Hi Mike,
I add a button to qmailadmin/html/mod_user.html to call it.
How do you do the authentification? Is there Re-Authentifaction necessary or can the user directly edit the webuserprefs from qmailadmin without new user/passwd input?
Hi Florian,
I think I understand it now. The clues were in webuserprefs/config.php. This is unmodified from there.
// Authorization // If you are operating in a multi-user environment, you will probably // want to require an authentication module by uncommenting one of // these lines. Authentication modules should set a variable called // $auth_user, which can be used below to set other configuration // variables. Be sure to configure the module by opening it and // editing the configuration variables.
// require("auth/server.php"); // require("auth/imap.php"); // require("auth/pop3.php"); // require("auth/pop3_noimap.php"); // require("auth/squirrelmail.php");
/**** here i let qmailadmin and webuserprefs submit TRUSTED information ****/ $auth_host = $_POST['dom'] ? $_POST['dom'] : $_GET['dom']; $auth_ext = $_POST['moduser'] ? $_POST['moduser'] : $_GET['moduser']; <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Qmailadmin uses dom and moduser to determine which account to modify. Webuserprefs assumes, if you provide it with those variables, that this is a trusted connection. My solution is to present a login box if webuserprefs/index.php is called with a GET method and to trust/use the provided data if a POST method is used. Here is the modified part of webuserprefs/config.php:
if ($_SERVER['REQUEST_METHOD'] == "GET") {
// require("auth/server.php"); // require("auth/imap.php"); // require("auth/pop3.php"); require("auth/pop3_noimap.php"); // require("auth/squirrelmail.php");
$auth_array = explode("@", $vauth_user); $vauth_ext = $auth_array[0]; $vauth_host = $auth_array[1];
} elseif ($_SERVER['REQUEST_METHOD'] == "POST") {
/**** here i let qmailadmin and webuserprefs submit TRUSTED information ****/ $auth_ext = $_POST['moduser'] ? $_POST['moduser'] : ""; $auth_host = $_POST['dom'] ? $_POST['dom'] : "";
}
Select whichever is auth mechanism is appropriate for your environment. Because the auth routines set $vauth_user you will have to create $vauth_ext and $vauth_host from it.
Lastly, you will need to add a caller to one of the qmailadmin pages. I choose to put it on mod_user.html. You can use <a> or <form> and/or a combination of html/javascript. Here's a simple, non-javascript, way to do it. Just place it somewhere sane *after* the existing </form> closing tag.
<form method="POST" enctype="application-x/www-form-urlencoded" action="http://host.example.com/webuserprefs/index.php" target="window.SA"> <input type="hidden" name="moduser" value="##A" /> <input type="hidden" name="dom" value="##D" /> <input type="submit" value=" Spamassassin Preferences " /> </form>
The good news about this approach is that it doesn't require any modifications to the web configuration file.
Good luck, Mike Wright