[KLUG Members] Changing email password.

Tony Gettig members@kalamazoolinux.org
Wed, 16 Apr 2003 20:08:36 -0400 (EDT) 

Hi Alfredo! Welcome to the list! I'm replying to the list because my
suggestion could be very unwise and I am hoping the wisdom of the gurus
will either strike down my idea or affirm it as a possibility. :)

For the rest of you, Alfredo is a friend of mine doing great things in
Brazil. :)

Do you mean the password they check their mail with? Like their POP3 or
IMAP password? Or do you mean a password for authenticating to your
outgoing (sendmail) mail server? There's got to be some way to let users
do it because ISP's let their users do it all the time.

I could be very, very wrong about this, but you MIGHT be able to write a
little PHP script (or perl) to handle this for you. A quick look at
php.net yielded the "escapeshellarg()" and "escapeshellcmd()" functions
for interacting with the shell. You could gather the input from the user
in a web form, then set their password on the backend with one of these
functions. Some of the user comments in the function descriptions say that
"escapeshellarg()" is safer. It would be good to have your own string
checking function to make sure what you're passing to the shell isn't
malicious code. Heck, I'd build in a logging function too! The security of
such a script is doubtful though. Note: I've never done this before! Try
it in a test environment and try hard to break it to make sure it is
secure.

Here is some psuedo code, assuming you ask the user for their current
password and a new password twice:
function ChangePassword
{
   check current password
      { if wrong, error out & exit }

   compare new passwords
      { if new & confirmation password don't match, error out & exit }

   // assuming you get this far
   exec to the shell and change the password
   log the password change attempt
}

I must admit, for a programmer, I'm better at networking. :)


Good luck!


Tony



> Hi there! Does anyone know any tool (web) that a user can change
> his/her email account´s password by himself/herself? I´m using
> sendmail.
>
> Thanks,
>
> Alfredo Barros
> Administrador de Rede - Informática
> Sistema HAPVIDA
> Fone: (0xx85) 255-9130
>
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
> 


-- 
Tony Gettig
http://www.VoiceoversNow.com
GBY!