Email password not encoded in the database


After upgrading to 0.29.04, when I add an email user, the password is stored in clear text in the database and the user can't login.
I used a hash from another user and it works, but I don't know what type of hash it is, so I can't change the password.

Can you help me with this problem?

A few things to know about upgrade and emails:

Version 0.27 and before used hashed passwords for emails, but, email users cannot login to ehcp and cannot change their passwords.

To enable them to login to ehcp and let them change their passwords, define forwardings, we had to switch to plaintext passwords for email users. There are a few reasons for this.

With version 0.28 and later, new email users will have plaintext passwords.
if you upgraded from a version older than 0.28, then you should do following for emails working:
1- login to panel, reset all email passwords, you may also do this in phpmyadmin, by a sql clause like: update emailusers set password='1234';

2- open file /etc/courier/authmysqlrc,
replace line:

this way, all your emails works, email users can login to all: webmail, imap/pop, ehcp email login,

or, alternatively, if you have a few domains and email users, you may just do a clean ubuntu/debian install followed by a clean ehcp install,..

hope this helped you.

I really think this is a bad idea!!!
I don't want plain text passwords in my database. How can I generate the hashes manually? I don't have to add email users often, so I can use phpmyadmin to enter the hashed passwords.

if you wish to keep your email passwords hashed, then you need to do following:
1- leave your /etc/courier/authmysqlrc as old one, that is, MYSQL_CRYPT_PWFIELD password
2- you need to edit classapp.php (of version 0.28 and higher) function addEmailUser and edit the sql to be cyrpt($password), or alternatively you may just copy that function from old version of classapp.php
3- in this case, your email users wont be able to login to ehcp and wont be able to change their passwords..

Why we switched to plaintext passes (For developers-programmers):
* many people wanted email users can change their passes, forwarding etc, by loging into panel,
* email authentication system supports - as i know - only two authentication schemes, 1- plaintext, 2-crypted passes. with crypted passes, i could not handle login to panel (php login functions), so, i switched to plaintext.

I know plaintext passes are not preferable, but i had to do this for email users self-pass change feature..
if anybody helps me, in fixing this , in such a way that both authmysql library and php login works same way.

for example, if i could handle panel login with crypt passes, i would keep it so.
or if i could handle email auth with md5 passes, then i would keep it md5, because md5 login to panel is possible..
but, crypt login to panel is not possible or i could not manage it.

to simulate case:
take emailusers table of ehcp db,
manually add emailusers with passes crypted with mysql crypt function,
then try to use this table as a login table, an try to write a php file that authenticates users against this table...

In any case, i will try to fix this issue in future.

That solved my problem. Thank you!

i think i will solve this problem completely,
that is, it seems that i found a way to store passwords encrypted, while still being able to login to ehcp.. ! :) for email users...
i will test this asap, and include in next version, if succeed...

i solved it, and sent you new classapp.php file by mail.
i tested abit,

i fixed:
1- email users pass encrypted,
2- email users can login to panel and change their pass.

thank you for your suggestion :)

with newer versions of ehcp, (0.29.06 and later) i will include this new file/feature