This cpanel email extension, allows you to add email@urdomain per username.
The script will use mysql field value to determine wether the user has activated an email or not.
If not active will allow him to set email pass and activate.
If active will allow to directly login to webmail.
demo
http://www.tchatting.com/forum/email.php
Requires login ( "demo demo" pass 123456 ) but you will not be able to create a new email using it anyway thats why i added screenshots here.

Requirements are ofcourse a Cpanel username + no limits on email creation.

The script current features are :
Page only for registered ( No groups set but can be configured via source code )
Replaces Spaces from usernames to . (dot ) since emails cannot contain spaces.
REVISED : also characters such as # @ ~
If you prefer character _ instead of a . for spaces replacements it can be changed on line 92.

The script contains working functions , but not fancy stuff .
You can edit the template to add a faq section or something below logins.

Also it can be extended to allow user to delete his email account or change his email password from the email page but i didnt think its a good idea so i left them out (though can be added )

Finaly , if you have ideas to further extend those functions let me know, id be glad to share if i had more extra time .
Last note : Add a link wherever u want it to appear .


March 8th: Updated the the files, moved the config into includes and added htaccess contents as per Frugil post.
Added intrusctions on how to specify groups.
INSTALLATION
import the xml product .
Upload the rest of the files into your forum root
Link to the file !

So what are the install instructions?

Please put them in a text file and upload that as well as the zip.

Laters

Install clicked for reference.

Wow, this looks great, ill take a look at it later on :)

Hello,

I have a few questions. What type of email does this create? I have unlimited emails on all my servers, but they are all pop3 mail. Does this create pop3 mail accounts?

Once they have their email addies, can they send email using the email addy or just receive mail. Where do they send and receive email?

These may sound like stupid questions, but I don't exactly understand how this works and I am not willing to install it until I know if I can use it or not.

I too am clicking install, but it is for reference so I can follow this thread.

iguanairs , the mod uses your own cpanel email service.
Which means , he will login to the webmail as if you added his email manually into your domain account ( again supposing you are using Cpanel ).
He will have access to webmail /pop/smtp just as any email you would create on your Cpanel account.

Nice one. We can Use another domain differing from our board domain for this email-hack right?

cobraws, yes u can , just set the domain variable in the config file into the domain being used & hosted on cpanel.

cobraws, yes u can , just set the domain variable in the config file into the domain being used & hosted on cpanel.

Thank you, I just wanted to be sure :)

I am not quite sure what this does.

Here is what I would like to see it do, tell me if its possible.

Set it so only specific usergroups can use it (ie paying members)

Then they can create their own emaill account on my system with a 10mb mailbox. Is this possible?

This looks cool. I might have a play around

Questions ...


Do we upload these files into the forum root or the domain root?
What happens if a user changes his username?
What happens if a user is banned or deleted?
Does this put any strain on the server?
I'm a little concerned about adding my cpanel password to a php file ... is it safe?

Sounds interesting, I'll definately give it a try. Cheers. :)

this is great but would be nice if there was a vbulletin interface for the webmail and not the boring dull cpanel interfaces :|

OK all done but no idea how to edit the mod....whats the details?

OK have i got this right? You need to make an email account for your users first? then it will verify it over the forums?!? or no?

Thanks but do you have a live demo for this?

Try this: http://www.tchatting.com/email.php

Laters

Thanks but do you have a live demo for this?

Ok.

I have it setup and working

Edit the cp_email_config.php file and input your own data.
Upload the files to your forums root.
Forum members can only access this script so no outsiders can get in.

run /your forum url/email.php

You will see a box asking you to input a password, this is the password to access mail and not your forum access password.

Once thats done the script will setup a pop3 email on your server using your forums URL. Once the password is entered and confirmed on screen the user is then given the opertunity to log into there new email account.

Re-enter /forums url/email.php and enter your password, your now at the webmail screen and therefore able to send and receive emails via your server and forums URL.

Laters

Could I ask the learned people out there is it wise to have a what appears to be a non protected php file on your public webspace with your cpanel username and password in it.

Try reading one of your own php files via the web.



Could I ask the learned people out there is it wise to have a what appears to be a non protected php file on your public webspace with your cpanel username and password in it.

I am not a person experienced at hacking so me not being able to do it means nothing, that is why I asked the question here.

im scared about that fact, but then, I am always paranoid

It seems safe enough. You have to remember PHP is processed SERVER side, so only the server will read the cPanel password, and nothing else. Seems ok to me.

true enough as I suppose we leave our database passwords on the server

true enough as I suppose we leave our database passwords on the server

In a protected admin directory ;)

Installed and works well ... great addition.

Thanks lebanon .. clicked install.

what happens with users who have other special characters in their name ... such as @ ~ # * etc?

what happens users who have other special characters in their name ... such as @ ~ # * etc?
good question...

Could I ask the learned people out there is it wise to have a what appears to be a non protected php file on your public webspace with your cpanel username and password in it.

This is an absolute security risk, if the webserver should load without php for some reason then yes php files will be readable like any other text file, or downloadable, as the server side will not process it.

I suggest you use a require or include to a file outside of webroot where it would be much safer which contains the cpanel info. Otherwise with the right domains in your pocket this hack is per chance very interesting. ;)

so how do i configure the source code to add in groups that i'd want to access the email?

what happens with users who have other special characters in their name ... such as @ ~ # * etc?
I havent really considered all cases but since you mentioned it , its doable.
I already took care of users wit Blank spaces where you could find at
Line containing ( in email.php )
$cpun1 = str_replace( " ", ".", $cpun );
Now you could rerun this same line for as much characters u suppose ur members or vbulletin allows and the second value is what it will be
so you could do
$cpun1 = str_replace( " ", ".", $cpun );
$cpun1 = str_replace( "#", ".", $cpun );
$cpun1 = str_replace( "~", ".", $cpun );
( i didnt even notice any forum member containing such characters so i havent really even thought of it except for spaces )

For other questions asked :
A live demo , that can be viewed on http://www.tchatting.com/forum/email.php but u will need to register thats why i added screenies instead .

//nitro and PtP : As for the PHP security guys are bothered about , just remember ALL scripts, forums, cms shopping carts and every known portal has its KNOWN location of its config files , how come this question was raisen here and u have never worried about everything else you add ur info to ?
PHP is processed before it outputs data to client side. (thus its safe )
Last comment i also read, someone suggested if php didnt run it will expose it , true , but trust me , if your server php stopped being processed for some reason your last worries would be my files !//

freako9699 : u dont need to create emails for ur users, THEY will activate their own emails , thats what this extension is for !
You add your cpanel details into the config, then you announce to ur users that they can have their free email at /email.php and thats it.

Snoop-It : to have a vb interface that will require a full email addon as well. I am projecting on doing such thing but that but still looking for Lots of free time.

moonclamp : file to upload are on ur forum root not domain root.
No strains on server no , and as for users deleted , they will keep their emails u should do it manually then , though we can add functions to this one.

sounds like i skipped the most important question
Specifying this to Special groups :

Replace line 60 of email.php
if (!$vbulletin->userinfo['userid'])
WITH
if (!is_member_of($vbulletin->userinfo, N) AND !is_member_of($vbulletin->userinfo, N2))
(ofcourse replace the N and N2 with numbers of the allowed groups , this example shows two allowed groups lets say admins and paid members groups, ofcourse to allow more just AND !is_member_of($vbulletin->userinfo, N3)

//nitro and PtP : As for the PHP security guys are bothered about , just remember ALL scripts, forums, cms shopping carts and every known portal has its KNOWN location of its config files , how come this question was raisen here and u have never worried about everything else you add ur info to ?
PHP is processed before it outputs data to client side. (thus its safe )
Last comment i also read, someone suggested if php didnt run it will expose it , true , but trust me , if your server php stopped being processed for some reason your last worries would be my files !//


I asked this question here because in NO other script I use do I have to put in my username and password to my cpanel which controls EVERYTHING and could a lot of damage so please understand I am not going to jump in and do tbat without asking questions first.

Great hack, however I tend to agree about the security, whilst it is true that many cms and other scripts have config files in known locations most have the permissions set to be non world readable or have them located in a .htaccess protected directory. Likewise should they be compromised only your forum or cms gets compromised. If CPANEL gets compromised then you are in deep doodoo as you could get completely locked out of your own server. As such I would definately move the cp_email_config.php into a safe place, outside of your web site's document root or at least protect it with .htaccess.

Easiest way to make it secure is to create a .htaccess file with the following content and drop it in the same directory

<Files cp_email_config.php>
order deny,allow
deny from all
</Files>


This will prevent anyone reading or downloading the file even if PHP was to stop running and should make it about as secure as it can be without moving the config file outside of the document root. Lebanon, how about including a .htaccess in the package, that way it is tightly locked up by default.

I have attached a .htaccess file to this post, just remove the .txt extension and upload it to the same directory as your cp_email_config.php file.

Frugal

Frugal , yes could be done,
also u can put the config anywhere you want and just change the line in the second two files to point to it correctly instead of include ./ to ./include/ or ./admincp/ however place u feel comfortable about

Yes on my own forums I'll be moving the file outside of the doc root, but everyones server is set up differently so posting detailed instructions that beginners can follow isn't easy. The .htaccess included in the package makes it very secure right from install for everyone, whilst the advanced users can take whatever additional steps they feel necessary.

Frugal

regarding the special characters... what about underscores?

can you make one for ensim?

Q.

Is it only Cpanel logins that will work ... I'm hosting with someone who doesn't have Cpanel as such, just a different way of logging into the admin back end and webmail ... what details would I need - if this is possible?

Thanks,

Jason

I havent really considered all cases but since you mentioned it , its doable.
I already took care of users wit Blank spaces where you could find at
Line containing ( in email.php )
$cpun1 = str_replace( " ", ".", $cpun );
Now you could rerun this same line for as much characters u suppose ur members or vbulletin allows and the second value is what it will be
so you could do
$cpun1 = str_replace( " ", ".", $cpun );
$cpun1 = str_replace( "#", ".", $cpun );
$cpun1 = str_replace( "~", ".", $cpun );
( i didnt even notice any forum member containing such characters so i havent really even thought of it except for spaces )

For other questions asked :
A live demo , that can be viewed on http://www.tchatting.com/forum/email.php but u will need to register thats why i added screenies instead .

//nitro and PtP : As for the PHP security guys are bothered about , just remember ALL scripts, forums, cms shopping carts and every known portal has its KNOWN location of its config files , how come this question was raisen here and u have never worried about everything else you add ur info to ?
PHP is processed before it outputs data to client side. (thus its safe )
Last comment i also read, someone suggested if php didnt run it will expose it , true , but trust me , if your server php stopped being processed for some reason your last worries would be my files !//

freako9699 : u dont need to create emails for ur users, THEY will activate their own emails , thats what this extension is for !
You add your cpanel details into the config, then you announce to ur users that they can have their free email at /email.php and thats it.

Snoop-It : to have a vb interface that will require a full email addon as well. I am projecting on doing such thing but that but still looking for Lots of free time.

moonclamp : file to upload are on ur forum root not domain root.
No strains on server no , and as for users deleted , they will keep their emails u should do it manually then , though we can add functions to this one.

Because in general most only require db info not your entire hosting info to be entered, this is where it becomes a much larger security issue. PHPNUke not that we really want to go there recomend that there config file with the db info is put outside of webroot, to a certain extent its the right way to do it, especially when it concerns your cpanel info wich maywell be your ftp info aswell. PHP can stop processing simply by a sysadmin mistakingly disabling the php module during an apache update ie forgetting to compile with php etc, not a serious issue and would soon be noticed and fixed but in that time info could easily be obtained that normally would not. a db user pass is nothing like as serious as cpanel info, likely to be ftpinfo and for some possibly WHM info aswell. This is one time the config file most certainly should be outside of the webroot.

I updated the uploaded zip file and added the htaccess provided by furgil as well as moved the file into includes folder/
As for the questions for other than cpanel emails, generally i use cpanel thats why i did it for cpanel, but since i used fopen and http login post , this will allow it to be modifed to any panel that can accept http login posts

Sorry to seem stupid on this, but when I use my login details for my control panel, and then try to access my email through the forum I get this error:

Warning: fopen(http://...@steadiforum.com:2082/frontend/x/mail/doaddpop.html?email=Jason&domain=steadiforum.com&password=xxxxxxP&quota=10): failed to open stream: Connection refused in /email.php on line 125
Sorry, Could not create a connection to our Mail Server, your email was not created, please hit the back button and try again: Contact the admin at mail if you encounter further problems

I'm pretty stuck on this one, not sure if it possible with my current hosting.

Thanks,

Jason

did you edit cp_email_config correctly ? the file that should be uploaded to the includes folder.
There you should add your cpanel and login details as specified .If everything is surely okey , just check if your phpinfo setting allows fopen as well.

can u set it so only certain usergroups get email adresses

melefire , instructions are within the readme.txt as well as in previous posts, u have to do this manually by changing a line in email.php

thx i will use it now

Labanon
Should it work on vb 3.5.3
I tried to install on VB 3.5.3
and getting the error


Warning: fopen(http://...@mydomain.com:2082/frontend/x/mail/doaddpop.html?email=abc&domain=mydomain.com&password=123456"a=5): failed to open stream: Connection refused in /email.php on line 128
Sorry, Could not create a connection to our Mail Server, your email was not created, please hit the back button and try again: Contact the admin at admin@mydomain.com if you encounter further problems



Any suggestions

rizwan65, this actually means the script is working, the couldnt open a connection could come up for two reasons:
cpanel user and password supplied in the config are not set correctly
or you are not allowed to use fopen on your server.

AWESOME HACK!
But tell me please...
1-If i dont have CPANEL ? How can i use it?
2-If i have POP3 mail server seperately from my Vbulletin server ?
how can i work with this ?
Thank you for this GREAT hack

rizwan65, this actually means the script is working, the couldnt open a connection could come up for two reasons:
cpanel user and password supplied in the config are not set correctly
or you are not allowed to use fopen on your server.

Well lebanon
I have checked my phpinfo
allow_url_fopen is on

and My password is also correct
I have rechecked it

is it possible to do the same thing but instead of actual emails, just creates email forwards

yeah, forwarding would be nice!

actually forwarding is much easier to create, but then i will have to re-post it in another script, because it will require deleting the code where to alter the database and to remove login box and so on, and only keep a value wether he has the forwarder created or not.
but typically a change would be in the url to be opened thats all ( the rest would be actually design wise because login boxes are then useless)
http$ssl://$xxcpuser:$xxcppass@$xxdomain:$port/frontend/$xxcptheme/mail/doaddpop.html?email=$cpun1&domain=$xxdomain&password=$password&quota=$xxquota";
shoud be like
http$ssl://$xxcpuser:$xxcppass@$xxdomain:$port/frontend/$xxcptheme/mail/doaddfwd.html?email=$cpun1&forward=$email2";

know what, ill post this later as a whole code , maybe later on hopefully

just like idea:
in CP user has button/checkbox "Enable email forwarding" and input "forward to email"
so if user enables forwarding, then in cpanel will be added entry with all these data (new email and where it forwarded), also wolud be cool to add 2 array, with letters replacing (by default " " -> "." (or maybe "_") also pips could add cyrilic->translit replacement (for ex)

if (!is_member_of($vbulletin->userinfo, 19) AND !is_member_of($vbulletin->userinfo, 22)) AND !is_member_of($vbulletin->userinfo, 6))

its giving me an error :-/

and One of my users has a space in his name so its not working is there a way for it to add the . itself and when you login fixes all that?

Thanks

How can you delete an email addy .. I've removed it from the cpanel but it still shows in the forum and asks for a login to an email addy that no longer exists !?

and One of my users has a space in his name so its not working is there a way for it to add the . itself and when you login fixes all that?

Thanks


Working perfectly only thing is user with a space doesnt create and doesnt even work


example one of my users killa k says it was created but when i go in cpanel it doesnts how and even when they try to login it says fail

bump

MissKalunji, by default as i described it will replace characters that cannot be accepted in email forms to a . (dot)
Which means their email by default is kala.k not kala k
If you want to change that change the lines in email.php
$cpun1 = str_replace( " ", ".", $cpun );
Replace the "." with your desired character , which can be mostly a dot or _ for example.

Thats what im saying...it doesnt CREATE IT AT ALL!

Suppose you don't use CPanel? Is there a way to make this work with VDeck as well?

Thats what im saying...it doesnt CREATE IT AT ALL!

bump!

I just installed this on my vbulletin and it works fine with members that have no spaces or special characters in their username. The problem is that when a user with a space in their username tries to create an account, it attempts to create the username with a space instead of the . (dot) as it should. No account is created but when they go to the /email.php url it shows they have an active email. I checked CPanel and no account was created.

Anyone know how I can fix this?

i've been trying to get an answer:(

i've been trying to get an answer:(

Yup, I can confirm that the Space in a users name is a problem, it does not use the replace feature you mention, I will try and code this later on tonight if I get a chance as I am not sure I will use this? Or has anyone got this working yet?

AO

oh plz! i've been wanting this to work forever

Had a quick look, I guess cpanel have changed something in the way they process new email accounts, i will get to this but right now I am snowed under!

I will get there.

AO

Had a quick look, I guess cpanel have changed something in the way they process new email accounts, i will get to this but right now I am snowed under!

I will get there.

AO

Hope all is well mate, and the snow melts! They went from mbox to mdir or something of that nature...

Had a quick look, I guess cpanel have changed something in the way they process new email accounts, i will get to this but right now I am snowed under!

I will get there.

AO


thanks in advance!

Is there a 3.6 version?

Is there a 3.6 version?

it works on my 3.6 but there is still the same bugs

Well lebanon
I have checked my phpinfo
allow_url_fopen is on

and My password is also correct
I have rechecked it

How can you check if your fopen is on? im getting the same error
please help:confused:

Working perfectly only thing is user with a space doesnt create and doesnt even work


example one of my users killa k says it was created but when i go in cpanel it doesnts how and even when they try to login it says fail

(This was tested on 3.6.4 but will work on 3.5.x)
BACK UP your file www/forum/email.php then replace ALL the code in email.php with the following. It will then work for you :)

username of "the geezer" becomes the-geezer@emailaddress.co.uk
username of "the ultimate geezer" becomes the-ultimate-geezer@emailaddress.co.uk

AO

<?php







// ######################## SET PHP ENVIRONMENT ###########################



error_reporting(E_ALL & ~E_NOTICE);







// ##################### DEFINE IMPORTANT CONSTANTS #######################



// change the line below to the actual filename without ".php" extention.



// the reason for using actual filename without extention as a value of this constant is to ensure uniqueness of the value throughout every PHP file of any given vBulletin installation.







define('THIS_SCRIPT', 'email');







// #################### PRE-CACHE TEMPLATES AND DATA ######################



// get special phrase groups



$phrasegroups = array();







// get special data templates from the datastore



$specialtemplates = array();







// pre-cache templates used by all actions



$globaltemplates = array(



// change the lines below to the list of actual templates used in the script



'cpemail',



);







// pre-cache templates used by specific actions



$actiontemplates = array();







// ########################## REQUIRE BACK-END ############################



require_once('./global.php');

require_once(DIR . '/includes/functions_user.php');

include ('./includes/cp_email_config.php');

if (!is_member_of($vbulletin->userinfo, 5) AND !is_member_of($vbulletin->userinfo, 6) AND !is_member_of($vbulletin->userinfo, 31) AND !is_member_of($vbulletin->userinfo, 27) AND !is_member_of($vbulletin->userinfo, 7))

{

print_no_permission();

}



// #################### HARD CODE JAVASCRIPT PATHS ########################



$headinclude = str_replace('clientscript', $vbulletin->options['bburl'] . '/clientscript', $headinclude);







// ################################################## ######################



// ######################### START MAIN SCRIPT ############################



// ################################################## ######################







$navbits = array();



// change the line below to contain whatever you want to show in the navbar (title of your custom page)



$navbits[$parent] = 'Cpanel Email Login & Registration Page';







$navbits = construct_navbits($navbits);



eval('$navbar = "' . fetch_template('navbar') . '";');

$activate = $_GET['activate'];

$cpun = ("" . $vbulletin->userinfo['username'] . "");

$cpun1 = str_replace( "#", "-", $cpun );

$cpun1 = str_replace( "~", "-", $cpun );

$cpun1 = str_replace( "@", "-", $cpun );

$cpun1 = str_replace( " ", "-", $cpun );

$password =$_POST['password'];

$email = $cpun;

ob_start();

if(is_null($activate))

{

$cpquery = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "user AS user WHERE username='$cpun' ") or die(mysql_error());

while ($cpquery3 = $db->fetch_array($cpquery))

$cpquery2 = $cpquery3['cpmail'];

if ($cpquery2 == 1) {

echo ("You have 1 <b>inactive</b> email:: <b> $cpun1@$xxdomain </b><br>");

echo ("To activate your email enter a password below and click Activate<br>");

echo ("<form action=email.php?activate=1 method=post><input type=hidden name=email value=$cpun1 >");

echo ("<input type=hidden name=activate value=1 >");

echo ("<input type=hidden name=domain value=$xxdomain >");

echo ("<input type=text name=password value= >");

echo ("<input type=hidden name=quota value=$xxquota >");

echo (" <input type=submit value=Activate name=submit class=button></form>");

} else {

//echo $cpquery2;

echo ("You have an active email:: <b> $cpun1@$xxdomain </b>");

//CHANGED BY AO
//echo ("<form action=cp_email_login.php method=post><input type=hidden name=user value=$cpun >");
echo ("<form action=cp_email_login.php method=post><input type=hidden name=user value=$cpun1 >");

echo ("<br><br>Enter Your Password To Continue:<br><input type=password name=pass><br><input type=submit name=login value=Login></form>");

}

}

else

{

//// start of email creation block



$url = "http$ssl://$xxcpuser:$xxcppass@$xxdomain:$port/frontend/$xxcptheme/mail/doaddpop.html?email=$cpun1&domain=$xxdomain&password=$password&quota=$xxquota";



ini_set('user_agent','MSIE 4\.0b2;');



$filepointer = fopen($url,"r");



if($filepointer){



while(!feof($filepointer)){



$buffer = fgets($filepointer, 4096);



$file .= $buffer;



}



fclose($filepointer);



} else {



die(" Sorry, Could not create a connection to our Mail Server, your email was not created, please hit the back button and try again: Contact the admin at $xxadmins_email if you encounter further problems");

}



$message="Email Signup at $xxdomain \n account:$cpun1@$xxdomain \n username:$xxname quota:$xxquota login:$password\n\n If the user forgets their password you can change it in CPanel Email Maintanence \n\nRegards,";

//writing the success into database to prevent duplicate creations errors

$vbulletin->db->query_write("UPDATE " . TABLE_PREFIX . "user SET cpmail = 2 WHERE username='$cpun' LIMIT 1");

//db updated

if (preg_match("/exists/i", $file)) {

$status="failed";



echo ("<center><br/><strong>Sorry <br> $cpun1@$xxdomain </strong><br/><br/>");

echo ("has already been registered/activated. Please contact the administration.</center>");

echo ("<br><br>");

} else {



$status="new account created";



echo "<br/><strong>Thank you $cpun ,</strong><br/>Your email address $cpun@$xxdomain with password $password has been created with $xxquota MB Storage! Thank you for signing up for <br\>$xxdomain email.<br/> You may go back into your email login page now at <a href='http://www.$forumurl/email.php'>http://www.$forumurl/email.php<br/><br/>";



}

//////end of the email creation block

}



$cpemail = ob_get_contents();



ob_end_clean();







// change the line below to contain the name of the actual main output template used in your script



eval('print_output("' . fetch_template('cpemail') . '");');



?>

thank you!!

thank you!!

No probs, I guess it all works fine for you?