Allow Users to Change Email Passwords

Here is how to enable users to change their own passwords. We will be using the change-password-custom-sql plug-in for Rainloop. First, download (avaiable here: rainloop-webmail/plugins/change-password-custom-sql at master · RainLoop/rainloop-webmail · GitHub) and extract the change-password-custom-sql plug-in in its own folder to /data/data/default/plugins/ under Rainloop’s main directory. Second and last but not least, in “Plugins” under “Rainloop — Admin Panel”, configure that plugin as shown:

<img src=“”[/img]>

Note: The password is your MySQL root password that was supplied during CyberPanel installation.

Notice: This tutorial currently needs to be updated since passwords are now encrypted with CRYPT. Please wait while confer with CyberPanel support on how best to update the SQL statement.

Pinging @CyberPanel

See this code:

UPDATE :table SET password = ENCRYPT(:newpass) WHERE emailOwner_id = :domain AND email = :email AND password = ENCRYPT(:oldpass)

@Hifihedgehog I am moving servers and this is one of the things I needed.

I have read a bunch of your posts…i keep seeing mentions that you have tried some of the same things I have.

Are you using the internal rainloop for customers? or did you go with an external install in a subdomain e.g.

You had roundcube running for awhile (I have yet to get that to work with Litespeed)…did you do that with a rpm/deb install or external in a subdomain.

I just can’t make up my mind on the best way to provide webmail to people who are used to the typical Cpanel presentation.


I used an external, extracted install of Rainloop for ease of installation and management. Previous to that, I used an external, extracted install of RoundCube as well. I am hoping I can get a concrete answer on how to change passwords because they are not successfully applying at the moment.

I just opened a ticket for this specific issue with CyberPanel on GitHub. Hopefully, we will get an answer shortly!

I uncovered the method myself through trial and error. Here is the password changing function they are using, and it is in PHP:

$password = “{CRYPT}”.password_hash($password_1, PASSWORD_DEFAULT);

So, there’s that. I’ll see what I can whip up in the meantime. I hope this helps in some small way!

I’ll have a full custom plug-in for CyberPanel hopefully prepared by this Friday (or earlier)!

Finished! :slight_smile: I will be pushing it to GitHub soon. If CyberPanel gives their blessing, we will now have a CyberPanel-specific password changing plug-in for Rainloop.

Pinging @CyberPanel to give them the good news!

Done and done. I also initiated a pull request. So hopefully, it should be added very soon to the official Rainloop project. If this meets your approval team @CyberPanel, please let the Rainloop team know that they can go ahead and add it:

The new plugin for changing passwords with RainLoop is available here for immediate download:

1 Like


Great work.

Thanks, @CyberPanel!

In an effort to be in parity as well as bulletproof security, I increased the rounds setting to 12 to match CyberPanel. Previously at only 10 rounds which is the default, there was no way anyone could reasonably hack passwords generated with the plugin since it would take about 1 year with a hefty, high-end, eight-GPU cluster meaning decades on a regular desktop or server. Now, it will take about 4 years on such a system and on a normal desktop, it would take decades if not over a century. In other words, this is more of a footnote, textbook release but warmly welcome for security maniacs, just the same.

Just as a note, this plugin was finally successfully pulled into RainLoop’s official codebase:

Full path to plugins directory:


Type your comment> @NiiYankee said:

Full path to plugins directory:


Thanks for that. Much appreciated.

Pinging @usmannasir and @CyberPanel. Where is the new location for email users? I noticed the Cyberpanel table is no longer in phpMyAdmin. I am needing to update my email plugin to accommodate these changes. Also, what versions of CyberPanel does this change in email user management apply to so I can note this in my release notes. Thanks!

As it turns out, the CyberPanel table appears to be merely hidden from phpMyAdmin, but it still exists when I access my tables via a terminal session. So please kindly disregard the above message.

is this still working ?

doesn’t seem to work. Dnt know , wht im doing wrong

i was trying the older version : rainloop-webmail/plugins/change-password-custom-sql at master · RainLoop/rainloop-webmail · GitHub

new working version -

i wish i paid little bit of attention…
wasted an hour.
hope other find it quick.

1 Like