Hello
I would like to login with a php script.
This is my actual script:
<?php
/**
* Class to automatically login on a Roundcube installation
* @compatibility RoundCube 1.0.2+
*/
// a roundcube exception class
class RoundCubeException extends Exception {}
// main class
class RoundcubeAutoLogin
{
// roundcube link (with a trailing slash)
private $_rc_link = 'http://mail.domain.ch/';
/**
* Creates a new RC object
* @param $roundcube_link the roundcube link with a trailing slash
*/
public function __construct($roundcube_link)
{
$this->_rc_link = $roundcube_link;
}
/**
* Tries to log a RC user in using cURL. Does two requests. One to
* get a session token to perform the login, and one to do the actual
* login of the user
*
* @param $email the full e-mailaddress of the user
* @param $password the password of the user
*
* @returns The cookies you should set with setcookie
*/
public function login($email, $password)
{
try
{
$token = $this->_get_token();
if($token === FALSE) {
throw new RoundCubeException('Unable to get token, is your RC link correct?');
}
// make the request to roundcube
$post_params = array(
'_token' => $token,
'_task' => 'login',
'_action' => 'login',
'_timezone' => '',
'_url' => '_task=login',
'_user' => $email,
'_pass' => $password
);
$ch = curl_init($this->_rc_link . '?_task=login');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookiejar.txt');
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_params));
$response = curl_exec($ch);
$response_info = curl_getinfo($ch);
curl_close($ch);
if($response_info['http_code'] == 302)
{
// find all relevant cookies to set (php session + rc auth cookie)
preg_match_all('/Set-Cookie: (.*)\b/', $response, $cookies);
$cookie_return = array();
foreach($cookies[1] as $cookie)
{
preg_match('|([A-z0-9\_]*)=([A-z0-9\_\-]*);|', $cookie, $cookie_match);
if($cookie_match) {
$cookie_return[$cookie_match[1]] = $cookie_match[2];
}
}
return $cookie_return;
}
else
{
throw new RoundCubeException('Login failed, please check your credentials.');
}
}
catch(RoundCubeException $e)
{
echo 'RC error: ' . $e->getMessage();
}
catch(Exception $e)
{
echo 'General error: ' . $e->getMessage();
}
}
/**
* Redirect to RC
*/
public function redirect()
{
header('Location: ' . $this->_rc_link . '?_task=mail');
}
/**
* Gets a token to use for the login
*/
private function _get_token()
{
$ch = curl_init($this->_rc_link);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookiejar.txt');
$response = curl_exec($ch);
curl_close($ch);
preg_match('|<input type="hidden" name="_token" value="([A-z0-9]*)">|', $response, $matches);
if($matches) {
return $matches[1];
}
else {
return FALSE;
}
}
}
$rc = new RoundcubeAutoLogin('http://mail.domain.ch'); // set your roundcube domain path
$cookies = $rc->login('[email protected]', 'password');
// now you can set the cookies with setcookie php function, or using any other function of a framework you are using
foreach($cookies as $cookie_name => $cookie_value)
{
setcookie($cookie_name, $cookie_value, 0, '/', '');
}
// and redirect to roundcube with the set cookies
$rc->redirect();
?>Unfortunately this does not work.
I always get the following error in the log file:
[12-Dec-2016 19:49:31 +0100]: <e4ktafd9> Aborted session e4ktafd9ndm3f9h3cf380ckt34; no valid session data found
There is no ERROR.
If i change the user to something else, i get a login error.
Therefore i think the login itself is ok.
There must be something wrong with the session.
Could anyone help me?
Thanks
CSRF protection in Roundcube prevents things like this from working. What you need to do is build a plugin for Roundcube which can accept input from your script and perform the login. The autologin plugin shipped with Roundcube can provide a starting put for how to do this https://github.com/roundcube/roundcubemail/blob/master/plugins/autologon/autologon.php