求助：hmailserver+roundcube启用密码插件后，用户无法修改密码问题

环境

windows 8

apache：httpd-2.4.25-x64-vc14-r1

mysql:5.6

php:php-7.1.5-Win32-VC14-x64

hmailserver:hMailServer-5.6.7-B2407

roundcube:roundcubemail-1.2.5-complete

搭建成功，可以正常使用，收发邮件，但就是在修改密码时发生错误，提示“无法保存新密码”。而我又发现，但新密码与旧密码相同时，则提示修改密码成功。无论怎样修改配置文件中的SQL语句，只要新旧密码一样，都会提示修改成功，貌似UPDATE语句根本没有发生作用。目前纠结困惑中，网上查的方法都试过了，均无结果，求大神指点，不胜感激。

以下密码插件配置config.inc.php：

<?php

// Password Plugin options
// -----------------------
// A driver to use for password change. Default: "sql".
// See README file for list of supported driver names.
$config['password_driver'] = 'sql';

// Determine whether current password is required to change password.
// Default: false.
$config['password_confirm_current'] = true;

// Require the new password to be a certain length.
// set to blank to allow passwords of any length
$config['password_minimum_length'] = 0;

// Require the new password to contain a letter and punctuation character
// Change to false to remove this check.
$config['password_require_nonalpha'] = false;

// Enables logging of password changes into logs/password
$config['password_log'] = false;

// Comma-separated list of login exceptions for which password change
// will be not available (no Password tab in Settings)
$config['password_login_exceptions'] = null;

// Array of hosts that support password changing. Default is NULL.
// Listed hosts will feature a Password option in Settings; others will not.
// Example: array('mail.example.com', 'mail2.example.org');
$config['password_hosts'] = null;

// Enables saving the new password even if it matches the old password. Useful
// for upgrading the stored passwords after the encryption scheme has changed.
$config['password_force_save'] = false;

// Enables forcing new users to change their password at their first login.
$config['password_force_new_user'] = false;

// Default password hashing/crypting algorithm.
// Possible options: des-crypt, ext-des-crypt, md5-crypt, blowfish-crypt,
// sha256-crypt, sha512-crypt, md5, sha, smd5, ssha, samba, ad, dovecot, clear.
// For details see password::hash_password() method.
$config['password_algorithm'] = 'clear';

// Password prefix (e.g. {CRYPT}, {SHA}) for passwords generated
// using password_algorithm above. Default: empty.
$config['password_algorithm_prefix'] = '';

// Path for dovecotpw/doveadm-pw (if not in the $PATH).
// Used for password_algorithm = 'dovecot'.
// $config['password_dovecotpw'] = '/usr/local/sbin/doveadm pw'; // for dovecot-2.x
$config['password_dovecotpw'] = '/usr/local/sbin/dovecotpw'; // for dovecot-1.x

// Dovecot password scheme.
// Used for password_algorithm = 'dovecot'.
$config['password_dovecotpw_method'] = 'CRAM-MD5';

// Iteration count parameter for Blowfish-based hashing algo.
// It must be between 4 and 31. Default: 12.
// Be aware, the higher the value, the longer it takes to generate the password hashes.
$config['password_blowfish_cost'] = 12;

// Number of rounds for the sha256 and sha512 crypt hashing algorithms.
// Must be at least 1000. If not set, then the number of rounds is left up
// to the crypt() implementation. On glibc this defaults to 5000.
// Be aware, the higher the value, the longer it takes to generate the password hashes.
//$config['password_crypt_rounds'] = 50000;

// This option temporarily disables the password change functionality.
// Use it when the users data