Change MySQL Password plugin for SquirrelMail
---------------------------------------------
Mark Motley, mmotley@la-mirada.net and Thijs Kinkhorst, thijs@kinkhorst.com
and Paul Lesneiwski, pdontthink@angrynerds.com and Dustin Anders, dustin@unixfun.com 
Ver 3.2, Apr 11 2003

NOTE: New functionality in v.2.0 requires SquirrelMail 1.2.8.

This plugin was heavily based on the change LDAP password module by:
Simon Annetts, simon@ateb.co.uk


This plugin allows the user to change their password when it's stored in
a MySQL database. 


This plugin supports maintaining MD5 and Crypt passwords.  For instructions
on how to get Squirrelmail to use a combination of MySQL and PAM for 
authentication (and MD5), please check out the README at 
http://jeffco.net/downloads/squirrelmail 


Also, this plugin supports forcing users to change passwords on startup.
See config.php.sample for details.


Finally, if you have SSL configured for your web server (mod_ssl/apache_ssl, etc),
you can force the passwords to be submitted over an encrypted connection by
setting the $use_ssl_for_password_change variable in the config.php file to 1.
(Note that if you already serve your entire SquirrelMail site in https, you
will want to turn this off!)


Make sure you copy the config.php.sample file to config.php and modify it
to specify the required login, database, table, and column information to fit
your needs.



This can be used by admins using the MySQL SASL patch with Cyrus IMAP,
which is how I'm using it.  Under this model, a table is created with
userid and (optionally) crypted password columns.  Cyrus SASL authenticates
users via this table.  

Note - It also works great with a Courier-IMAP MySQL configuration.


The SASL-mysql patch for Cyrus SASL can be obtained from:
http://www.dmzs.com/~dmz/projects/cyrus/

I recommend you modify the patch and turn on encryption on the
password.  Do this by changing this section:

+ //#define QUERY_STRING    "select %s from %s where %s = '%s' and %s = password('%s')"
+ #define QUERY_STRING    "select %s from %s where %s = '%s' and %s = '%s'"

Just unremark the first line and remark the second.  If you do this,
make sure you set the "mysql_saslcrypt" variable to 1.  If you use
unencrypted passwords (standard patch), set it to 0 and it will use
plaintext passwords.

SECURITY NOTE:
  Since the MySQL username and password are being stored in plaintext
in the config.php file (if you're using that functionality), it is
strongly advised that at the minimum you pay attention to the ownership
and permissions on that file!  An example would be:
chown root:apache config.php; chmod 640 config.php


--CREDITS-------------------------------

Version 3.2 was written by Paul Lesneiwski <pdontthink@angrynerds.com>

Version 3.1 was written by Chris Hilts <tassium@squirrelmail.org>

Version 3.0 was written by Paul Lesneiwski <pdontthink@angrynerds.com>

Version 2.0 was written by Dustin Anders, dustin@unixfun.com with help from Paul Vinson,
vinson@vinson.com and the use of Jure Koren <jure@kiss.uni-lj.si>'s MD5 algorithm and
Paul Lesneiwski <pdontthink@angrynerds.com> helped with integration thereof.

Version 1.3 thru 1.5.1 and version 2.1 was written by Paul Lesneiwski <pdontthink@angrynerds.com>

Version 1.2 was written by Mark Motley, mmotley@la-mirada.net and Thijs Kinhorst, thijs@kinkhorst.com

Original version was written by Simon Annetts, simon@ateb.co.uk


--CHANGE LOG----------------------------

1.0     Initial Release, stable for me...

1.1     Support databases which contain the password encrypted with
        UNIX crypt(). Code cleaned. Use new Plugin hooks.

1.2     Register_globals = off compatible.

1.3     Autofocus cursor into first password field.
        Fixed bug where resetting cookie had been failing.

1.4     Added SSL option for submitting passwords over encrypted
        connections.  Added cancel button.  Fixed report-back
        mechanism indicating success or failure on main options
        page.

1.5     Fix for sites that already serve all pages in https (thanks
        to Michael Goepper).

1.5.1   Theme colors now load properly (thanks to Chris Symons).

2.0     Fixed session cookie for password changed.
        Added MD5 read/write support from mysql table.
        Added capability to force users to change password after login.

2.1     Added functionality that allows a 2nd database field to be
        used to construct the user ID with which to query the database
        for password update.
        Updated for compatibility with Update Plugins plugin.
        All output strings have been internationalized (as of now,
        there is not a change_mysqlpass domain (if someone thinks this is
        appropriate, it can be done easily), so the translations
        should be updated in the squirrelmail domain -- see the .po
        file in the change_mysqlpass directory for the strings you need to
        translate).

3.0     Added a register_globals=Off fix.
        New setup.php format for better overall SquirrelMail performance.
        Updated for compatibility with SquirrelMail 1.4.
        
3.1     Fixed errors some people were having after a successful password 
        change in SM 1.4.

3.2     Added ability to specify a cleartext password field that will
        get updated along with the encrypted password field - use at
        your own risk!
        Updated for new plugin version reporting API.

