1

Topic: External User Creation via PHP-script (need help)

==== Required information ====
- iRedMail version : 0.9.2
- Linux/BSD distribution name and version: Ubuntu 14.02
- Store mail accounts in which backend : MySql
- Web server : Apache
- Manage mail accounts with iRedAdmin-Pro? Free edition
====

Hello,

At first sorry for my bad english.

i have installed IRedMail 0.9.2 on a Fresh Ubuntu system. And all works fine.
But i am trying to create mail-accounts by the registration on ma Website.

Whit a php-Script i insert a new user into the Mailbox - Table an into Aliases.
I think the Problem is the Password hash.
my password string in PHP is:

 $hash = "{SSHA512}" . base64_encode(hash('sha512', $_user_pass_1 . $salt) . $salt);

the Salt ($salt) is an MD5 hash from users Password  ($_user_pass_1) .

After the mysqli Query is done, in IredMail admin Panne the new Account ist visiblle and active, but if i try to conect vie thunderbird i get  WRONG USER OR PASSWORD.

the Default pass scheme in IRedmail is SSHA512

Can someone help?
Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: External User Creation via PHP-script (need help)

i don't know how to create SSHA512 hash with PHP, i suggest you do some quick research with Google to figure it out.
Also, please show us which SQL columns/values do you insert?

3

Re: External User Creation via PHP-script (need help)

Thanks for you fast reply.

This is the part to insert the mailbox colum:

$salt =  (MD5($_user_pass_1));
$hash = "{SSHA512}" . base64_encode(hash('sha512', $_user_pass_1 . $salt) . $salt);
$pass = $hash;
$mail_vorname = strtolower($_new_user_name);
$mail_nachname = strtolower($_new_user_nachname);
$new_mail = $mail_vorname."-".$mail_nachname."@domain.eu";
$mail_name = $mail_vorname."-".$mail_nachname;
$mail_basedir = "/var/vmail";
$storagenode = "vmail1";
$rank ="normal";
$employeeid = $new_mail;
$isadmin = "0";
$isglobaladmin = "0";
$dir1 = $new_mail[0];
$dir2 = $new_mail[1];
$dir3 = $new_mail[2];
     
$maildir = "domain.eu/".$dir1."/".$dir2."/".$dir3."/".$mail_name."-".date("Y.m.d.H.i.s")."/";
     


mysqli_query($vmail,"INSERT INTO mailbox (username, password, name, storagebasedirectory, storagenode, maildir, quota, domain, rank, employeeid, isadmin, isglobaladmin, enablesmtp, enablesmtpsecured, enablepop3, enablepop3secured, enableimap, enableimapsecured, enabledeliver, enablelda, enablemanagesieve, enablemanagesievesecured, enablesieve, enablesievesecured, enableinternal, enabledoveadm, enablelmtp, enabledsync, active)
VALUES ('".$new_mail."', '".$pass."', '".$mail_name."', '".$mail_basedir."', 'vmail1', '".$maildir."', '100', 'domain.eu', 'normal', '".$employeeid."', '0', '0', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1')");

$mailaccount = $vmail->query;

4

Re: External User Creation via PHP-script (need help)

Squilly wrote:

INSERT INTO mailbox (username, password, name, storagebasedirectory, storagenode, maildir, quota, domain, rank, employeeid, isadmin, isglobaladmin, enablesmtp, enablesmtpsecured, enablepop3, enablepop3secured, enableimap, enableimapsecured, enabledeliver, enablelda, enablemanagesieve, enablemanagesievesecured, enablesieve, enablesievesecured, enableinternal, enabledoveadm, enablelmtp, enabledsync, active)

You don't need to specify so many sql columns:

- All 'enable[xxx]' are set to 1 (enable) by default, and `active`.
- rank is not yet used in iRedMail and iRedAdmin-Pro.

5

Re: External User Creation via PHP-script (need help)

Thanks, i have changed the query.
but the same. Worng username or Password.

Now i have tryed to set the Password Scheme to {PLAIN} and now the new User can Login,
but the Admin i have set whit the Adminpanel cant login.

I think i will change the Password Scheme and make new Admins.

6

Re: External User Creation via PHP-script (need help)

I did a quick search and looks like your php code is wrong. please try this one (i don't know php and didn't test it):

$hash = "{SSHA256}".base64_encode(hash('sha256', $password.$salt, true).$salt);

Code comes from:
http://stackoverflow.com/questions/6713 … hes-in-php

7

Re: External User Creation via PHP-script (need help)

ZhangHuangbin wrote:
$hash = "{SSHA256}".base64_encode(hash('sha256', $password.$salt, true).$salt);

Thanks for this, but i dosent work.

But i have found the create_mail_user_SQL.sh in the "tools" folder.

I have test it like this:

bash create_mail_user.sh domain.ltd testuser

But now the users Password is the same as the Username.
I it posible tu set an userpassword?

if i create an .sql for each user i can import the .sql via PHP an then delet it.
So i have an working user creation, but important ist the Password

8

Re: External User Creation via PHP-script (need help)

Not familiar with PHP, sorry. But i guess you can try 'SSHA' password instead.

Recommended password hashes:

1: BCRYPT
2: SSHA512
3: SSHA

Note: MD5 is weak nowadays.

About create_mail_user.sh, you can set the password in variable `DEFAULT_PASSWD', and set USE_DEFAULT_PASSWD=YES

DEFAULT_PASSWD='88888888'                                                       
USE_DEFAULT_PASSWD='YES'

P.S. iRedMail ships 'tools/generate_password_hash.py' to help you generate password hashes. e.g.

# python generate_password_hash.py SSHA512 'my_plain_password'
{SSHA512}gHhtBZMUwNIL5eiYHCsYAI/hCO3fAf6l9cu0l/BQUdU/+INADFixj6IUHCPpTLI89VN95zGX7Xs6bCBIKi4q51T1MMCP/Vbz

9

Re: External User Creation via PHP-script (need help)

Thanky a lot.

I used the "generate_password_hash.py" i added a mysql query to write the Passwort-Hash to the Usertable from my site.
Now i am using the Password-Hashes for my Site and E-mail.

im my userregistration i execute the "generate_password_hash.py" to save the Password-hash and on the second step i insert it into the mailbox.

Now i have the Same Password-sheme for all parts of my site.
Thanks for your support