Search The ForumSearch   RegisterRegister  LoginLogin

AfterLogic WebMail Lite 7

 AfterLogic Forum : AfterLogic WebMail Lite 7
Subject Topic: Password Change Trigger Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
letsgo
Newbie
Newbie
Avatar

Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
Posted: 24 August 2016 at 8:13am | IP Logged Quote letsgo

Hi Guys,

AfterLogic Webmail's password change panel (Settings > Email Account > Properties > Password textbox and save) doesn't fit our user experience perspective that's why I'm developing a plugin which can change the user password, but when I change the password on the database, webmail client shows an error notify and user can't use the product.

I know its normal user was logged different password but I need a solution about that.

So my question is :

How can I change client webmail password after database changes ?

- We use MySQL
- I change the password with classic PHP-mysqli way
- I can delete all cookies and refresh the page after DB changes for logout the user but it's not cool user must continue to use webmail after password changes.

Best Regards.
Back to Top View letsgo's Profile Search for other posts by letsgo
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
Posted: 24 August 2016 at 8:19am | IP Logged Quote Igor

The question I have at the moment is - when you're speaking of changing password in the database, are you referring to some external database, or the one used by WebMail? My impression is that you're changing passwords on some external backend and need the same password change to be reflected in WebMail user account settings, right?

--
Regards,
Igor, AfterLogic Suport
Back to Top View Igor's Profile Search for other posts by Igor
 
letsgo
Newbie
Newbie
Avatar

Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
Posted: 24 August 2016 at 2:57pm | IP Logged Quote letsgo

Hi Igor,

Situation exactly it is as you think, we use surgemail mail server and I change the passwords on it.

should I change afterlogic webmail database passwords too? is it solve the problem?
Back to Top View letsgo's Profile Search for other posts by letsgo
 
letsgo
Newbie
Newbie
Avatar

Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
Posted: 24 August 2016 at 11:35pm | IP Logged Quote letsgo

I check webmail's db and just found mail.awm_accounts > mail_inc_pass it looks hashed.
Back to Top View letsgo's Profile Search for other posts by letsgo
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
Posted: 25 August 2016 at 4:00am | IP Logged Quote Igor

Yes, you got that right, the passwords are stored there in encoded way. Please check EncodePassword and DecodePassword functions found in libraries/afterlogic/common/utils.php file, they transform passwords from clear text to format used for storing in the database and back from it.

I have also checked with the developers and confirmed that, while user's session is active, their password isn't being stored in session or cookies, so changing it on mailserver backend and in WebMail database should have an immediate effect without logging the user out.

--
Regards,
Igor, AfterLogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
letsgo
Newbie
Newbie
Avatar

Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
Posted: 25 August 2016 at 4:21am | IP Logged Quote letsgo

Thanks for quick response Igor,
Now I'm working on it, I'll return here in few hours I guess.
Back to Top View letsgo's Profile Search for other posts by letsgo
 
letsgo
Newbie
Newbie
Avatar

Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
Posted: 25 August 2016 at 7:09am | IP Logged Quote letsgo

Hi Igor,

Are you sure about sessions || cookies because I update the password on my two databases(after logic webmail DB && surgemail DB) I can see on its perfectly updated but webmail can't continue it gives an error notification and when I refresh the page it redirects to the login page?

I was suspicious about Surgemail's sessions but I checked that, it's updated.

If you have any idea(even theories) I would be glad to hear.
Back to Top View letsgo's Profile Search for other posts by letsgo
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
Posted: 25 August 2016 at 7:25am | IP Logged Quote Igor

I will run a few tests to recheck it. In the meantime, please check if the encoded password you put in and the one saved in the database once user logs in after changing password is the same. There might be a chance of the password mismatch causing that.

--
Regards,
Igor, AfterLogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
letsgo
Newbie
Newbie
Avatar

Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
Posted: 25 August 2016 at 7:41am | IP Logged Quote letsgo

When the password changes I return an array from AjaxHook and investigate from chrome network panel it's contain encoded and decoded password, encoding works fine I think.

Where is the user logs ? I looked data/logs folder it just contains yesterday's log .
Back to Top View letsgo's Profile Search for other posts by letsgo
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
Posted: 25 August 2016 at 7:44am | IP Logged Quote Igor

Quote:
Where is the user logs ?


Not sure if I understand this. data/logs is the only place logs are kept in.

--
Regards,
Igor, AfterLogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
letsgo
Newbie
Newbie
Avatar

Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
Posted: 25 August 2016 at 8:03am | IP Logged Quote letsgo

Sorry, my misunderstand of your last post I will try now your case.
Back to Top View letsgo's Profile Search for other posts by letsgo
 
letsgo
Newbie
Newbie
Avatar

Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
Posted: 25 August 2016 at 8:15am | IP Logged Quote letsgo

Igor I check your case :

Your standard user save mechanism :
Given password(surgeMail) : 1234
webmail : 31030205

My code :
Given password(surgeMail): 1234
webMail : 31030205


Your normal FoldersGetRelevantInformation jsonHook result is :
{"Action":"FoldersGetRelevantInformation","AccountID":1,"Result":{"Counts":{"INBOX":[5,0,"10","a7ba1d45278ac64d27c77349c365a3f8"],"Spam":[0,0,"1","f1c06f75acfabcf23c43329502dc17f2"]},"New":[]},"@Time":0.37359619140625}


And it's after password change FoldersGetRelevantInformation jsonHook result :

Back to Top View letsgo's Profile Search for other posts by letsgo
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
Posted: 25 August 2016 at 8:18am | IP Logged Quote Igor

Oh, that's a known issue. Try modifying line 871 of libraries/ProjectCore/Actions.php file:

Code:
'New' => $oReturnInboxNewData->GetData()


as follows:

Code:
'New' => isset($oReturnInboxNewData) ? $oReturnInboxNewData->GetData() : 0


Hope this helps.

--
Regards,
Igor, AfterLogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
letsgo
Newbie
Newbie
Avatar

Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
Posted: 25 August 2016 at 8:32am | IP Logged Quote letsgo

Okay now I don't get an error from FoldersGetRelevantInformation jsonHooks but our problem still continues webmail automatically log out the user.
Back to Top View letsgo's Profile Search for other posts by letsgo
 
letsgo
Newbie
Newbie
Avatar

Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
Posted: 26 August 2016 at 12:45am | IP Logged Quote letsgo

Good morning Igor,

I recheck surgemail. after password changes, I clear all cache and it's not the source of the problem but I have new error notification from webmail :

After password changes Now I Try the below code :

$this->oPluginManager->Actions()->GetCurrentAccount()

And when I try the access information of current account, its logout me immediately and show an error notification as you can see the below picture :



Maybe it gives an idea for detecting the problem.

And I'm curious about an alternative solution idea. Can I programmatically re-login the user with the new password, I try your sample code but it does not give an effect? maybe some ajax request like your login form... My only concern the user's experience, re-login must be silent. He/she should continue use of the product without no interruption.
Back to Top View letsgo's Profile Search for other posts by letsgo
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
Posted: 26 August 2016 at 6:49am | IP Logged Quote Igor

I've requested an insight from the developers. This would require some in-depth research and may take a while. Will get back to you once there's a response.

--
Regards,
Igor, AfterLogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
letsgo
Newbie
Newbie
Avatar

Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
Posted: 26 August 2016 at 7:54am | IP Logged Quote letsgo

Okay, If they need anything(logs,application responses,code changing or itself,etc..) from me I'm ready for collaborative work on this and I'm waiting your responses.

Regards.
Back to Top View letsgo's Profile Search for other posts by letsgo
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
Posted: 30 August 2016 at 6:17am | IP Logged Quote Igor

I've just heard from the developers, they completed the investigation on this. It appears that cookie indeed has current password stored there, so once you change password via external plugin, you need to update the cookie as well. The following code should do the trick:

Code:
$sKey = empty($_COOKIE[self::AUTH_KEY]) ? '' : $_COOKIE[self::AUTH_KEY];
if (!empty($sKey) && is_string($sKey))
{
    $aAccountHashTable = CApi::DecodeKeyValues($sKey);
}
$aAccountHashTable['hash'] = sha1($sNewPassword . \CApi::$sSalt);
$_COOKIE[self::AUTH_KEY] = CApi::EcodeKeyValues(aAccountHashTable);


Please let us know if this works for you. Thank you.

--
Regards,
Igor, AfterLogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
letsgo
Newbie
Newbie
Avatar

Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
Posted: 31 August 2016 at 5:44am | IP Logged Quote letsgo

Hi Igor,

It works like magic :) thanks for the quick support. Please forward my greetings to your team.

Best Regards.
Back to Top View letsgo's Profile Search for other posts by letsgo
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump

Powered by Web Wiz Forums version 7.9
Copyright ©2001-2004 Web Wiz Guide