Paul Oehler wrote:

There is a function that provides authentication:

vpasswd( user, domain, password, is_apop )

that returns the user's password info if valid, or 0.

The problem is, if you can execute the vpopmail library at all, you can
execute every function within it.  This is how QmailAdmin checks to see
what you are allowed to do when you login.

Thanks for both of your responses Rick, very helpful.

Could you, or someone, point me toward where I can read about what these
already built in rules are, and how they're defined and stored in the
database?  I'm assuming this would be "pw_gid" documentation, or code
comments, or something similar?

I am afraid about the only way to do it now is to spend a week or so studying QmailAdmin and Vpopmail source code. I haven't seen much of this written down anywhere.

There is a list on the wiki of the vpopmail functions I found that
QmailAdmin uses.  The parm order has been changed in this list, which is
the PHP side of my vpopmail extension.  I think it might be a good start
as a command list for the daemon.

There are some changes required, like having to authenticate before
getting access, and adding the funcions for domain maintenance which I
left out because I consider it hopeless to attempt them from PHP via an


Reply via email to