Cpanel Email per username -Simple extension

This cpanel email extension, allows you to add email@urdomain per username.
The script will use mysql field value to determine wether the user has activated an email or not.
If not active will allow him to set email pass and activate.
If active will allow to directly login to webmail.
demo
http://www.tchatting.com/forum/email.php
Requires login ( "demo demo" pass 123456 ) but you will not be able to create a new email using it anyway thats why i added screenshots here.

Requirements are ofcourse a Cpanel username + no limits on email creation.

The script current features are :
Page only for registered ( No groups set but can be configured via source code )
Replaces Spaces from usernames to . (dot ) since emails cannot contain spaces.
REVISED : also characters such as # @ ~
If you prefer character _ instead of a . for spaces replacements it can be changed on line 92.

The script contains working functions , but not fancy stuff .
You can edit the template to add a faq section or something below logins.

Also it can be extended to allow user to delete his email account or change his email password from the email page but i didnt think its a good idea so i left them out (though can be added )

Finaly , if you have ideas to further extend those functions let me know, id be glad to share if i had more extra time .
Last note : Add a link wherever u want it to appear .


March 8th: Updated the the files, moved the config into includes and added htaccess contents as per Frugil post.
Added intrusctions on how to specify groups.
INSTALLATION
import the xml product .
Upload the rest of the files into your forum root
Link to the file !

[lebanon]

sounds like i skipped the most important question
Specifying this to Special groups :

Replace line 60 of email.php
if (!$vbulletin->userinfo['userid'])
WITH
if (!is_member_of($vbulletin->userinfo, N) AND !is_member_of($vbulletin->userinfo, N2))
(ofcourse replace the N and N2 with numbers of the allowed groups , this example shows two allowed groups lets say admins and paid members groups, ofcourse to allow more just AND !is_member_of($vbulletin->userinfo, N3)

[PtP]

Quote:

Originally Posted by lebanon

//nitro and PtP : As for the PHP security guys are bothered about , just remember ALL scripts, forums, cms shopping carts and every known portal has its KNOWN location of its config files , how come this question was raisen here and u have never worried about everything else you add ur info to ?
PHP is processed before it outputs data to client side. (thus its safe )
Last comment i also read, someone suggested if php didnt run it will expose it , true , but trust me , if your server php stopped being processed for some reason your last worries would be my files !//

I asked this question here because in NO other script I use do I have to put in my username and password to my cpanel which controls EVERYTHING and could a lot of damage so please understand I am not going to jump in and do tbat without asking questions first.

[Frugal]

Great hack, however I tend to agree about the security, whilst it is true that many cms and other scripts have config files in known locations most have the permissions set to be non world readable or have them located in a .htaccess protected directory. Likewise should they be compromised only your forum or cms gets compromised. If CPANEL gets compromised then you are in deep doodoo as you could get completely locked out of your own server. As such I would definately move the cp_email_config.php into a safe place, outside of your web site's document root or at least protect it with .htaccess.

Easiest way to make it secure is to create a .htaccess file with the following content and drop it in the same directory

<Files cp_email_config.php>
order deny,allow
deny from all
</Files>


This will prevent anyone reading or downloading the file even if PHP was to stop running and should make it about as secure as it can be without moving the config file outside of the document root. Lebanon, how about including a .htaccess in the package, that way it is tightly locked up by default.

I have attached a .htaccess file to this post, just remove the .txt extension and upload it to the same directory as your cp_email_config.php file.

Frugal

[lebanon]

Frugal , yes could be done,
also u can put the config anywhere you want and just change the line in the second two files to point to it correctly instead of include ./ to ./include/ or ./admincp/ however place u feel comfortable about

[Frugal]

Yes on my own forums I'll be moving the file outside of the doc root, but everyones server is set up differently so posting detailed instructions that beginners can follow isn't easy. The .htaccess included in the package makes it very secure right from install for everyone, whilst the advanced users can take whatever additional steps they feel necessary.

Frugal

[JirQUEST]

regarding the special characters... what about underscores?

[mathias]

can you make one for ensim?

[steadicamop]

Q.

Is it only Cpanel logins that will work ... I'm hosting with someone who doesn't have Cpanel as such, just a different way of logging into the admin back end and webmail ... what details would I need - if this is possible?

Thanks,

Jason

[nitro]

Quote:

Originally Posted by lebanon

I havent really considered all cases but since you mentioned it , its doable.
I already took care of users wit Blank spaces where you could find at
Line containing ( in email.php )
$cpun1 = str_replace( " ", ".", $cpun );
Now you could rerun this same line for as much characters u suppose ur members or vbulletin allows and the second value is what it will be
so you could do
$cpun1 = str_replace( " ", ".", $cpun );
$cpun1 = str_replace( "#", ".", $cpun );
$cpun1 = str_replace( "~", ".", $cpun );
( i didnt even notice any forum member containing such characters so i havent really even thought of it except for spaces )

For other questions asked :
A live demo , that can be viewed on http://www.tchatting.com/forum/email.php but u will need to register thats why i added screenies instead .

//nitro and PtP : As for the PHP security guys are bothered about , just remember ALL scripts, forums, cms shopping carts and every known portal has its KNOWN location of its config files , how come this question was raisen here and u have never worried about everything else you add ur info to ?
PHP is processed before it outputs data to client side. (thus its safe )
Last comment i also read, someone suggested if php didnt run it will expose it , true , but trust me , if your server php stopped being processed for some reason your last worries would be my files !//

freako9699 : u dont need to create emails for ur users, THEY will activate their own emails , thats what this extension is for !
You add your cpanel details into the config, then you announce to ur users that they can have their free email at /email.php and thats it.

Snoop-It : to have a vb interface that will require a full email addon as well. I am projecting on doing such thing but that but still looking for Lots of free time.

moonclamp : file to upload are on ur forum root not domain root.
No strains on server no , and as for users deleted , they will keep their emails u should do it manually then , though we can add functions to this one.

Because in general most only require db info not your entire hosting info to be entered, this is where it becomes a much larger security issue. PHPNUke not that we really want to go there recomend that there config file with the db info is put outside of webroot, to a certain extent its the right way to do it, especially when it concerns your cpanel info wich maywell be your ftp info aswell. PHP can stop processing simply by a sysadmin mistakingly disabling the php module during an apache update ie forgetting to compile with php etc, not a serious issue and would soon be noticed and fixed but in that time info could easily be obtained that normally would not. a db user pass is nothing like as serious as cpanel info, likely to be ftpinfo and for some possibly WHM info aswell. This is one time the config file most certainly should be outside of the webroot.

[lebanon]

I updated the uploaded zip file and added the htaccess provided by furgil as well as moved the file into includes folder/
As for the questions for other than cpanel emails, generally i use cpanel thats why i did it for cpanel, but since i used fopen and http login post , this will allow it to be modifed to any panel that can accept http login posts