diff -Naur postfixadmin/CHANGELOG.TXT postfixadmin_cleartext/CHANGELOG.TXT
--- postfixadmin/CHANGELOG.TXT 2011-03-14 22:53:51.000000000 +0000
+++ postfixadmin_cleartext/CHANGELOG.TXT 2011-09-17 13:30:31.000000000 +0100
@@ -10,6 +10,10 @@
# Last update:
# $Id: CHANGELOG.TXT 1010 2011-03-14 22:53:51Z GingerDog $
+This version has been patched with Avi's cleartext password patch.
+see http://b.avi.co/postfixadmin-with-clear-text-pass
+
+
Version 2.3.3 - 2011/03/14 - SVN r1010 (postfixadmin-2.3 branch)
---------------------------------------------------------------
diff -Naur postfixadmin/CHANGELOG.TXT.rej postfixadmin_cleartext/CHANGELOG.TXT.rej
--- postfixadmin/CHANGELOG.TXT.rej 1970-01-01 01:00:00.000000000 +0100
+++ postfixadmin_cleartext/CHANGELOG.TXT.rej 2011-09-17 12:52:59.000000000 +0100
@@ -0,0 +1,13 @@
+--- CHANGELOG.TXT 2011-03-14 22:53:51.000000000 +0000
++++ CHANGELOG.TXT 2011-09-17 12:50:32.000000000 +0100
+@@ -10,6 +10,10 @@
+ # Last update:
+ # $Id: CHANGELOG.TXT 1010 2011-03-14 22:53:51Z GingerDog $
+
++This version has been patched with Avi's cleartext password patch.
++
++
++
+ Version 2.3.3 - 2011/03/14 - SVN r1010 (postfixadmin-2.3 branch)
+ ---------------------------------------------------------------
+
diff -Naur postfixadmin/config.inc.php postfixadmin_cleartext/config.inc.php
--- postfixadmin/config.inc.php 2011-07-23 19:35:50.000000000 +0100
+++ postfixadmin_cleartext/config.inc.php 2011-09-17 13:09:01.000000000 +0100
@@ -98,6 +98,14 @@
// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
$CONF['encrypt'] = 'md5crypt';
+// cleartext
+// Do you want to store cleartext passwords for email accounts?
+// true = store cleartext passwords (need to have a password_clear column in the mailbox table)
+// false = don't store cleartext passwords
+$CONF['cleartext'] = false;
+// and the same for admins:
+$CONF['cleartext_admin'] = false;
+
// In what flavor should courier-authlib style passwords be enrypted?
// md5 = {md5} + base64 encoded md5 hash
// md5raw = {md5raw} + plain encoded md5 hash
diff -Naur postfixadmin/config.inc.php.rej postfixadmin_cleartext/config.inc.php.rej
--- postfixadmin/config.inc.php.rej 1970-01-01 01:00:00.000000000 +0100
+++ postfixadmin_cleartext/config.inc.php.rej 2011-09-17 12:53:01.000000000 +0100
@@ -0,0 +1,15 @@
+--- config.inc.php 2011-07-23 19:35:50.000000000 +0100
++++ config.inc.php 2011-09-17 12:13:21.000000000 +0100
+@@ -98,6 +98,12 @@
+ // dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
+ $CONF['encrypt'] = 'md5crypt';
+
++// cleartext
++// Do you want to store cleartext passwords?
++// true = store cleartext passwords (need to have a password_clear column in the mailbox table)
++// false = don't store cleartext passwords
++$CONF['cleartext'] = 'true';
++
+ // In what flavor should courier-authlib style passwords be enrypted?
+ // md5 = {md5} + base64 encoded md5 hash
+ // md5raw = {md5raw} + plain encoded md5 hash
diff -Naur postfixadmin/create-mailbox.php postfixadmin_cleartext/create-mailbox.php
--- postfixadmin/create-mailbox.php 2010-05-17 23:56:23.000000000 +0100
+++ postfixadmin_cleartext/create-mailbox.php 2011-09-17 12:51:18.000000000 +0100
@@ -157,7 +157,7 @@
if ($error != 1)
{
- $password = pacrypt ($fPassword);
+ list ($password, $password_clear) = pacrypt ($fPassword);
if($CONF['maildir_name_hook'] != 'NO' && function_exists($CONF['maildir_name_hook'])) {
$hook_func = $CONF['maildir_name_hook'];
@@ -216,7 +216,14 @@
$local_part = $matches[1];
}
- $result = db_query ("INSERT INTO $table_mailbox (username,password,name,maildir,local_part,quota,domain,created,modified,active) VALUES ('$fUsername','$password','$fName','$maildir','$local_part','$quota','$fDomain',NOW(),NOW(),'$sqlActive')");
+ if($CONF['cleartext'] == true)
+ {
+ $result = db_query ("INSERT INTO $table_mailbox (username,password,password_clear,name,maildir,local_part,quota,domain,created,modified,active) VALUES ('$fUsername','$password','$password_clear','$fName','$maildir','$local_part','$quota','$fDomain',NOW(),NOW(),'$sqlActive')");
+ }
+ else
+ {
+ $result = db_query ("INSERT INTO $table_mailbox (username,password,name,maildir,local_part,quota,domain,created,modified,active) VALUES ('$fUsername','$password','$fName','$maildir','$local_part','$quota','$fDomain',NOW(),NOW(),'$sqlActive')");
+ }
if ($result['rows'] != 1 || !mailbox_postcreation($fUsername,$fDomain,$maildir, $quota))
{
$tDomain = $fDomain;
diff -Naur postfixadmin/create-mailbox.php.rej postfixadmin_cleartext/create-mailbox.php.rej
--- postfixadmin/create-mailbox.php.rej 1970-01-01 01:00:00.000000000 +0100
+++ postfixadmin_cleartext/create-mailbox.php.rej 2011-09-17 12:53:02.000000000 +0100
@@ -0,0 +1,27 @@
+--- create-mailbox.php 2010-05-17 23:56:23.000000000 +0100
++++ create-mailbox.php 2011-09-17 12:23:31.000000000 +0100
+@@ -157,7 +157,7 @@
+
+ if ($error != 1)
+ {
+- $password = pacrypt ($fPassword);
++ list ($password, $password_clear) = pacrypt ($fPassword);
+
+ if($CONF['maildir_name_hook'] != 'NO' && function_exists($CONF['maildir_name_hook'])) {
+ $hook_func = $CONF['maildir_name_hook'];
+@@ -216,7 +216,14 @@
+ $local_part = $matches[1];
+ }
+
+- $result = db_query ("INSERT INTO $table_mailbox (username,password,name,maildir,local_part,quota,domain,created,modified,active) VALUES ('$fUsername','$password','$fName','$maildir','$local_part','$quota','$fDomain',NOW(),NOW(),'$sqlActive')");
++ if($CONF['cleartext'] == true)
++ {
++ $result = db_query ("INSERT INTO $table_mailbox (username,password,password_clear,name,maildir,local_part,quota,domain,created,modified,active) VALUES ('$fUsername','$password','$password_clear','$fName','$maildir','$local_part','$quota','$fDomain',NOW(),NOW(),'$sqlActive')");
++ }
++ else
++ {
++ $result = db_query ("INSERT INTO $table_mailbox (username,password,name,maildir,local_part,quota,domain,created,modified,active) VALUES ('$fUsername','$password','$fName','$maildir','$local_part','$quota','$fDomain',NOW(),NOW(),'$sqlActive')");
++ }
+ if ($result['rows'] != 1 || !mailbox_postcreation($fUsername,$fDomain,$maildir, $quota))
+ {
+ $tDomain = $fDomain;
diff -Naur postfixadmin/edit-admin.php postfixadmin_cleartext/edit-admin.php
--- postfixadmin/edit-admin.php 2009-02-15 15:02:26.000000000 +0000
+++ postfixadmin_cleartext/edit-admin.php 2011-09-17 13:02:57.000000000 +0100
@@ -77,7 +77,7 @@
if ($fPassword == $fPassword2)
{
if(strlen($fPassword) >= $CONF['min_password_length']) {
- $fPassword = pacrypt($fPassword);
+ list ($fPassword, $fPassword_clear) = pacrypt($fPassword);
}
else {
$error = 1;
@@ -105,7 +105,11 @@
if ($fPassword != '') { # do not change password to empty one
$password_query = ", password='$fPassword'";
}
- $result = db_query ("UPDATE $table_admin SET modified=NOW(),active='$sqlActive' $password_query WHERE username='$username'");
+ if($CONF['cleartext_admin'] == true){
+ $result = db_query ("UPDATE $table_admin SET modified=NOW(),active='$sqlActive' $password_query, password_clear='$password_clear' WHERE username='$username'");
+ }else{
+ $result = db_query ("UPDATE $table_admin SET modified=NOW(),active='$sqlActive' $password_query WHERE username='$username'");
+ }
if ($fSadmin == "on") $fSadmin = 'ALL';
diff -Naur postfixadmin/edit-admin.php.rej postfixadmin_cleartext/edit-admin.php.rej
--- postfixadmin/edit-admin.php.rej 1970-01-01 01:00:00.000000000 +0100
+++ postfixadmin_cleartext/edit-admin.php.rej 2011-09-17 12:53:02.000000000 +0100
@@ -0,0 +1,24 @@
+--- edit-admin.php 2009-02-15 15:02:26.000000000 +0000
++++ edit-admin.php 2011-09-17 12:44:10.000000000 +0100
+@@ -77,7 +77,7 @@
+ if ($fPassword == $fPassword2)
+ {
+ if(strlen($fPassword) >= $CONF['min_password_length']) {
+- $fPassword = pacrypt($fPassword);
++ list ($fPassword, $fPassword_clear) = pacrypt($fPassword);
+ }
+ else {
+ $error = 1;
+@@ -105,7 +105,11 @@
+ if ($fPassword != '') { # do not change password to empty one
+ $password_query = ", password='$fPassword'";
+ }
+- $result = db_query ("UPDATE $table_admin SET modified=NOW(),active='$sqlActive' $password_query WHERE username='$username'");
++ if($CONF['cleartext'] == true){
++ $result = db_query ("UPDATE $table_admin SET modified=NOW(),active='$sqlActive' $password_query, password_clear='$password_clear' WHERE username='$username'");
++ }else{
++ $result = db_query ("UPDATE $table_admin SET modified=NOW(),active='$sqlActive' $password_query WHERE username='$username'");
++ }
+
+ if ($fSadmin == "on") $fSadmin = 'ALL';
+
diff -Naur postfixadmin/edit-mailbox.php postfixadmin_cleartext/edit-mailbox.php
--- postfixadmin/edit-mailbox.php 2008-12-12 19:40:39.000000000 +0000
+++ postfixadmin_cleartext/edit-mailbox.php 2011-09-17 12:51:18.000000000 +0100
@@ -107,7 +107,7 @@
flash_error(sprintf($PALANG['pPasswordTooShort'], $CONF['min_password_length']));
$error = 1;
}
- $formvars['password'] = pacrypt($fPassword);
+ list($formvars['password'], $password_clear) = pacrypt($fPassword);
}
}
else {
diff -Naur postfixadmin/edit-mailbox.php.rej postfixadmin_cleartext/edit-mailbox.php.rej
--- postfixadmin/edit-mailbox.php.rej 1970-01-01 01:00:00.000000000 +0100
+++ postfixadmin_cleartext/edit-mailbox.php.rej 2011-09-17 12:53:03.000000000 +0100
@@ -0,0 +1,11 @@
+--- edit-mailbox.php 2008-12-12 19:40:39.000000000 +0000
++++ edit-mailbox.php 2011-09-17 12:35:58.000000000 +0100
+@@ -107,7 +107,7 @@
+ flash_error(sprintf($PALANG['pPasswordTooShort'], $CONF['min_password_length']));
+ $error = 1;
+ }
+- $formvars['password'] = pacrypt($fPassword);
++ list($formvars['password'], $password_clear) = pacrypt($fPassword);
+ }
+ }
+ else {
diff -Naur postfixadmin/functions.inc.php postfixadmin_cleartext/functions.inc.php
--- postfixadmin/functions.inc.php 2011-03-13 20:36:24.000000000 +0000
+++ postfixadmin_cleartext/functions.inc.php 2011-09-17 12:51:18.000000000 +0100
@@ -1242,7 +1242,7 @@
}
$password = escape_string ($password);
- return $password;
+ return array($password, $pw);
}
//
@@ -2305,10 +2305,16 @@
if ($error != 1)
{
- $password = pacrypt($fPassword);
+ list ($password, $password_clear) = pacrypt($fPassword);
$pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text'];
+# if($CONF['cleartext'] == true){
+# $result = db_query ("INSERT INTO " . table_by_key('admin') . " (username,password,password_clear,created,modified) VALUES ('$fUsername','$password','$password_clear',NOW(),NOW())");
+# }
+# else
+# {
+ $result = db_query ("INSERT INTO " . table_by_key('admin') . " (username,password,created,modified) VALUES ('$fUsername','$password',NOW(),NOW())");
+# }
- $result = db_query ("INSERT INTO " . table_by_key('admin') . " (username,password,created,modified) VALUES ('$fUsername','$password',NOW(),NOW())");
if ($result['rows'] != 1)
{
$tMessage = $PALANG['pAdminCreate_admin_result_error'] . "
($fUsername)
";
diff -Naur postfixadmin/functions.inc.php.rej postfixadmin_cleartext/functions.inc.php.rej
--- postfixadmin/functions.inc.php.rej 1970-01-01 01:00:00.000000000 +0100
+++ postfixadmin_cleartext/functions.inc.php.rej 2011-09-17 12:53:04.000000000 +0100
@@ -0,0 +1,30 @@
+--- functions.inc.php 2011-03-13 20:36:24.000000000 +0000
++++ functions.inc.php 2011-09-17 12:38:39.000000000 +0100
+@@ -1242,7 +1242,7 @@
+ }
+
+ $password = escape_string ($password);
+- return $password;
++ return array($password, $pw);
+ }
+
+ //
+@@ -2305,10 +2305,16 @@
+
+ if ($error != 1)
+ {
+- $password = pacrypt($fPassword);
++ list ($password, $password_clear) = pacrypt($fPassword);
+ $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text'];
++# if($CONF['cleartext'] == true){
++# $result = db_query ("INSERT INTO " . table_by_key('admin') . " (username,password,password_clear,created,modified) VALUES ('$fUsername','$password','$password_clear',NOW(),NOW())");
++# }
++# else
++# {
++ $result = db_query ("INSERT INTO " . table_by_key('admin') . " (username,password,created,modified) VALUES ('$fUsername','$password',NOW(),NOW())");
++# }
+
+- $result = db_query ("INSERT INTO " . table_by_key('admin') . " (username,password,created,modified) VALUES ('$fUsername','$password',NOW(),NOW())");
+ if ($result['rows'] != 1)
+ {
+ $tMessage = $PALANG['pAdminCreate_admin_result_error'] . "
($fUsername)
";
diff -Naur postfixadmin/login.php postfixadmin_cleartext/login.php
--- postfixadmin/login.php 2010-08-22 13:18:43.000000000 +0100
+++ postfixadmin_cleartext/login.php 2011-09-17 12:51:18.000000000 +0100
@@ -58,7 +58,7 @@
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
- $password = pacrypt ($fPassword, $row['password']);
+ list($password, $undef) = pacrypt ($fPassword, $row['password']);
$result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'");
if ($result['rows'] != 1)
{
diff -Naur postfixadmin/login.php.rej postfixadmin_cleartext/login.php.rej
--- postfixadmin/login.php.rej 1970-01-01 01:00:00.000000000 +0100
+++ postfixadmin_cleartext/login.php.rej 2011-09-17 12:53:05.000000000 +0100
@@ -0,0 +1,11 @@
+--- login.php 2010-08-22 13:18:43.000000000 +0100
++++ login.php 2011-09-17 12:47:52.000000000 +0100
+@@ -58,7 +58,7 @@
+ if ($result['rows'] == 1)
+ {
+ $row = db_array ($result['result']);
+- $password = pacrypt ($fPassword, $row['password']);
++ list($password, $undef) = pacrypt ($fPassword, $row['password']);
+ $result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'");
+ if ($result['rows'] != 1)
+ {
diff -Naur postfixadmin/model/UserHandler.php postfixadmin_cleartext/model/UserHandler.php
--- postfixadmin/model/UserHandler.php 2009-08-21 13:10:54.000000000 +0100
+++ postfixadmin_cleartext/model/UserHandler.php 2011-09-17 12:53:16.000000000 +0100
@@ -31,9 +31,17 @@
$active = db_get_boolean(True);
$result = db_query("SELECT * FROM $table_mailbox WHERE username='$username' AND active='$active'");
- $new_db_password = escape_string(pacrypt($new_password));
+ list($new_db_password, $new_db_password_clear) = pacrypt($new_password);
+ $new_db_password = escape_string($new_db_password);
+ $new_db_password_clear = escape_string($new_db_password_clear)
- $result = db_query ("UPDATE $table_mailbox SET password='$new_db_password',modified=NOW() WHERE username='$username'");
+ if($CONF['cleartext'] == true){
+ $result = db_query ("UPDATE $table_mailbox SET password='$new_db_password',password_clear='$new_db_password_clear',modified=NOW() WHERE username='$username'");
+ }
+ else
+ {
+ $result = db_query ("UPDATE $table_mailbox SET password='$new_db_password',modified=NOW() WHERE username='$username'");
+ }
db_log ($username, $USERID_DOMAIN, 'edit_password', "$username");
return true;
diff -Naur postfixadmin/password.php postfixadmin_cleartext/password.php
--- postfixadmin/password.php 2009-02-15 15:02:26.000000000 +0000
+++ postfixadmin_cleartext/password.php 2011-09-17 13:04:19.000000000 +0100
@@ -53,7 +53,7 @@
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
- $checked_password = pacrypt ($fPassword_current, $row['password']);
+ list ($checked_password, $undef) = pacrypt ($fPassword_current, $row['password']);
$result = db_query ("SELECT * FROM $table_admin WHERE username='$username' AND password='$checked_password'");
if ($result['rows'] != 1)
@@ -76,8 +76,12 @@
if ($error != 1)
{
- $password = pacrypt ($fPassword);
- $result = db_query ("UPDATE $table_admin SET password='$password',modified=NOW() WHERE username='$username'");
+ list($password, $password_clear) = pacrypt ($fPassword);
+ if ($CONF['cleartext_admin'] == true){
+ $result = db_query ("UPDATE $table_admin SET password='$password',password_clear='$password_clear',modified=NOW() WHERE username='$username'");
+ }else{
+ $result = db_query ("UPDATE $table_admin SET password='$password',modified=NOW() WHERE username='$username'");
+ }
if ($result['rows'] == 1)
{
$tMessage = $PALANG['pPassword_result_success'];