Author Topic: roundcube autologin  (Read 28258 times)

Offline dropseo

  • Newbie
  • *
  • Posts: 1
roundcube autologin
« on: December 15, 2008, 12:14:18 PM »
I need to pass username and password from our registered user database directly to Roundcube webmail for login.
I try to explain better:
In our portal, once the user is subscribed to the site, he got also an email account.
We like the idea to give webmail direct access from our site without the need, for the user, to type again username and password.
Any idea about how we can manage it?
Thanks!

Offline ericfoy

  • Newbie
  • *
  • Posts: 1
roundcube autologin
« Reply #1 on: January 22, 2010, 01:06:16 AM »
Yes...
I have the same question.
This seems like a very common scenario.  I know this is child's play for the pro's.  Can you guys give us a hint?

Offline rosali

  • Hero Member
  • *****
  • Posts: 2,533
roundcube autologin
« Reply #2 on: January 22, 2010, 01:27:45 AM »
Download MyRoundcube plugins bundle (see footer) and check out the code of logout_redirect. In the ajax_login folder there is an example how to login from outside Roundcube to get a valid Roundcube session. It should not be a problem to modify it catch login data from where ever you like.
Regards,
Rosali
__________________
MyRoundcube Project (commercial)

Rasteddy

  • Guest
info
« Reply #3 on: January 25, 2010, 12:55:28 AM »
thanks for the info...


men's ties

Offline gabneo

  • Newbie
  • *
  • Posts: 1
helpfull hint
« Reply #4 on: March 14, 2010, 07:25:48 PM »
I've found a simple and helpfull hint here.

greez
« Last Edit: March 14, 2010, 07:30:52 PM by gabneo »

Offline will_

  • Newbie
  • *
  • Posts: 2
Auto login to Roundcube
« Reply #5 on: November 13, 2010, 07:53:05 PM »
Hi,

Just wanted to share my success with this after wondering about it for a long time.

Our existing web site allowed people to log in and included a link to RoundCube - where they had to log in again.  I wanted them to be able to just log in once.  Ideally, I also wanted to avoid sending their login credentials in a URL (or even in POST data).

Here's what I did.  Apologies for the large amounts of PHP code - I'm not sure how to upload files.

1. Modified the link on our existing web site so that it included an 'autologin' directive, the user's ID number and a hash of the date, user's e-mail address and password.  This ensures that even if an auto-logon URL is captured, it will stop working the following day and never work again.  A small caveat is that if a user opens the page at 23:59 and clicks on the e-mail link at 00:01, the auto-login will fail, but this is quite unlikely in our situation.

$uid = [ get user ID (a numberfrom our own database ];
$pw = [ get user password from our own database ];
$auth md5date('Ymd') . $pw );
	
// Authorisation token will only work today
echo "<a href=\"link-to-roundmail?_autologin=1&uid={$uid}&auth={$auth}\">Staff e-mail</a>";


2. Modified plugsin/autologon/autologon.php to read the user data directly from our existing MySQL table, as long as the authorisation hash was correct:

class autologon extends rcube_plugin
{
  public 
$task 'login';

  function 
init()
  {
    
$this->add_hook('startup', array($this'startup'));
    
$this->add_hook('authenticate', array($this'authenticate'));
  }

  function 
startup($args)
  {
    
$rcmail rcmail::get_instance();

    
// change action to login
    
if (empty($_SESSION['user_id']) && !empty($_GET['_autologin']))
      
$args['action'] = 'login';

    return 
$args;
  }

  function 
authenticate($args)
  {
    if (!empty(
$_GET['_autologin']) && !empty($_GET['uid']) && !empty($_GET['auth'])) {

      
$rcmail
	
rcmail::get_instance();
      
$db
	
	
$rcmail->get_dbh();
      
$result
	
$db->query("SELECT `email`,`pw` FROM `our_user_table` WHERE `id` = '{$_GET['uid']}'");
      
$data
	
	
$db->fetch_assoc($result);
      if ( !empty(
$data) )
      {
        
$email
	
$data['email'];
        
$pw
	
	
$data['pw'];
        
$date
	
date('Ymd');
	
// YYYYMMDD (no time since this will increase the likelihood of an authentication failure)
        
$expect
	
md5($date $pw);
        
$auth
	
$_GET['auth'];
        if ( 
$auth == $expect )
        {
          
$args['user'] = $email;
          
$args['pass'] = $pw;
//        $args['host'] = 'localhost';  // not sure why this was needed
        
}
      }
    }
  
    return 
$args;
  }

}


3. Added 'autologon' to the array of active extensions in config/main.inc.php:

// List of active plugins (in plugins/ directory)
$rcmail_config['plugins'] = array('globaladdressbook''autologon');


(We were already using the Global Address Book plugin.)

That's it!
« Last Edit: November 13, 2010, 07:55:05 PM by will_ »

Offline laczika

  • Newbie
  • *
  • Posts: 1
roundcube autologin
« Reply #6 on: September 06, 2011, 02:53:05 PM »
will's solution works only if their system stores plain text passwords. RC uses IMAP for authentication, so that plain text passwords must be passed back by authentication hooks. ISPConfig3 hosting control panel uses a strong encryption when storing passwords, so that it seems impossible to decrypt them to be able to use these hooks. gabneo's mentioned lilnk suggests making password travel back and forth between server and browser. On one hand it is an extreme security risk, on the other hand it works only if user has javascript turned on. Any other idea on how to emulate this bloody RC session? :)

Offline will_

  • Newbie
  • *
  • Posts: 2
roundcube autologin
« Reply #7 on: September 06, 2011, 03:35:11 PM »
I forget the exact details but our system does not store the passwords in plaintext.

adumpaul

  • Guest
roundcube autologin
« Reply #8 on: October 29, 2011, 04:57:29 AM »
I realise .htaccess can be used to achieve the same thing however a .htaccess rule has to be created for each and every hosting account, further to this a webmail.XXXXXX.XXX subdomain. Both of these are tasks i'd rather not have to perform manually for each and every hosting account.
« Last Edit: October 29, 2011, 04:59:53 AM by adumpaul »

Offline Gingineer

  • Newbie
  • *
  • Posts: 1
autologin
« Reply #9 on: December 07, 2011, 06:55:48 PM »
This is exactly what I want to do! I'm trying to implement this, but am totally new in this RC world, and still pretty inexperienced with PHP. I think what I'm having trouble understanding, is how you access your SQL users? Specifically:


      $rcmail    
rcmail::get_instance();
      
$db        $rcmail->get_dbh();
      
$result    $db->query("SELECT `email`,`pw` FROM `mailbox` WHERE `id` = '{$_GET['uid']}'");
      
$data        $db->fetch_assoc($result);


where you can see I've stuck in my table name "mailbox" for my database, called "postfix". Am I doing this right? Also, has this been implemented on RC .6? That's what I'm working with over here.

Best,
Greg