Author Topic: RoundCube 1.0.1 autologon  (Read 2600 times)

Offline brcontainer

  • Newbie
  • *
  • Posts: 2
RoundCube 1.0.1 autologon
« on: June 05, 2014, 08:59:43 AM »
RoundCube 1.0.1 uses token, would be possible using "php" login into roundcube session (I have several email accounts)?

In outer email-customer-php I could insert a class into my code and do this:

Code: [Select]
include(REAL_PATH . 'webmail/libraries/afterlogic/api.php');
if(class_exists('CApi') && CApi::IsValid()){
try {
$oApiIntegratorManager = CApi::Manager('integrator');

if ($oAccount = $oApiIntegratorManager->LoginToAccount($sEmail, $sPassword)) {

} else {
echo 'Error in auth:', $oApiIntegratorManager->GetLastErrorMessage();
} catch (Exception $oException) {
echo 'Login Exception error:', $oException->getMessage();
} else {
echo 'WebMail API failed.';

I tried: (broken link) (without documentation)

I find the links are broken or do not have documentation or are obsolete codes that do not work. I googled a lot but found nothing.

Offline cvining

  • Newbie
  • *
  • Posts: 1
Re: RoundCube 1.0.1 autologon
« Reply #1 on: December 31, 2015, 06:45:15 AM »
OK, maybe this will help. Here's what I have learned about the autologon plugin, which does seem to do what it says it does.

First, activate it by adding a line to like
Code: [Select]
$config['plugins'] = array('autologon');
If you access Roundcube normally, this plugin does NOTHING.

BUT if you access Roundcube like this:

Code: [Select]
then the credentials hardcoded into

Code: [Select]
function authenticate($args)are used to log THAT user in. If you omit the token "_task=login" then any previously logged in user will not be logged out (by deleting the roundcube_sessid and roundcube_sessauth cookies previously planted in the user's browser), which could be a problem depending on your use case. Took me a while to work that one out.

And it actually works like a charm.

Each time someone tries to log in, the plugin checks 1) to see if the _autologin variable is not empty, 2) to see if they are not already logged in, and 3) if they are accessing Roundcube from localhost. If all that is true, the designated credentials are invoked. For my use case, I modified those conditions but that's the whole point. This is just an example illustrating how these hooks work.

A few sentences in a README would have saved me some time. But it does say this is just an example. You'll have to tweak the code to check for the conditions you want autologon to be invoked, to get it to suit your own purposes.

Now that I 'get' it, it's actually quite a fine plugin!
« Last Edit: January 01, 2016, 03:37:09 PM by cvining »