Closed GoogleCodeExporter closed 8 years ago
GoogleCodeExporter
commented
8 years ago It looks like you have not configured the plugin or the plugin does not detect
you impersonate master due to a misconfiguration.Original comment by myroundc...@gmail.com on 6 Jun 2014 at 5:31
GoogleCodeExporter
commented
8 years ago I'm sorry but following your online DOC and trying to make the config settings
through both the RC plugin settings screen and manually via the CLI / config
file, it simply does not work. Your config is simple enough as well as how to
use it so I really doubt I'm making a mistake. Rather than telling me "it works
for you", can you please offer me some assistance to getting this up & running,
especially considering I paid for this plugin?
Thanks. Original comment by fabian.s...@gmail.com on 6 Jun 2014 at 2:29
GoogleCodeExporter
commented
8 years ago The log entry "<impersonated user>*<admin user>" let me assume you didn't
configure the plugin or you mis-configured the plugin or you missed to install
'savepassword' plugin. This is a bug tracker and not a support forum. So,
please see replies here in this context. "Worksforme" is a standarized ticket
closing label. Support links are available from Project Home.
Here is the code in question:
{{{
function login($data){
$rcmail = rcmail::get_instance();
$seperator = $rcmail->config->get('impersonate_seperator', '*');
$logon_user = get_input_value('_logon_user', RCUBE_INPUT_POST);
if(!$logon_user){
$logon_user = get_input_value('_user', RCUBE_INPUT_POST);
}
if(strpos($logon_user, $seperator)) {
$arr = explode($seperator, $logon_user);
if(count($arr) == 2) {
if(class_exists('hmail_login')){
if(!strstr($arr[1], '@'))
$arr[1] = $arr[1] . "@" . $rcmail->config->get('hmail_default_domain');
$arr[1] = hmail_login::resolve_alias($arr[1], false);
}
$host = get_input_value('_host', RCUBE_INPUT_POST);
if(!$host){
$host = $rcmail->config->get('default_host', 'localhost');
}
$query = 'SELECT * FROM '.get_table_name('users').' WHERE username LIKE ? AND mail_host=? LIMIT 1';
$ret = $rcmail->db->query($query, $arr[1], $host);
$user = $rcmail->db->fetch_assoc();
if(isset($user['password']) && $arr[1] == $rcmail->config->get('impersonate_master')){
$pass = get_input_value('_pass', RCUBE_INPUT_GPC);
if($pass == $rcmail->decrypt($user['password'])){
if(class_exists('hmail_login')){
if(!strstr($arr[0],'@'))
$arr[0] = $arr[0] . "@" . $rcmail->config->get('hmail_default_domain');
$arr[0] = hmail_login::resolve_alias($arr[0]);
}
$ret = $rcmail->db->query($query, $arr[0], $host);
$user = $rcmail->db->fetch_assoc();
$data['user'] = $arr[0];
$data['pass'] = $rcmail->decrypt($user['password']);
$_SESSION['impersonate'] = true;
$_SESSION['impersonate_account'] = $arr[1];
}
}
}
}
return $data;
}
}}}
As you see, first it takes '_user' (if not present '_logon_user') and '_host'
from $_POST (Roundcube Login form). This is "<impersonated user>*<admin user>".
The sting is parsed by the separator '*' to receive the "impersonate master"
<admin user>. Finally it tries to find the user (<admin user>)in Roundcube's
database table 'users':
{{{
$query = 'SELECT * FROM '.get_table_name('users').' WHERE username LIKE ? AND
mail_host=? LIMIT 1';
$ret = $rcmail->db->query($query, $arr[1], $host);
}}}
If it detects the user and it finds a saved (encrypted) password for this user
then <admin user> is treated as the user who logs in and the account get
"impersonated".
As you see from your logs it does not even come to this point. CONCLUSION:
Either misconfiguration, a custom login form or it does not detect the user
(and its password) in the database.
Did you install 'savepassword' plugin and did you adjust database?
This is clearly not a bug. Therefore the ticket has been closed and labeled as
"Worksforme". Please have a look @ download counts of the plugin
(http://myroundcube.com/myroundcube-plugins - 11386 at the moment). It is quite
unlikely that the plugin works for all others but not for you.
If you still can't get it to work, please post @ support forum
(http://forum.myroundcube.com) or use contact form
(http://myroundcube.com#contact). Our team will be happy to assist you.Original comment by myroundc...@gmail.com on 6 Jun 2014 at 3:02
GoogleCodeExporter
commented
8 years ago You are right and my sincerest apologies to anyone involved with this ticket
submission and response. i will search the forum for help and/or make a contact
request.
My config and database are right but I feel this may have to do with the fact
that I use iredmail and perhaps how it and how RC has been configured to handle
users / passwords. Perhaps this is the root cause.....
Thanks again and sorry about my comments earlier. Original comment by fabian.s...@gmail.com on 7 Jun 2014 at 12:41
GoogleCodeExporter
commented
8 years ago oh, and yes i did install savepassword and i do see it properly populating the
database tables as necessary. Original comment by fabian.s...@gmail.com on 7 Jun 2014 at 12:42
GoogleCodeExporter
commented
8 years ago If you are interested in giving us remote access to check the issue, please
feel free to contact us by our contact form.Original comment by myroundc...@gmail.com on 7 Jun 2014 at 3:59
GoogleCodeExporter
commented
8 years ago well, i feel silly. i was making a mistake in using the plugin and it's
actually been functional this entire time; when i saw your readme example:
Password: admin@domain.ltd_password
i mistook that for meaning the password field should have been filled out with:
<admin's email address>_<admin's password>
when really, it just needed to be the admin's password alone as i normally
would have used. oh well, shame on me. thanks for your input. the plugin works
fine. Original comment by fabian.s...@gmail.com on 7 Jun 2014 at 10:47
Original issue reported on code.google.com by
fabian.s...@gmail.comon 5 Jun 2014 at 2:28