This is a plugin that allows you to add a custom MySQL password change plugin to your Rainloop install.
Please note that while security is a mission-critical element, this plugin is still undergoing heavy development. Do not use this plugin in production.
- PHP 5.6 with OpenSSL Extension or PHP 7.0+
- PDO Extension with mysql driver
- PHP 7 (or with the userland random_bytes() function installed)
- PHP 5.6 with OpenSSL extension
- Clone this repo in the
pluginsdirectory on your Rainloop installation or download the zip and unzip it there. - Login to your Rainloop admin panel, and under "Plugins", activate this plugin (mysql-password-change).
- Follow the on-screen setup.
There are a number of setup options you should set when enabling this plugin.
- MySQL connection details (hostname, port, username, password)
- MySQL database name
- Table name of accounts
- Username/Email column name (uses Rainloop's account model,
\RainLoop\Account) - Password column name
- Encryption scheme
- Rounds for sha256 or sha512 schemes
Currently the following encryption schemes to hash passwords are supported. They are listed from most recommended to avoid. Please select the one currently in use on your MySQL server.
sha512_crypt: SHA512 encryption with salt and default rounds set to 5000. This is the recommended scheme to use.sha256_crypt: SHA256 encryption with salt and default rounds set to 5000.php: Uses the built-in PHPpassword_hash()with thePASSWORD_DEFAULTalgorithm. Requires PHP 5.5 or greater.mysql: Use the built-in MySQL ENCRYPT() function.sha1: Use an unsalted sha1 hash.
While php can be useful, because you're probably using Postfix to verify accounts on the IMAP(S) side, it may not be
the wisest choice as the PASSWORD_DEFAULT algorithm can change at any time.