You don’t verify the previous password as part of the query. RC confirms it on form submission and only executes the query after the current password is verified.
Kevin > On Jul 1, 2021, at 5:39 PM, [email protected] wrote: > > I am using Dovecot Salted SHA2-512 for passwords and have this so far. > > $config['password_algorithm'] = 'dovecot'; > $config['password_dovecotpw_method'] = 'SSHA512'; > $config['password_dovecotpw_with_method'] = false; > $config['password_dovecotpw'] = '/usr/bin/doveadm pw'; > $config['password_query'] = "UPDATE accounts SET password=%P WHERE > email=%u"; > > But the part i can't figure out is how to verify the current password in the > query. > > $config['password_confirm_current'] = true; > > I noticed that %O always returns a different hash so it will never match the > salted hash in SQL. This will never work > > UPDATE accounts SET password=%P WHERE email=%u AND password=%O > > How can i go about setting it up so it verifies current password or is that > not possible to do with salted passwords? > _______________________________________________ > Roundcube Users mailing list > [email protected] > http://lists.roundcube.net/mailman/listinfo/users _______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
