Autologin fails in 0.7

brandonsmith · June 13, 2012, 12:57:36 PM

I have tried all the post i can find to get RoundCube autologin to work, every time is results in "Your session is invalid or expired."

I added the $args['valid']=true; to the autologin.php file.

Any thoughts?

SKaero · June 13, 2012, 10:06:46 PM

Why don't you post your autologin.php file.

brandonsmith · June 14, 2012, 03:41:25 PM

<?php

/**
* This plugin performs an automatic login if accessed
* with post Data from other Site an Portal or CMS
* Based on sample autologon PlugIn
*
* @version 0.2
* @author Eric Appelt (lacri)
*
* show into README to install and config
*
* changes
* 0.2 make a little bit secure with base64_encode strrev
* and a key thats replace after submitting encoded pass data
*
*/

class autologin extends rcube_plugin
{

function init()
{
$this->add_hook('startup', array($this, 'startup'));
$this->add_hook('authenticate', array($this, 'authenticate'));
}

function startup($args)
{
$rcmail = rcmail::get_instance();

$autologin = get_input_value('_autologin', RCUBE_INPUT_POST);

// change action to login
if ($args['task'] == 'mail' && empty($args['action']) && empty($_SESSION['user_id']) && !empty($autologin)) {
$args['action'] = 'login';

// decode pass, revert and replace key
$_POST['_pass'] = str_replace('1800','',base64_decode(strrev(get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'))));

// set initial cookie without this cookie login is not possible
$_COOKIE['roundcube_sessid'] = session_id();
}
return $args;
}

function authenticate($args)
{
$autologin = get_input_value('_autologin', RCUBE_INPUT_POST);

if (!empty($autologin)) {
$args['user'] = get_input_value('_user', RCUBE_INPUT_POST);
$args['pass'] = get_input_value('_pass', RCUBE_INPUT_POST);
$args['host'] = get_input_value('_host', RCUBE_INPUT_POST);
$args['cookiecheck'] = false;
$args['valid'] = true;
}
return $args;
}
}

SKaero · June 15, 2012, 02:18:09 AM

Try the following instead of what your using, if you still have problems post the form that submits to RoundCube.

Code Select


<?php
class autologon extends rcube_plugin
{
  public $task = 'login';

  function init()
  {
    $this->add_hook('startup', array($this, 'startup'));
    $this->add_hook('authenticate', array($this, 'authenticate'));
  }

  function startup($args)
  {
    $rcmail = rcmail::get_instance();

    // change action to login
    if (empty($_SESSION['user_id']) && !empty($_POST['_autologin']))
      $args['action'] = 'login';

    return $args;
  }

  function authenticate($args)
  {
    if (!empty($_POST['_autologin'])) {
      $args['user'] = $_POST['_user'];
      $args['pass'] = $_POST['_pass'];
      $args['host'] = $_POST['_host'];
      $args['cookiecheck'] = false;
      $args['valid'] = true;
    }
  
    return $args;
  }

}

brandonsmith · June 15, 2012, 11:54:54 AM

still takes me to "Your session is invalid or expired."

brandonsmith · June 15, 2012, 11:55:50 AM

how do i post to roundcube ? does this not?

SKaero · June 15, 2012, 12:19:55 PM

Are you expecting to just go to RoundCube and be automatically logged in or are you trying to login from a different place like a form on a website?

brandonsmith · June 15, 2012, 12:47:06 PM

I have an intranet side that users already log into that already has their loging information stores in a database. I was trying to build a "click here" that logs into the roundcube mail app.

SKaero · June 15, 2012, 01:25:54 PM

Ah well then your missing some steps, the plugin that you've posted is only setup to accept posts from another form. Where you trying to pass the login information in the link?

brandonsmith · June 15, 2012, 01:33:57 PM

Either way (post or get). I had been tryin with a hidden form submit to http://<server ip>/?task=login. The form would fill out everything except the password and the form would error out. But whatever is easier.

SKaero · June 15, 2012, 01:46:59 PM

Well you'd need to have the password in order to login.

brandonsmith · June 15, 2012, 01:53:20 PM

I know, and I would submit it in the form.

SKaero · June 15, 2012, 02:01:55 PM

Ok then can post the form you are trying to use?

brandonsmith · June 15, 2012, 02:44:07 PM

Code Select

<?
// set the passwort in session to fill the text login form with revertet and base64 encoded pass
// the *yourkey* must the same string as in autologin.php to replace this after revert and decode

echo '<form name="roundcubelogin" action="http://10.145.66.139/roundcube/?_task=mail" method="post" target="roundcube">
<input type="text" name="_timezone" value="_default_" />
<input type="text" name="_task" value="mail" />
<input type="text" name="_autologin" value="1" />
<input type="text" name="_user" value="<email address>" />
<input type="text" name="_host" value="imap.emailsrvr.com:143" />
<input type="text" name="_pass" value="<password>" />
<a href="#" onclick="document.forms.roundcubelogin.submit()">linktext image</a>
</form>';
?>

This is the same code as was given in the plugin sans the removal of the "encrypted" password line

*note .. the username and password were removed.

SKaero · June 15, 2012, 05:17:23 PM

Ok try this for the autologon.php plugin file:

Code Select


<?php
class autologon extends rcube_plugin
{
  public $task = 'login';

  function init()
  {
    $this->add_hook('startup', array($this, 'startup'));
    $this->add_hook('authenticate', array($this, 'authenticate'));
  }

  function startup($args)
  {
    $rcmail = rcmail::get_instance();

    // change action to login
    if (empty($_SESSION['user_id']) && !empty($_POST['_autologin']))
      $args['action'] = 'login';

    return $args;
  }

  function authenticate($args)
  {
    if (!empty($_POST['_autologin'])) {
      $args['user'] = $_POST['_user'];
      $args['pass'] = str_replace('1800','',base64_decode(strrev(get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'))));
      $args['host'] = $_POST['_host'];
      $args['cookiecheck'] = false;
      $args['valid'] = true;
    }
  
    return $args;
  }

}

And the following for the form:

Code Select


echo '<form name="roundcubelogin" action="http://10.145.66.139/roundcube/" method="post" target="roundcube">
<input type="text" name="_autologin" value="1" />
<input type="text" name="_user" value="<email address>" />
<input type="text" name="_host" value="imap.emailsrvr.com:143" />
<input type="text" name="_pass" value="<password>" />
<a href="#" onclick="document.forms.roundcubelogin.submit()">linktext image</a>
</form>';