having problems with their mailing
lists.  This is a message originally from Juergen Nickelsen sent on
Thu, 20 Mar 2014 19:26:53 +0100
=

We offer SquirrelMail as the webmail interface to about 55000 university
users, students and staff; actually we have logins from about 17000
different accounts in 30 days. Most of our users are not very
technically minded.

Recently we had a complaint by one user that some of his messages
wouldn't display correctly in the interface as with, say, Gmail; it
turned out that they did when he enabled the "Show HTML Version by
Default" option.

We have had complaints like this from time to time, and we assume that
there are many more who do not complain, but instead just think our
webmail system sucks, and what can you expect at a university?

We are now thinking of enabling this option for all users; most may not
even know it exists, but will probably be happy with the change. Some
may complain about the change, but we hope to appease them with
instructions how to revert it.


Are there any other issues to consider? I see that SquirrelMail does not
load external images by default, but that I can load them with a click,
which is the right thing to do, so no privacy issues here.

Any other concerns?

Best regards, Juergen.

--=20
 Tel +49.30.838-50740 Fax -450740
Zentraleinrichtung fuer Datenverarbeitung, Central Systems (Unix)
Freie Universitaet Berlin, Fabeckstrasse 32, 14195 Berlin, DE

--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
-
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): 
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users


[SM-USERS] Header encoding/charset issue in 1.4.23-svn

2015-01-16 Thread Paul Lesniewski
NOTE:  SourceForge is currently having problems with their mailing
lists.  This is a message originally from Juergen Nickelsen sent on
Thu, 13 Nov 2014 14:13:49 +0100
=

Hello all,

background: I run two SquirrelMail instances, one for our university
members, the other for an academic government institute. Both are
currently 1.4.22 (with a few, but different, local changes each) on
Debian "Squeeze". Impending OS upgrade to "Wheezy" implies PHP 5.4,
which AFAIK means I have to move to 1.4.23-svn.

Rebasing our local changes on the squirrelmail-20141105_0200-SVN.stable
snapshot seemed to be successful, except for one thing:

Header lines (e.g. From, Subject) that are encoded in a charset (test
case: iso-8859-1) that is not SquirrelMail's $default_charset (here:
utf-8) are not decoded correctly. The error message in the log is "PHP
Warning:  htmlspecialchars(): Invalid multibyte sequence in argument in
/home/webmail/src/squirrel/functions/strings.php on line 1512".
SquirrelMail then does not display the corresponding header contents in
the message list or the message display, rather "(unknown)".

This issue is not only present in our locally patched versions, but also
in the version in the Debian package of SquirrelMail for "Wheezy", which
is claimed to be 2:1.4.23~svn20120406-2, so apparently 2.5 years older,
as well as in a very sparingly-configured unpatched installation of
today's 1.4.23-svn snapshot.

The decisive point seems to be the value of $default_charset versus the
header encoding -- only when I set it to 'utf-8', the problem appears
with iso-8859-1 headers, although not with utf-8 headers.

I tracked the issue down to functions/i18n.php:charset_encode(), where
the charset used in the header line is not passed to
sm_encode_html_special_chars(), so htmlspecialchars() is then called
with the default encoding.

This patch seems to fix the problem:

diff --git a/functions/i18n.php b/functions/i18n.php
index ec19c25..edbc6d6 100644
--- a/functions/i18n.php
+++ b/functions/i18n.php
@@ -184,7 +184,7 @@ function charset_decode ($charset, $string,
$force_decode=3Dfalse, $save_html=3Dfals
 }

 /* All HTML special characters are 7 bit and can be replaced first *=
/
-if (! $save_html) $string =3D sm_encode_html_special_chars ($string)=
;
+if (! $save_html) $string =3D sm_encode_html_special_chars ($string,=

ENT_COMPAT | ENT_HTML401, $charset);
 $charset =3D strtolower($charset);

 set_my_charset();

I have attached a message that I have used to reproduce the problem. The
>From and Subject header lines are encoded in iso-8859-1, while
SquirrelMail's configured charset is utf-8. (I have also changed the
language charset for the languages we use (de_DE, en_US) to utf-8.
Apparently this is irrelevant, though.)

Perhaps I am "doing it wrong", but we need UTF-8, as the university
members and their correspondents come in all shapes, sizes, colors, and
languages.
--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet-
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): 
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users

[SM-USERS] AddressBook::full_address() should not be called statically ...

2015-01-16 Thread Paul Lesniewski
NOTE:  SourceForge is currently having problems with their mailing
lists.  This is a message originally from Juergen Nickelsen sent on
Tue, 13 Jan 2015 15:22:43 +0100
=

Recently we moved our SquirrelMail installation from Debian Squeeze to
Wheezy, which implies a move from PHP 5.3 to PHP 5.4. The latter is
probably the reason that the error log is now swamped by messages like
this one:

[Mon Jan 12 17:31:00 2015] [error] [client 172.19.10.20] PHP Strict
Standards:  Non-static method AddressBook::full_address() should not be
called statically in
/home/webmail/public_html/src/addrbook_search_html.php on line 129,
referer:
https://webmail.zedat.fu-berlin.de/src/compose.php?mailbox=3DINBOX&startM=
essage=3D1

(Technically, the size of the error log doesn't matter so much, but I
don't really like it that other, maybe more interesting error messages
are obscured by a high number of these.)

Now I am not a real PHP programmer, but when I look at that method and
the places where it is called, it seems like it can or even *should*
actually be a static method, as it does not use $this at all.

So I tried and made the method static, and all places where the method
is called still seem to work as intended.

Is this maybe the way to go? Any objections? What will break when I put
this change into production?

Best regards,
J=C3=BCrgen.

--=20
 Tel +49.30.838-50740 Fax -450740
Zentraleinrichtung fuer Datenverarbeitung, Central Systems (Unix)
Freie Universitaet Berlin, Fabeckstrasse 32, 14195 Berlin, DE

--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
-
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): 
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users