Found a bug in the squirrelmail change_sqlpass plugin. Made the ugly fix; gonna dive in and write a patch later.
The bug occurs in functions.php
There is a mismatch between:
function get_password_salt, where the program reasonably returns the value of the password salt when $csp_salt_static is empty and $csp_salt_query is not empty.
and:
function get_password_encrypt_string, in the switch statement,
it uses the value of the password salt as the name of the password salt field, and the SQL fails.
It’s a one line fix:
– return ‘encrypt(“‘ . $password . ‘”, ‘ . $salt . ‘)’;
+ return ‘encrypt(“‘ . $password . ‘”, “‘ . $salt . ‘”)’;