Hi Mike,
I add a button to qmailadmin/html/mod_user.html to call it.
How do you do the authentification? Is there Re-Authentifaction necessary or can the user directly edit the webuserprefs from qmailadmin without new user/passwd input?
Hi Florian,
I think I understand it now. The clues were in webuserprefs/config.php. This is unmodified from there.
// Authorization
// If you are operating in a multi-user environment, you will probably
// want to require an authentication module by uncommenting one of
// these lines. Authentication modules should set a variable called
// $auth_user, which can be used below to set other configuration
// variables. Be sure to configure the module by opening it and
// editing the configuration variables. // require("auth/server.php");
// require("auth/imap.php");
// require("auth/pop3.php");
// require("auth/pop3_noimap.php");
// require("auth/squirrelmail.php");/**** here i let qmailadmin and webuserprefs submit TRUSTED information ****/ $auth_host = $_POST['dom'] ? $_POST['dom'] : $_GET['dom']; $auth_ext = $_POST['moduser'] ? $_POST['moduser'] : $_GET['moduser']; <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Qmailadmin uses dom and moduser to determine which account to modify. Webuserprefs assumes, if you provide it with those variables, that this is a trusted connection. My solution is to present a login box if webuserprefs/index.php is called with a GET method and to trust/use the provided data if a POST method is used. Here is the modified part of webuserprefs/config.php:
if ($_SERVER['REQUEST_METHOD'] == "GET") {
// require("auth/server.php");
// require("auth/imap.php");
// require("auth/pop3.php");
require("auth/pop3_noimap.php");
// require("auth/squirrelmail.php"); $auth_array = explode("@", $vauth_user);
$vauth_ext = $auth_array[0];
$vauth_host = $auth_array[1];} elseif ($_SERVER['REQUEST_METHOD'] == "POST") {
/**** here i let qmailadmin and webuserprefs submit TRUSTED information ****/
$auth_ext = $_POST['moduser'] ? $_POST['moduser'] : "";
$auth_host = $_POST['dom'] ? $_POST['dom'] : "";}
Select whichever is auth mechanism is appropriate for your environment. Because the auth routines set $vauth_user you will have to create $vauth_ext and $vauth_host from it.
Lastly, you will need to add a caller to one of the qmailadmin pages. I choose to put it on mod_user.html. You can use <a> or <form> and/or a combination of html/javascript. Here's a simple, non-javascript, way to do it. Just place it somewhere sane *after* the existing </form> closing tag.
<form method="POST" enctype="application-x/www-form-urlencoded"
action="http://host.example.com/webuserprefs/index.php"; target="window.SA">
<input type="hidden" name="moduser" value="##A" />
<input type="hidden" name="dom" value="##D" />
<input type="submit" value=" Spamassassin Preferences " />
</form>The good news about this approach is that it doesn't require any modifications to the web configuration file.
Good luck, Mike Wright
