Roundcube Community Forum
Third Party Contributions => API Based Plugins => Topic started by: inomi on November 18, 2020, 04:11:14 AM
-
I have roundube installed on one server that supports 2 servers. I put in the configuration file config ['default_host'] = 'ssl: //mail.'.'%s';
which causes the host mail to be set after @. Everything works fine, but it seems to me that my solution is not entirely secure because people from other servers will be able to log in and use my e-mail. Of course, I can set each person to choose a given server, but I would like it to work automatically.
-
I change file index.php and now working and i can login accounts with two server but i don't know this solution is security?
$auth = $RCMAIL->plugins->exec_hook('authenticate', array(
'host' => $RCMAIL->autoselect_host(),
'host2' => $RCMAIL->autoselect_host(),
'user' => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)),
'pass' => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true, $pass_charset),
'valid' => $request_valid,
'cookiecheck' => true,
));
$auth['host'] = 'ssl://mail.name.com';
$auth['host2'] = 'ssl://mail.name2.com';
// Login
if ($auth['valid'] && !$auth['abort']
&& $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck']) || $RCMAIL->login($auth['user'], $auth['pass'], $auth['host2'], $auth['cookiecheck'])
)
-
Modifying index.php is not ideal as it will not survive updates. As you have shown you can already do what you want with a plugin attached to the 'authenticate' hook but have you looked at the 'login_username_filter' config option? That might be a simpler way do it.