Roundcube Community Forum

Miscellaneous => Roundcube Discussion => Topic started by: ANGDIC on March 30, 2011, 04:51:33 AM

Title: Login with GET Parameters
Post by: ANGDIC on March 30, 2011, 04:51:33 AM

HI,

does anyone know how to login via GET  variables in url skipping the login page?

Thank you so much?

Title: Login with GET Parameters
Post by: alec on March 30, 2011, 05:15:42 AM

You can write a simple plugin.

Title: help me please
Post by: ANGDIC on March 30, 2011, 05:39:10 AM

Can you give me an example?

Title: Login with GET Parameters
Post by: SKaero on March 30, 2011, 11:40:54 AM

Here an auto login plugin http://trac.roundcube.net/browser/trunk/plugins/autologon/autologon.php you could modify it to login with url variables.

Title: Login with GET Parameters
Post by: corbosman on March 31, 2011, 03:21:16 AM

You really dont want to use GET for that. That would expose the password to possible third parties like proxies and also to logfiles.

Title: I try this but it not go
Post by: ANGDIC on April 01, 2011, 02:38:48 AM

class myautologin extends rcube_plugin
{
  public $task = 'login';
 
  function init()
  {
   $this->add_hook('startup', array($this, 'startup'));
    $this->add_hook('authenticate', array($this, 'authenticate'));
  }
 
  function startup($args)
     {
       $rcmail = rcmail::get_instance();
   
       // change action to login
       if (empty($_SESSION['user_id']) && !empty($_GET['_autologin']))
         $args['action'] = 'login';
   
       return $args;
     }
 
  function authenticate($args)
  {
   if (!empty($_GET['_user']) && $this->is_localhost()) {
         $args['user'] = $_GET['_user'];
         $args['pass'] = $_GET['_pass'];
    $args['valid'] = true;
   
    return $args;
    }
  }
}

Where are errors?
thks

Title: sorry i've solved
Post by: ANGDIC on April 01, 2011, 03:13:29 AM

class myautologin extends rcube_plugin
{
  public $task = 'login';
 
  function init()
  {
   $this->add_hook('startup', array($this, 'startup'));
    $this->add_hook('authenticate', array($this, 'authenticate'));
  }
 
  function startup($args)
     {
       $rcmail = rcmail::get_instance();
   
       // change action to login
       if (empty($_SESSION['user_id']) && !empty($_GET['_user']))
         $args['action'] = 'login';
   
       return $args;
     }
 
  function authenticate($args)
  {
   if (!empty($_GET['_user'])) {
         $args['user'] = $_GET['_user'];
         $args['pass'] = $_GET['_pass'];
    $args['valid'] = true;
   
    return $args;
    }
  }
}

Title: Login with GET Parameters
Post by: rosali on April 02, 2011, 04:38:04 PM

Just a side note:

Use ...


get_input_value('_user', RCUBE_INPUT_GPC)


... Dev_PHPCommons ? Roundcube Webmail (http://trac.roundcube.net/wiki/Dev_PHPCommons) ...

Please consider comment by Cor Bosman. You should never use GET params
unless you are on a INTRANET. Using get to transmit Login credentials opens
all backdoors.