Roundcube Community Forum
Miscellaneous => Roundcube Discussion => Topic started by: ANGDIC on March 30, 2011, 04:51:33 AM
-
HI,
does anyone know how to login via GET variables in url skipping the login page?
Thank you so much?
-
You can write a simple plugin.
-
Can you give me an example?
-
Here an auto login plugin http://trac.roundcube.net/browser/trunk/plugins/autologon/autologon.php you could modify it to login with url variables.
-
You really dont want to use GET for that. That would expose the password to possible third parties like proxies and also to logfiles.
-
class myautologin extends rcube_plugin
{
public $task = 'login';
function init()
{
$this->add_hook('startup', array($this, 'startup'));
$this->add_hook('authenticate', array($this, 'authenticate'));
}
function startup($args)
{
$rcmail = rcmail::get_instance();
// change action to login
if (empty($_SESSION['user_id']) && !empty($_GET['_autologin']))
$args['action'] = 'login';
return $args;
}
function authenticate($args)
{
if (!empty($_GET['_user']) && $this->is_localhost()) {
$args['user'] = $_GET['_user'];
$args['pass'] = $_GET['_pass'];
$args['valid'] = true;
return $args;
}
}
}
Where are errors?
thks
-
class myautologin extends rcube_plugin
{
public $task = 'login';
function init()
{
$this->add_hook('startup', array($this, 'startup'));
$this->add_hook('authenticate', array($this, 'authenticate'));
}
function startup($args)
{
$rcmail = rcmail::get_instance();
// change action to login
if (empty($_SESSION['user_id']) && !empty($_GET['_user']))
$args['action'] = 'login';
return $args;
}
function authenticate($args)
{
if (!empty($_GET['_user'])) {
$args['user'] = $_GET['_user'];
$args['pass'] = $_GET['_pass'];
$args['valid'] = true;
return $args;
}
}
}
-
Just a side note:
Use ...
get_input_value('_user', RCUBE_INPUT_GPC)
... Dev_PHPCommons ? Roundcube Webmail (http://trac.roundcube.net/wiki/Dev_PHPCommons) ...
Please consider comment by Cor Bosman. You should never use GET params
unless you are on a INTRANET. Using get to transmit Login credentials opens
all backdoors.