Re: [SM-USERS] change_sqlpass for qmailtoaster
paul can you help please rajesh - Original Message - From: Rajesh M [mailto:24x7ser...@24x7server.net] To: squirrelmail-users@lists.sourceforge.net Sent: Thu, 15 Jan 2015 06:45:35 +0530 Subject: [SM-USERS] change_sqlpass for qmailtoaster hi i was able to adapt the change_sqlpass plugin to suit vpopmail mysql database of qmailtoaster wherein the domains are created as domain_com. however i got stuck at one specific point as per the details in the config file the variable : %3 returns the domain name as : domainname.com how do i get domainname.com within a variable so that i can replace dot with underscore ie domainname.com with domainname_com for example i tried to use : $domainname = %3; but php throws a blank page. if i use %3 within sql select query the domain name (domainname.com) is returned correctly. i am not a php programmer but have a very basic knowledge only. my change_sqlpass config file is quoted below any help would be greatly appreciated. i am trying to figure this for so many weeks now and i am stuck at the very last step. rajesh * 2002-2005 Paul Lesneiwski * This program is licensed under GPL. See COPYING for details * * @package plugins * @subpackage Change SQL Password * */ // Global Variables, don't touch these unless you want to break the plugin // global $csp_dsn, $password_update_queries, $lookup_password_query, $force_change_password_check_query, $password_encryption, $csp_salt_query, $csp_salt_static, $csp_secure_port, $csp_non_standard_http_port, $csp_delimiter, $csp_debug, $min_password_length, $max_password_length, $include_digit_in_password, $include_uppercase_letter_in_password, $include_lowercase_letter_in_password, $include_nonalphanumeric_in_password; // csp_dsn // // Theoretically, any SQL database supported by Pear should be supported // here. The DSN (data source name) must contain the information needed // to connect to your database backend. A MySQL example is included below. // For more details about DSN syntax and list of supported database types, // please see: // http://pear.php.net/manual/en/package.database.db.intro-dsn.php // //$csp_dsn = 'mysql://user:password@localhost/email_users'; $csp_dsn = 'mysql://vpopmail:xx@localhost/vpopmail'; // lookup_password_query // // This plugin will always verify the user's old password // against their login password, but an extra check can also // be done against the database for more security if you // desire. If you do not need the extra password check, // make sure this setting is empty. // // This is a query that returns a positive value if a user // and password pair are found in the database. // // This query should return one value (one row, one column), the // value being ideally a one or a zero, simply indicating that // the user/password pair does in fact exist in the database. // // %1 in this query will be replaced with the full username // (including domain), such as "j...@example.com" // %2 in this query will be replaced with the username (without // any domain portion), such as "jose" // %3 in this query will be replaced with the domain name, // such as "example.com" // %4 in this query will be replaced with the current (old) // password in whatever encryption format is needed per other // plugin configuration settings (Note that the syntax of // the password will be provided depending on your encryption // choices, so you NEVER need to provide quotes around this // value in the query here.) // %5 in this query will be replaced with the current (old) // password in unencrypted plain text. If you do not use any // password encryption, %4 and %5 will be the same values, // except %4 will have double quotes around it and %5 will not. // //$domainname = %3; //$tablename = str_replace(".","_",$domainname); //$lookup_password_query = ''; // TERRIBLE SECURITY: $lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" AND plain_password = "%5"'; // $lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" AND crypt_password = %4'; // $lookup_password_query = 'SELECT count(*) FROM $tablename WHERE pw_name = "%2" AND pw_domain = "%3" AND pw_passwd = %4'; $lookup_password_query = 'SELECT count(*) FROM mydomain_com WHERE pw_name = "%2" AND pw_passwd = %4'; // password_update_queries // // An array of SQL queries that will all be executed // whenever a password change attempt is made. // // Any number of queries may be included here. // The queries will be executed in the order given here. // // %1 in all queries will be replaced with the full username // (including domain), such as "j...@example.com" // %2 in all queries will be replaced with the username (without
[SM-USERS] Show HTML Version by Default" -- any issues?
NOTE: SourceForge is currently having problems with their mailing lists. This is a message originally from Juergen Nickelsen sent on Thu, 20 Mar 2014 19:26:53 +0100 = We offer SquirrelMail as the webmail interface to about 55000 university users, students and staff; actually we have logins from about 17000 different accounts in 30 days. Most of our users are not very technically minded. Recently we had a complaint by one user that some of his messages wouldn't display correctly in the interface as with, say, Gmail; it turned out that they did when he enabled the "Show HTML Version by Default" option. We have had complaints like this from time to time, and we assume that there are many more who do not complain, but instead just think our webmail system sucks, and what can you expect at a university? We are now thinking of enabling this option for all users; most may not even know it exists, but will probably be happy with the change. Some may complain about the change, but we hope to appease them with instructions how to revert it. Are there any other issues to consider? I see that SquirrelMail does not load external images by default, but that I can load them with a click, which is the right thing to do, so no privacy issues here. Any other concerns? Best regards, Juergen. --=20 Tel +49.30.838-50740 Fax -450740 Zentraleinrichtung fuer Datenverarbeitung, Central Systems (Unix) Freie Universitaet Berlin, Fabeckstrasse 32, 14195 Berlin, DE -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
[SM-USERS] Header encoding/charset issue in 1.4.23-svn
NOTE: SourceForge is currently having problems with their mailing lists. This is a message originally from Juergen Nickelsen sent on Thu, 13 Nov 2014 14:13:49 +0100 = Hello all, background: I run two SquirrelMail instances, one for our university members, the other for an academic government institute. Both are currently 1.4.22 (with a few, but different, local changes each) on Debian "Squeeze". Impending OS upgrade to "Wheezy" implies PHP 5.4, which AFAIK means I have to move to 1.4.23-svn. Rebasing our local changes on the squirrelmail-20141105_0200-SVN.stable snapshot seemed to be successful, except for one thing: Header lines (e.g. From, Subject) that are encoded in a charset (test case: iso-8859-1) that is not SquirrelMail's $default_charset (here: utf-8) are not decoded correctly. The error message in the log is "PHP Warning: htmlspecialchars(): Invalid multibyte sequence in argument in /home/webmail/src/squirrel/functions/strings.php on line 1512". SquirrelMail then does not display the corresponding header contents in the message list or the message display, rather "(unknown)". This issue is not only present in our locally patched versions, but also in the version in the Debian package of SquirrelMail for "Wheezy", which is claimed to be 2:1.4.23~svn20120406-2, so apparently 2.5 years older, as well as in a very sparingly-configured unpatched installation of today's 1.4.23-svn snapshot. The decisive point seems to be the value of $default_charset versus the header encoding -- only when I set it to 'utf-8', the problem appears with iso-8859-1 headers, although not with utf-8 headers. I tracked the issue down to functions/i18n.php:charset_encode(), where the charset used in the header line is not passed to sm_encode_html_special_chars(), so htmlspecialchars() is then called with the default encoding. This patch seems to fix the problem: diff --git a/functions/i18n.php b/functions/i18n.php index ec19c25..edbc6d6 100644 --- a/functions/i18n.php +++ b/functions/i18n.php @@ -184,7 +184,7 @@ function charset_decode ($charset, $string, $force_decode=3Dfalse, $save_html=3Dfals } /* All HTML special characters are 7 bit and can be replaced first *= / -if (! $save_html) $string =3D sm_encode_html_special_chars ($string)= ; +if (! $save_html) $string =3D sm_encode_html_special_chars ($string,= ENT_COMPAT | ENT_HTML401, $charset); $charset =3D strtolower($charset); set_my_charset(); I have attached a message that I have used to reproduce the problem. The >From and Subject header lines are encoded in iso-8859-1, while SquirrelMail's configured charset is utf-8. (I have also changed the language charset for the languages we use (de_DE, en_US) to utf-8. Apparently this is irrelevant, though.) Perhaps I am "doing it wrong", but we need UTF-8, as the university members and their correspondents come in all shapes, sizes, colors, and languages. -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
[SM-USERS] AddressBook::full_address() should not be called statically ...
NOTE: SourceForge is currently having problems with their mailing lists. This is a message originally from Juergen Nickelsen sent on Tue, 13 Jan 2015 15:22:43 +0100 = Recently we moved our SquirrelMail installation from Debian Squeeze to Wheezy, which implies a move from PHP 5.3 to PHP 5.4. The latter is probably the reason that the error log is now swamped by messages like this one: [Mon Jan 12 17:31:00 2015] [error] [client 172.19.10.20] PHP Strict Standards: Non-static method AddressBook::full_address() should not be called statically in /home/webmail/public_html/src/addrbook_search_html.php on line 129, referer: https://webmail.zedat.fu-berlin.de/src/compose.php?mailbox=3DINBOX&startM= essage=3D1 (Technically, the size of the error log doesn't matter so much, but I don't really like it that other, maybe more interesting error messages are obscured by a high number of these.) Now I am not a real PHP programmer, but when I look at that method and the places where it is called, it seems like it can or even *should* actually be a static method, as it does not use $this at all. So I tried and made the method static, and all places where the method is called still seem to work as intended. Is this maybe the way to go? Any objections? What will break when I put this change into production? Best regards, J=C3=BCrgen. --=20 Tel +49.30.838-50740 Fax -450740 Zentraleinrichtung fuer Datenverarbeitung, Central Systems (Unix) Freie Universitaet Berlin, Fabeckstrasse 32, 14195 Berlin, DE -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users