Cpanel Email per username -Simple extension
 

This cpanel email extension, allows you to add email@urdomain per username.
The script will use mysql field value to determine wether the user has activated an email or not.
If not active will allow him to set email pass and activate.
If active will allow to directly login to webmail.
demo
http://www.tchatting.com/forum/email.php
Requires login ( "demo demo" pass 123456 ) but you will not be able to create a new email using it anyway thats why i added screenshots here.

Requirements are ofcourse a Cpanel username + no limits on email creation.

The script current features are :
Page only for registered ( No groups set but can be configured via source code )
Replaces Spaces from usernames to . (dot ) since emails cannot contain spaces.
REVISED : also characters such as # @ ~
If you prefer character _ instead of a . for spaces replacements it can be changed on line 92.

The script contains working functions , but not fancy stuff .
You can edit the template to add a faq section or something below logins.

Also it can be extended to allow user to delete his email account or change his email password from the email page but i didnt think its a good idea so i left them out (though can be added )

Finaly , if you have ideas to further extend those functions let me know, id be glad to share if i had more extra time .
Last note : Add a link wherever u want it to appear .


March 8th: Updated the the files, moved the config into includes and added htaccess contents as per Frugil post.
Added intrusctions on how to specify groups.
INSTALLATION
import the xml product .
Upload the rest of the files into your forum root
Link to the file !

So what are the install instructions?

Please put them in a text file and upload that as well as the zip.

Laters

Install clicked for reference.

Wow, this looks great, ill take a look at it later on :)

Hello,

I have a few questions. What type of email does this create? I have unlimited emails on all my servers, but they are all pop3 mail. Does this create pop3 mail accounts?

Once they have their email addies, can they send email using the email addy or just receive mail. Where do they send and receive email?

These may sound like stupid questions, but I don't exactly understand how this works and I am not willing to install it until I know if I can use it or not.

I too am clicking install, but it is for reference so I can follow this thread.

iguanairs , the mod uses your own cpanel email service.
Which means , he will login to the webmail as if you added his email manually into your domain account ( again supposing you are using Cpanel ).
He will have access to webmail /pop/smtp just as any email you would create on your Cpanel account.

Nice one. We can Use another domain differing from our board domain for this email-hack right?

cobraws, yes u can , just set the domain variable in the config file into the domain being used & hosted on cpanel.

Thank you, I just wanted to be sure :)

I am not quite sure what this does.

Here is what I would like to see it do, tell me if its possible.

Set it so only specific usergroups can use it (ie paying members)

Then they can create their own emaill account on my system with a 10mb mailbox. Is this possible?

This looks cool. I might have a play around

Questions ...

• Do we upload these files into the forum root or the domain root?
• What happens if a user changes his username?
• What happens if a user is banned or deleted?
• Does this put any strain on the server?
• I'm a little concerned about adding my cpanel password to a php file ... is it safe?

Sounds interesting, I'll definately give it a try. Cheers. :)

this is great but would be nice if there was a vbulletin interface for the webmail and not the boring dull cpanel interfaces :|

OK all done but no idea how to edit the mod....whats the details?

OK have i got this right? You need to make an email account for your users first? then it will verify it over the forums?!? or no?

Thanks but do you have a live demo for this?

Try this: http://www.tchatting.com/email.php

Laters

Ok.

I have it setup and working

Edit the cp_email_config.php file and input your own data.
Upload the files to your forums root.
Forum members can only access this script so no outsiders can get in.

run /your forum url/email.php

You will see a box asking you to input a password, this is the password to access mail and not your forum access password.

Once thats done the script will setup a pop3 email on your server using your forums URL. Once the password is entered and confirmed on screen the user is then given the opertunity to log into there new email account.

Re-enter /forums url/email.php and enter your password, your now at the webmail screen and therefore able to send and receive emails via your server and forums URL.

Laters

Could I ask the learned people out there is it wise to have a what appears to be a non protected php file on your public webspace with your cpanel username and password in it.

Try reading one of your own php files via the web.

I am not a person experienced at hacking so me not being able to do it means nothing, that is why I asked the question here.

im scared about that fact, but then, I am always paranoid

It seems safe enough. You have to remember PHP is processed SERVER side, so only the server will read the cPanel password, and nothing else. Seems ok to me.

true enough as I suppose we leave our database passwords on the server

In a protected admin directory ;)

Installed and works well ... great addition.

Thanks lebanon .. clicked install.

what happens with users who have other special characters in their name ... such as @ ~ # * etc?

good question...

This is an absolute security risk, if the webserver should load without php for some reason then yes php files will be readable like any other text file, or downloadable, as the server side will not process it.

I suggest you use a require or include to a file outside of webroot where it would be much safer which contains the cpanel info. Otherwise with the right domains in your pocket this hack is per chance very interesting. ;)

so how do i configure the source code to add in groups that i'd want to access the email?

I havent really considered all cases but since you mentioned it , its doable.
I already took care of users wit Blank spaces where you could find at
Line containing ( in email.php )
$cpun1 = str_replace( " ", ".", $cpun );
Now you could rerun this same line for as much characters u suppose ur members or vbulletin allows and the second value is what it will be
so you could do
$cpun1 = str_replace( " ", ".", $cpun );
$cpun1 = str_replace( "#", ".", $cpun );
$cpun1 = str_replace( "~", ".", $cpun );
( i didnt even notice any forum member containing such characters so i havent really even thought of it except for spaces )

For other questions asked :
A live demo , that can be viewed on http://www.tchatting.com/forum/email.php but u will need to register thats why i added screenies instead .

//nitro and PtP : As for the PHP security guys are bothered about , just remember ALL scripts, forums, cms shopping carts and every known portal has its KNOWN location of its config files , how come this question was raisen here and u have never worried about everything else you add ur info to ?
PHP is processed before it outputs data to client side. (thus its safe )
Last comment i also read, someone suggested if php didnt run it will expose it , true , but trust me , if your server php stopped being processed for some reason your last worries would be my files !//

freako9699 : u dont need to create emails for ur users, THEY will activate their own emails , thats what this extension is for !
You add your cpanel details into the config, then you announce to ur users that they can have their free email at /email.php and thats it.

Snoop-It : to have a vb interface that will require a full email addon as well. I am projecting on doing such thing but that but still looking for Lots of free time.

moonclamp : file to upload are on ur forum root not domain root.
No strains on server no , and as for users deleted , they will keep their emails u should do it manually then , though we can add functions to this one.

sounds like i skipped the most important question
Specifying this to Special groups :

Replace line 60 of email.php
if (!$vbulletin->userinfo['userid'])
WITH
if (!is_member_of($vbulletin->userinfo, N) AND !is_member_of($vbulletin->userinfo, N2))
(ofcourse replace the N and N2 with numbers of the allowed groups , this example shows two allowed groups lets say admins and paid members groups, ofcourse to allow more just AND !is_member_of($vbulletin->userinfo, N3)

I asked this question here because in NO other script I use do I have to put in my username and password to my cpanel which controls EVERYTHING and could a lot of damage so please understand I am not going to jump in and do tbat without asking questions first.

Great hack, however I tend to agree about the security, whilst it is true that many cms and other scripts have config files in known locations most have the permissions set to be non world readable or have them located in a .htaccess protected directory. Likewise should they be compromised only your forum or cms gets compromised. If CPANEL gets compromised then you are in deep doodoo as you could get completely locked out of your own server. As such I would definately move the cp_email_config.php into a safe place, outside of your web site's document root or at least protect it with .htaccess.

Easiest way to make it secure is to create a .htaccess file with the following content and drop it in the same directory

<Files cp_email_config.php>
order deny,allow
deny from all
</Files>


This will prevent anyone reading or downloading the file even if PHP was to stop running and should make it about as secure as it can be without moving the config file outside of the document root. Lebanon, how about including a .htaccess in the package, that way it is tightly locked up by default.

I have attached a .htaccess file to this post, just remove the .txt extension and upload it to the same directory as your cp_email_config.php file.

Frugal

Frugal , yes could be done,
also u can put the config anywhere you want and just change the line in the second two files to point to it correctly instead of include ./ to ./include/ or ./admincp/ however place u feel comfortable about

Yes on my own forums I'll be moving the file outside of the doc root, but everyones server is set up differently so posting detailed instructions that beginners can follow isn't easy. The .htaccess included in the package makes it very secure right from install for everyone, whilst the advanced users can take whatever additional steps they feel necessary.

Frugal

regarding the special characters... what about underscores?

can you make one for ensim?

Q.

Is it only Cpanel logins that will work ... I'm hosting with someone who doesn't have Cpanel as such, just a different way of logging into the admin back end and webmail ... what details would I need - if this is possible?

Thanks,

Jason

Because in general most only require db info not your entire hosting info to be entered, this is where it becomes a much larger security issue. PHPNUke not that we really want to go there recomend that there config file with the db info is put outside of webroot, to a certain extent its the right way to do it, especially when it concerns your cpanel info wich maywell be your ftp info aswell. PHP can stop processing simply by a sysadmin mistakingly disabling the php module during an apache update ie forgetting to compile with php etc, not a serious issue and would soon be noticed and fixed but in that time info could easily be obtained that normally would not. a db user pass is nothing like as serious as cpanel info, likely to be ftpinfo and for some possibly WHM info aswell. This is one time the config file most certainly should be outside of the webroot.

I updated the uploaded zip file and added the htaccess provided by furgil as well as moved the file into includes folder/
As for the questions for other than cpanel emails, generally i use cpanel thats why i did it for cpanel, but since i used fopen and http login post , this will allow it to be modifed to any panel that can accept http login posts