Roundcube: allow users to change their own passwords

If you are running a mail server, I’m pretty sure you’ve invested some time in testing Squirrelmail or Horde in order to provide your users a web access to their emails. Both of them are rock solid, but the lack of a good looking out-of-the-box UI is starting to weight more and more in our web x.0 days.

Roundcube is an alternative, not as mature as the aforementioned, open source software released under GPL license which comes with an awesome default skin. Sadly, it still misses one important thing: the control to make user able to change their own password. But that’s your lucky day: I made a small patch to allow this in Roundcube 0.1 (stable).

My work is based on polinoma’s code found here. You need to apply the patch file (check here if you don’t know how to) which is found at the end of this article or follow the instructions below. Either way, you need to tweak the program\steps\settings\ file to tell Roundcube how your password is stored in the database.

Step 1. Modifying program\steps\settings\
Aproximately near line 27, there is a block where an array is declared. It starts with “$a_user_prefs = array(“. Just add the following line under the “‘prefer_html’ => isset($_POST[‘_prefer_html’]) ? TRUE : FALSE,” line
[code lang=”php” gutter=”true”]
// Password MOD
‘password’ => isset($_POST[‘_password’]) ? TRUE : FALSE,
// End Password MOD[/code]

Now after the “foreach ((array)$CONFIG[‘dont_override’] as $p)” near line 39, add the block which handles password saving to DB

[code lang=”php” gutter=”true”]
// Password MOD
if (isset($_POST[‘_password’]))
$tmpEncPass = YourEncryptionFunctionHERE($_POST[‘_password’], "");

mysql_query("UPDATE CCC.TableWithPasswordHERE SET password = ‘".$tmpEncPass."’ WHERE username = ‘".$_SESSION[‘username’]."’")
or die(mysql_error());

$_SESSION[‘password’] = encrypt_passwd($_POST[‘_password’]);
// End Password MOD[/code]

In case your database holds encrypted user passwords, put the name of the hashing function in place of YourEncryptionFunctionHERE. If you are storing MD5 hashes of the password in your database and the hashing function you use is md5, you would be writing that instead of YourEncryptionFunctionHERE. Don’t forget to change the query in mysql_query to make it work with your database.

Step 2. Modifying program\steps\settings\
Near line 200, look for “$out .= “\n</table>$form_end”;“. Before this line, add the following block:

[code lang=”php” gutter=”true”]
// Password MOD
$field_id = ‘rcmfd_password’;
$input_password = new textfield(array(‘name’ => ‘_password’, ‘id’ => $field_id, ‘size’ => 20));
$out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s (empty = unchanged)</td></tr>\n",
// End Password MOD[/code]

If you followed my instructions, it should already be working (hopefully). As usual, if you have any trouble feel free to ask for help by writing a comment!

Patch file for Roundcube 0.1 (Stable)