Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Script to change vbox user password on uberspace. Thanks to @_einstein_
<?php
if($_SERVER["HTTPS"] != "on") {
header("HTTP/1.1 301 Moved Permanently");
header("Location: https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]);
exit();
}
function setNewPassword($strMailbox, $strPassword)
{
$strPassword = utf8_decode($strPassword);
$strCommand = 'vpasswd ' . $strMailbox;
$descriptorspec = array(
0 => array("pipe", "r")
);
$process = proc_open($strCommand, $descriptorspec, $pipes, NULL, NULL);
if(is_resource($process)) {
fwrite($pipes[0], $strPassword);
fclose($pipes[0]);
$return_value = proc_close($process);
if($return_value == 0) {
return true;
}
}
return false;
}
$gotData = false;
if(isset($_GET['gotData'])) {
$gotData = (bool)$_GET['gotData'];
if($gotData === true) {
$name = (string)$_POST['mail'];
$password = (string)$_POST['oldpw'];
$newpw = (string)$_POST['newpw'];
// TEST
$mbox = @imap_open("{localhost:993/imap/ssl/novalidate-cert}", $name.'@meine-uberspacedomain.de', $password);
if($mbox != false) {
//Login korrekt: Passwort ändern
setNewPassword($name, $newpw);
echo '<h2 style="color: #0F0;">Passwort geändert!</h2><br />';
} else {
echo '<h2 style="color: #F00;">Falsche Logindaten!</h2><br />';
}
}
}
?>
<html>
<head>
<title>Passwort ändern</title>
<meta charset="utf-8">
</head>
<body>
<h2>Passwort ändern</h2>
<small>Hässliches Script, hauptsache es funzt ;-) HTTPS only.</small>
<br /><br />
<form action="changemail.php?gotData=true" method="POST">
<table>
<tr>
<td>Name</td>
<td><input type="text" name="mail"></td>
<td>@meine-uberspacedomain.de</td>
</tr>
<tr>
<td>Altes PW</td>
<td><input type="password" name="oldpw"></td>
<td></td>
</tr>
<tr>
<td>Neues PW</td>
<td><input type="password" name="newpw"></td>
<td></td>
</tr>
<tr>
<td></td>
<td></td>
<td><input type="submit" value="Ändern"></td>
</tr>
</table>
</form>
</body>
</html>

Hi,
thanks for your code.
I reused it to build a simple and working password change integration for Horde on Uberspace (https://github.com/OldShatterhand77/Uberspace-vmail.inc-for-Horde).

Hope that's ok for you :).

alu96 commented Apr 30, 2016

Thanks for this script!
I would suggest to escape the $strMailbox value before passing it to proc_open. It can be a high security risk if this script is public.

$strCommand = 'vpasswd ' . escapeshellarg($strMailbox); 
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment