Plugin that adds functionality so that a user can request a link to generate a new password if the original is lost. Additionally, an administrator is able to reset the user's password using this plugin.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.
@authors-original: Fabio Perrella and Thiago Coutinho (Locaweb)
Version 1.13:
Date: 27-May-2020
password plugin
Note: forgot_password must be placed in in RC_INSTALL/config/config.inc.php plugins
array after password.
forgot_password table will need to be created in RC installation's SQL database (e.g., roundcubedb).
See SQL/forgot_password.sql for the query to do so.
Clone the repo to your RC_INSTALL/plugins directory, e.g.
git clone git@github.com:jerryrelmore/roundcube-forgot_password.git
Once the repo is cloned, rename the directory from RC_INSTALL/plugins/roundcube-forgot_password
to RC_INSTALL/plugins/forgot_password
Open your SQL database (e.g., mysql -uroot -p), switch to your RC db (e.g., use roundcubedb;) and run the query
from SQL/forgot_password.sql to create the forgot_password table.
Update RC_INSTALL/config/config.inc.php and add the following (note that forgot_password must
come after password):
$config['plugins'] = array(
'password',
'forgot_password'
);
OPTIONAL: Update RC_INSTALL/plugins/forgot_password/js/forgot_password.js and change the
login_form div to another div on your login page.
Setup a no-reply@your.domain.com account from which to send emails containing the reset links.
Copy RC_INSTALL/plugins/forgot_password/config.inc.php.dist to RC_INSTALL/plugins/forgot_password/config.inc.php
and add the information as indicated within the file. Unfortunately, in the current version your reply account's
password will be stored as plain-text so the author assumes you know what needs to happen to secure your own
installation against malicious use. ;)
Hint: Setup permissions the way you setup permissions for your main RC_INSTALL config.inc.php.
Search for $link variables within forgot_password.php and remove login/ portion of sub-URL and
add any that may be necessary to direct the plugin to your RC installation's landing/login page. For example,
if you go to https://your.domain.com to login to RC, then just remove login/. However, if you go
to https://your.domain.com/this/is/my/RC/install/login/page, then you will need to replace login/ with
/this/is/my/RC/install/login/page.
At this point, and due to the plugin's still extremely alpha state for newer versions of RC, you need to
tail -f /var/log/syslog or tail -f /var/log/messages, go to your RC installation's login screen, click
forgot password link and start the debug/customization for your own installation.
Both the current latest and master repos are still works in progress. This plugin is functional at this point on
the current author's installation, but will need massaging by a competent administrator to work on any other installation.
The current author hopes to get the plugin to a more mature/releasable state but it is not high on the priority list.
Feel free to fork as I did and run with it!
The current version was tested with Roundcube version 1.4-RC1 and password custom plugin from https://www.roundcubeforum.net/index.php?topic=24868.0
none