sandrodz
commented
9 years ago erm, I don't remember exactly but I think log file was somewhere at /data/_data_xxxxxxxxxxxxxxxxxx/default/logs/
Open StevenCK opened 9 years ago
sandrodz
commented
9 years ago erm, I don't remember exactly but I think log file was somewhere at /data/_data_xxxxxxxxxxxxxxxxxx/default/logs/
Biflette
commented
9 years ago @StevenCK , I had the same problem for months, and i decided to fix it few days ago.
@sandrodz is right, u found some informations on logs, at /data/data_xxxxxxxxxxxxxxxxxx/_default/logs/ that tells you there is an issue on the PHP code (L77(index code) and L186(driver code) i think)
It seems that an "if" condition on the plugins is wrong :
At L186, exactly, u can see there are some conditions for your update pass to be accepted by the plugin : the lenght, allowed characters and... an other strange condition :
crypt($sPrevPassword, $sCryptPass) === $sCryptPass
What i understand is : CryptPass and crypt function have to be exactly same output, which is , for me , impossible. Or i miss something, but if u delete this line, you will be able to modify your password from the plugin's panel.
This part of condition : !preg_match('/[^A-Za-z0-9]+/', $sNewPassword) means, i presume, that your NEW PASSWORD must contain ONLY alphanumerics characters .
Here is my code to make it works with some specials charaters (@, ! etc...). You can juste replace L186 by this, and it will certainly work :
if (0 < strlen($sCryptPass) && 7 < mb_strlen($sNewPassword) && 20 > mb_strlen($sNewPassword) && !preg_match('/[^A-Za-z0-9?,.;/:§!@#)(+=]/', $sNewPassword))
Hope it will help :)
sandrodz
commented
9 years ago Hey, this crypt($sPrevPassword, $sCryptPass) === $sCryptPass checks if old password is correct. if you remove it, and user leaves browser logged in, someone else can easily change the password.
if you are not using crypt() this is where you should replace password checking.
Biflette
commented
9 years ago Hey,
I've checked, and even if i delete crypt() function, i cant change password without the old one ! This control (old pass) is in an other part of the code if i remember :)
What i understand about it : this is a comparation between hash of old password, salted with new crypt password, and new crypt password, which cannot be true. " === " means perfectly same , right ?
NoobLaner
commented
4 years ago is there any update ? i have this problem rn
r1bnc
commented
3 years ago Fresh install of poppassd and rainloop community edition, has error that Could not save new password.
Checking the log file, it shows:
FastCGI sent in stderr: "PHP message: PHP Warning: Declaration of MaailSo\Poppassd\PoppassdClient::Connect($sServerName, $iPort = 106, $iSecurityType = MailSo\Net\Enumerations\Connec....
kamiwareorg
commented
2 years ago IspConfigChangePasswordDriver.php.gz
for anybody having this error on ISPConfig 3.2, here is an patched version that works for me. (On php8.1)
Hi Sandrodz,
I activated this plugin in the admin panel and correctly filled out all the parameters. Then I went to the user panel to change password. But I got the error:Could not save new password Since I can't find the rainloop error log path in my Centos6 server,I don't know what's wrong either. Could you help me and give me some advises.
Thanks.