| Author |
|
letsgo
Newbie
Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
|
| Posted: 24 August 2016 at 8:13am | IP Logged
|
|
|
Hi Guys,
AfterLogic Webmail's password change panel (Settings > Email Account > Properties > Password textbox and save) doesn't fit our user experience perspective that's why I'm developing a plugin which can change the user password, but when I change the password on the database, webmail client shows an error notify and user can't use the product.
I know its normal user was logged different password but I need a solution about that.
So my question is :
How can I change client webmail password after database changes ?
- We use MySQL
- I change the password with classic PHP-mysqli way
- I can delete all cookies and refresh the page after DB changes for logout the user but it's not cool user must continue to use webmail after password changes.
Best Regards.
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 24 August 2016 at 8:19am | IP Logged
|
|
|
The question I have at the moment is - when you're speaking of changing password in the database, are you referring to some external database, or the one used by WebMail? My impression is that you're changing passwords on some external backend and need the same password change to be reflected in WebMail user account settings, right?
--
Regards,
Igor, AfterLogic Suport
|
| Back to Top |
|
| |
letsgo
Newbie
Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
|
| Posted: 24 August 2016 at 2:57pm | IP Logged
|
|
|
Hi Igor,
Situation exactly it is as you think, we use surgemail mail server and I change the passwords on it.
should I change afterlogic webmail database passwords too? is it solve the problem?
|
| Back to Top |
|
| |
letsgo
Newbie
Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
|
| Posted: 24 August 2016 at 11:35pm | IP Logged
|
|
|
I check webmail's db and just found mail.awm_accounts > mail_inc_pass it looks hashed.
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 25 August 2016 at 4:00am | IP Logged
|
|
|
Yes, you got that right, the passwords are stored there in encoded way. Please check EncodePassword and DecodePassword functions found in libraries/afterlogic/common/utils.php file, they transform passwords from clear text to format used for storing in the database and back from it.
I have also checked with the developers and confirmed that, while user's session is active, their password isn't being stored in session or cookies, so changing it on mailserver backend and in WebMail database should have an immediate effect without logging the user out.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
letsgo
Newbie
Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
|
| Posted: 25 August 2016 at 4:21am | IP Logged
|
|
|
Thanks for quick response Igor,
Now I'm working on it, I'll return here in few hours I guess.
|
| Back to Top |
|
| |
letsgo
Newbie
Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
|
| Posted: 25 August 2016 at 7:09am | IP Logged
|
|
|
Hi Igor,
Are you sure about sessions || cookies because I update the password on my two databases(after logic webmail DB && surgemail DB) I can see on its perfectly updated but webmail can't continue it gives an error notification and when I refresh the page it redirects to the login page?
I was suspicious about Surgemail's sessions but I checked that, it's updated.
If you have any idea(even theories) I would be glad to hear.
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 25 August 2016 at 7:25am | IP Logged
|
|
|
I will run a few tests to recheck it. In the meantime, please check if the encoded password you put in and the one saved in the database once user logs in after changing password is the same. There might be a chance of the password mismatch causing that.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
letsgo
Newbie
Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
|
| Posted: 25 August 2016 at 7:41am | IP Logged
|
|
|
When the password changes I return an array from AjaxHook and investigate from chrome network panel it's contain encoded and decoded password, encoding works fine I think.
Where is the user logs ? I looked data/logs folder it just contains yesterday's log .
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 25 August 2016 at 7:44am | IP Logged
|
|
|
Not sure if I understand this. data/logs is the only place logs are kept in.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
letsgo
Newbie
Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
|
| Posted: 25 August 2016 at 8:03am | IP Logged
|
|
|
Sorry, my misunderstand of your last post I will try now your case.
|
| Back to Top |
|
| |
letsgo
Newbie
Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
|
| Posted: 25 August 2016 at 8:15am | IP Logged
|
|
|
Igor I check your case :
Your standard user save mechanism :
Given password(surgeMail) : 1234
webmail : 31030205
My code :
Given password(surgeMail): 1234
webMail : 31030205
Your normal FoldersGetRelevantInformation jsonHook result is :
{"Action":"FoldersGetRelevantInformation","AccountID":1,"Result":{"Counts":{"INBOX":[5,0,"10","a7ba1d45278ac64d27c77349c365a3f8"],"Spam":[0,0,"1","f1c06f75acfabcf23c43329502dc17f2"]},"New":[]},"@Time":0.37359619140625}
And it's after password change FoldersGetRelevantInformation jsonHook result :
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 25 August 2016 at 8:18am | IP Logged
|
|
|
Oh, that's a known issue. Try modifying line 871 of libraries/ProjectCore/Actions.php file:
Code:
| 'New' => $oReturnInboxNewData->GetData() |
|
|
as follows:
Code:
| 'New' => isset($oReturnInboxNewData) ? $oReturnInboxNewData->GetData() : 0 |
|
|
Hope this helps.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
letsgo
Newbie
Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
|
| Posted: 25 August 2016 at 8:32am | IP Logged
|
|
|
Okay now I don't get an error from FoldersGetRelevantInformation jsonHooks but our problem still continues webmail automatically log out the user.
|
| Back to Top |
|
| |
letsgo
Newbie
Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
|
| Posted: 26 August 2016 at 12:45am | IP Logged
|
|
|
Good morning Igor,
I recheck surgemail. after password changes, I clear all cache and it's not the source of the problem but I have new error notification from webmail :
After password changes Now I Try the below code :
$this->oPluginManager->Actions()->GetCurrentAccount()
And when I try the access information of current account, its logout me immediately and show an error notification as you can see the below picture :
Maybe it gives an idea for detecting the problem.
And I'm curious about an alternative solution idea. Can I programmatically re-login the user with the new password, I try your sample code but it does not give an effect? maybe some ajax request like your login form... My only concern the user's experience, re-login must be silent. He/she should continue use of the product without no interruption.
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 26 August 2016 at 6:49am | IP Logged
|
|
|
I've requested an insight from the developers. This would require some in-depth research and may take a while. Will get back to you once there's a response.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
letsgo
Newbie
Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
|
| Posted: 26 August 2016 at 7:54am | IP Logged
|
|
|
Okay, If they need anything(logs,application responses,code changing or itself,etc..) from me I'm ready for collaborative work on this and I'm waiting your responses.
Regards.
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 30 August 2016 at 6:17am | IP Logged
|
|
|
I've just heard from the developers, they completed the investigation on this. It appears that cookie indeed has current password stored there, so once you change password via external plugin, you need to update the cookie as well. The following code should do the trick:
Code:
$sKey = empty($_COOKIE[self::AUTH_KEY]) ? '' : $_COOKIE[self::AUTH_KEY];
if (!empty($sKey) && is_string($sKey))
{
$aAccountHashTable = CApi::DecodeKeyValues($sKey);
}
$aAccountHashTable['hash'] = sha1($sNewPassword . \CApi::$sSalt);
$_COOKIE[self::AUTH_KEY] = CApi::EcodeKeyValues(aAccountHashTable); |
|
|
Please let us know if this works for you. Thank you.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
letsgo
Newbie
Joined: 23 August 2016
Location: Turkey
Online Status: Offline
Posts: 15
|
| Posted: 31 August 2016 at 5:44am | IP Logged
|
|
|
Hi Igor,
It works like magic :) thanks for the quick support. Please forward my greetings to your team.
Best Regards.
|
| Back to Top |
|
| |
MailBee.NET Objects 
MailBee.NET Queue 
MailBee Objects 
WebMail Pro PHP 
AfterLogic Aurora 
MailSuite Pro for Linux 
Unified Messaging Solution 
Search
Register
Login
Topic: Password Change Trigger
Privacy policy |
Refund policy