JonnyFunFun Posted October 16, 2004 Posted October 16, 2004 Hi! I am setting up a website for my volunteer fire company (www.southlockportfire.com) and I wanted to give every member their own e-mail address. However, I want to know if there is a way in which I can make my own change password form so that they can change their passwords whenever they want to without doing the change password form built into cPanel (most of them are not to technologically inclined and I"m not sure that they'll know what to do with cPanel). Any help would be most appreciated! Thanks! - Jonathan jonathan@enzinnainteractive.com enzinnaj@southlockportfire.com Quote
TCH-Don Posted October 16, 2004 Posted October 16, 2004 Welcome to the Family Jonathan and your new home! Have you looked at the help site page Allow users to change their e-mail password ? Would this work for you? We really are like family here. So if you need anything, just ask your new family! We love to help Quote
TCH-Bruce Posted October 16, 2004 Posted October 16, 2004 Welcome to the family, Johnathan! And your new home. Quote
JonnyFunFun Posted October 17, 2004 Author Posted October 17, 2004 I was really hoping to integrate a custom change password form into the webmail program I wrote. I made our own webmail script so I could tailor it to our needs. Is there a way that I could use curl to post the data to your form securely? Quote
TCH-Rob Posted October 19, 2004 Posted October 19, 2004 Welcome to the forums Johnny and welcome home. Curl is installed but I have never tried to do what you are proposing so I cannot give an answer that will help. Quote
JonnyFunFun Posted October 19, 2004 Author Posted October 19, 2004 Well it is used to allow access to AWstats to a user without giving them the cPanel password, so it is possible that it could also be used for this? Quote
TCH-Don Posted October 19, 2004 Posted October 19, 2004 If you find an answer, be sure to let us know. I bet others would like to do this too. Quote
jandafields Posted October 21, 2004 Posted October 21, 2004 This is something that I am currently working on. There's a couple different ways I could go with it. I'll post when it's stable. Quote
JonnyFunFun Posted October 22, 2004 Author Posted October 22, 2004 I finally figured out how to do it using curl. The only thing is that to make it simpler, our users only log in with their username without "+southlockportfire.com" after it (just makes it easier to remember). So I have a form where the user inputs their username, current password, and new password (named 'username', 'currentpw', and 'newpass' respectively). And it posts to the following PHP script: ><?php $path_to_cpform = "http://".$_POST['username']."%2Bsouthlockportfire%2Ecom:".$_POST['currentpw']."@www.southlockportfire.com:2095/dowebmailpasswd.cgi"; $pass_to = "oldpass=".$_POST['currentpw']."&newpass=".$_POST['newpass']; exec("/usr/bin/curl '".$path_to_cpform."?".$pass_to."'", $reutn_array, $return_var); unset($PHP_AUTH_USER); unset($PHP_AUTH_PW); echo('<meta http-equiv="REFRESH" content="0;URL=http://mail.southlockportfire.com/">'); ?> I'm sure that if you just change "southlockportfire.com" you'll be able to use this script with your domain, too. Let me know if it works for anybody else! Jonathan jonathan@enzinnainteractive.com enzinnaj@southlockportfire.com Quote
TCH-Rob Posted October 22, 2004 Posted October 22, 2004 Cool, I will have to try it out. Thanks. Thumbs Up Quote
jandafields Posted October 22, 2004 Posted October 22, 2004 Cool. That method looks quite nice. If you want to get really low-level, this script I made actually encrypts the password to the required linux format itself, and directly edits the password shadow file. It does not use or interface with curl or CPanel at all, and therefore does not need the current CPanel password. Because it does not need either the current email password or your CPanel password, you could use this to implement a "Forgot your password?" link into your custom webmail application, and you allow the user to change their forgotton password after you verify their birthday or something. Name the following file exactly: changepass.php Make sure there are no blank lines at the top of the file, and put your cpanel id in the place where it shows, so it will know where your files are located. And put it in the cgi-bin folder, and give it 755 access. <---VERY IMPORTANT - It won't work if not in the cgi-bin folder!!! (You can put it in a folder in the cgi-folder if you want, though, just make sure it has exactly 755 access.) Then, go to http://www.******/cgi-bin/changepass.php You could remove the html stuff and use this inside another script if you wanted... >#!/usr/bin/php -q <?php //put your cpanel user name between the quotes below $cpanel_user_id = "cpanel_id_goes_here"; if ($status != "change_password") { echo "<html><body>"; echo "<form action=changepass.php>"; echo "Enter username: "; echo "<input type=text name=user>"; echo "<br><br>"; echo "Enter new password: "; echo "<input type=text name=pass>"; echo "<br><br>"; echo "<input type=submit name=status value=change_password>"; echo "<br><br></form></body></html>"; } error_reporting (0); if ($status == "change_password") { echo "<html><body>"; $shadow = "/home/" . "$cpanel_user_id" . "/etc/shadow"; if (!$fp = fopen($shadow, "r+")) die("Error opening shadow file! - Make sure this script is in cgi-bin and that you have entered the correct cpanel-id in this script!"); flock ($fp, 1); $found = "no"; while (!feof($fp)) { $marker = ftell($fp); $current = fgets($fp); $tok = strtok($current, ":"); $marker2 = ftell($fp); if ($tok == "$user") { fseek($fp, $marker, SEEK_SET); fseek($fp, strpos("$current", ':') + 1, SEEK_CUR); fputs($fp, crypt($pass, rand(10,99)), 13); $found="yes"; echo "Password Changed!"; fseek($fp, $marker2, SEEK_SET); } } if ($found == "no") echo "Username NOT FOUND!!!<br><br>"; flock ($fp, 3); fclose($fp); } ?> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.