RC plugin autologin from CMS or Portal ...

[talvins]

Doesn't work for me: "Invalid request! No data was saved."

Using :
     
     
     
      ">
      ">
     

with $mailpass = strrev(base64_encode('my_key'.$good_password)

[rosali]

It does not work since v0.5.1 due to CSFR protection of the login request.

Check my logout_redirect plugin and adust the outside login form as shown in the folder ajax_login.

[talvins]

Doesn't work : authentication failed. I tried directly with your entire plugin, using ajax_login.php as login interface.

Could you explain what has changed in the authentication process? hash/hash+salt and same in DB ? symetric encryption ?

Thanks.

[rosali]

There is a small bug in the plugin, which will be fixed in next release.

It should work if you adjust the action url in ajax_login.php and if
the referer url in the config file is properly defined.

The change was that login needs a Roundcube generated token in
the login form. If you login from outside, you can't have the token.
The token is stored in the (Roundcube) session. The workaround is
to have a plugin which sets the return argument 'valid' to true
on authenticate hook. If you have a little bit PHP skills, just look
into the authenticate hook of the plugin and you'll see what to do.

[talvins]

In fact, after tracing, I have a problem with your authenticate function.

$args['valid'] is true only if
        $rcmail->config->get('logout_redirect_referer', false) &&
        stristr($_SERVER['HTTP_REFERER'],$rcmail->config->get('logout_redirect_referer'))

But it's false in my conf, so $args['valid'] is never true.

[talvins]

Why your fonction doesn't work with GET datas ? Even if I change _POST with _REQUEST.

[rosali]

Make your own plugin for your needs. Just use the authenticate hook ...

It is quite easy:

Code: [Select]


class external_login extends rcube_plugin
{
  public $task = 'login|logout';
 
  function init()
  {
    $this->add_hook('authenticate', array($this, 'authenticate'));
  }

  function authenticate($args)
  {
    // validate request if desired and however you want to do it
    // if validation is passed, then return true ...
    $args['valid'] = true;
    return $args;
  }
}


[talvins]

Ok, I'll look for that.

thanks a lot.

[dorsig]

change the class like this should work:

class autologin extends rcube_plugin
{

  function init()
  {
    $this->add_hook('startup', array($this, 'startup'));
    $this->add_hook('authenticate', array($this, 'authenticate'));
  }

  function startup($args)
  {
    $rcmail = rcmail::get_instance();

    $autologin = get_input_value('_autologin', RCUBE_INPUT_POST);
    // change action to login
    if ($args['task'] == 'login' && empty($args['action']) && empty($_SESSION['user_id']) && !empty($autologin)) {
      $args['action'] = 'login';

      // decode pass, revert and replace key
           $_POST['_pass'] = str_replace('*yourpass*','',base64_decode(strrev(get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'))));

      // set initial cookie without this cookie login is not possible
      $_COOKIE['roundcube_sessid'] = session_id();
    }
    return $args;
  }

  function authenticate($args)
  {
    $autologin = get_input_value('_autologin', RCUBE_INPUT_POST);

    if (!empty($autologin)) {
      $args['user'] = get_input_value('_user', RCUBE_INPUT_POST);
      $args['pass'] = get_input_value('_pass', RCUBE_INPUT_POST);
      $args['host'] = get_input_value('_host', RCUBE_INPUT_POST);
      $args['cookiecheck'] = false;
      $args['valid'] = true;
    }
    return $args;
  }
}

[belyitigr@gmail.com]

Hi!

I have roundmail-0.6Rc and try use this script for autologin. But alwasys have errror...'Your session is invalid or expired.'
Maybe somebody know how resolve this? My param..

$_SESSION['userpassword'] = strrev(base64_encode('3108'.'111'));

echo '






Submit
';


and class code

class autologin extends rcube_plugin
{
  function init()
  {
    $this->add_hook('startup', array($this, 'startup'));
    $this->add_hook('authenticate', array($this, 'authenticate'));
  }

  function startup($args)
  {
    $rcmail = rcmail::get_instance();

    $autologin = get_input_value('_autologin', RCUBE_INPUT_POST);
    // change action to login
    if ($args['task'] == 'login' && empty($args['action']) && empty($_SESSION['user_id']) && !empty($autologin)) {
      $args['action'] = 'login';

      // decode pass, revert and replace key
           $_POST['_pass'] = str_replace('3108','',base64_decode(strrev(get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'))));

      // set initial cookie without this cookie login is not possible
      $_COOKIE['roundcube_sessid'] = session_id();
    }
    return $args;
  }

  function authenticate($args)
  {
    $autologin = get_input_value('_autologin', RCUBE_INPUT_POST);

    if (!empty($autologin)) {
      $args['user'] = get_input_value('_user', RCUBE_INPUT_POST);
      $args['pass'] = get_input_value('_pass', RCUBE_INPUT_POST);
      $args['host'] = get_input_value('_host', RCUBE_INPUT_POST);
      $args['cookiecheck'] = false;
      $args['valid'] = true;
    }
    return $args;
  }
}

[andrusha777]

Hi! The code change in plugin from dorsig posted above has fixed autologin plugin. It was working for me along time, but after updated to 0.5.4 from 0.5 beta - autologin was broken. Changing the code has fixed this problem. Don't know about 0.6 and above...

[createafreeblog]

Create a free blog


Create Free Blog | Free Blog WP WordPress


Use this website

[apeitup]

Does this plugin work on v0.54. Only I desperately need to get this running.

[tlq123]

Thanks for the information,just found this post my technorati news feed section! I was searching for this since past 3 months and i am glad to see it here. Thanking you much