Hello everyone!
I have the following problem: The supervisor user opens user mailboxes using the autologon plugin. And he always forget to press the logout button. He just closes the browser window. He did that in Zimbra and it worked correctly. So when he opens the next mailbox, he gets to the previous mailbox. I tried to set the "session_lifetime" to 1 minute, but it didn't help. I think autologon plugin should reset the settings of an unclosed session somehow. How can I solve this problem?
I'm guessing you have a modified version of the autologon plugin since its not setup to do what you described out of the box.
You could use the "ready" hook to check if there is a request for a different account and if there is log the current user out and redirect back to the login for the new user account.
This is my autologon plugin code:
<?php
class autologon extends rcube_plugin
{
public $task = 'login';
public function init()
{
$this->add_hook('startup', [$this, 'startup']);
$this->add_hook('authenticate', [$this, 'authenticate']);
$this->add_hook('ready', [$this, 'ready']);
}
function startup($args)
{
rcube::console("startup _SESSION = " . json_encode($_SESSION));
if (empty($_SESSION['user_id']) && !empty($_GET['_autologin'])) {
$args['action'] = 'login';
}
return $args;
}
function ready($args)
{
rcube::console("ready _SESSION = " . json_encode($_SESSION));
return $args;
}
function authenticate($args)
{
rcube::console("authenticate _SESSION = " . json_encode($_SESSION));
if (!empty($_GET['_autologin'])){
$args['user'] = $_GET['_user'];
$cmd = '/usr/bin/python3 /usr/share/mpd/maila/manage.py user decode -u '.$_GET['_user'].' -t '.$_GET['_token'];
$output = shell_exec(escapeshellcmd($cmd));
if (!empty($output)){
$out = trim($output);
}
else {
return $args;
}
$args['pass'] = $out;
$args['host'] = 'localhost';
$args['cookiecheck'] = false;
$args['valid'] = true;
}
return $args;
}
private function is_localhost()
{
return $_SERVER['REMOTE_ADDR'] == '::1' || $_SERVER['REMOTE_ADDR'] == '127.0.0.1';
}
}When supervisor enters users mailbox, messages "startup _SESSION = " and "authenticate _SESSION = " appends to log, but not "ready _SESSION = ".
What I'm doing wrong?
You need to remove the task at the top of the file:
public $task = 'login';
The $task variable locks the plugin down to only run on the specified task. Removing it will allow you to check for new incoming requests to login to other accounts.
How should I logout correctly?
function ready($args)
{
if (!empty($_GET['_autologin'])){
rcube::console("Logout");
$task = 'logout'; // What code must be here?
}
return $args;
}
There is an example of how to log a user out in the autologout plugin https://github.com/roundcube/roundcubemail/blob/master/plugins/autologout/autologout.php you can then redirect to the login again to login with the new account.
I don't understand, how to redirect back to the login.
Now my ready function is like this:
function ready($args)
{
if (!empty($_GET['_autologin'])){
if ($_GET['_user'] != $args['user']){
$rcmail = rcmail::get_instance();
$rcmail->logout_actions();
$rcmail->kill_session();
$this->authenticate($args);
}
}
return $args;
}If I send GET request with autologin parameter first time, the users mailbox is opened. Then I send GET request with new user. Login page with new username and empty password is opend. When I send GET request with new user again, the new users mailbox is opend.
I've tried to use $rcmail->login("new_user*master_user", "master_password", "localhost", false); instead of $this->authenticate($args);. New user mailbox is opend for a second and then redirects to empty login page.
How to redirect back to the login from the ready function correctly?
I would use a header redirect that way the login can be handled by the other part of the plugin that is already working.
SKaero, you're great! Thank you so much for your help!
Here is my final autologon plugin:
<?php
/**
* Sample plugin to try out some hooks.
* This performs an automatic login if accessed from localhost
*
* @license GNU GPLv3+
* @author Thomas Bruederli
*/
class autologon extends rcube_plugin
{
public function init()
{
$this->add_hook('startup', [$this, 'startup']);
$this->add_hook('authenticate', [$this, 'authenticate']);
$this->add_hook('ready', [$this, 'ready']);
}
function startup($args)
{
if (empty($_SESSION['user_id']) && !empty($_GET['_autologin'])) {
$args['action'] = 'login';
}
return $args;
}
function ready($args)
{
if (!empty($_GET['_autologin']) && $_GET['_user'] != $_SESSION['username']){
$rcmail = rcmail::get_instance();
$rcmail->logout_actions();
$rcmail->kill_session();
header("Location: https://" . gethostname() . "/?_autologin=1&_user={$_GET['_user']}&_token={$_GET['_token']}");
}
return $args;
}
function authenticate($args)
{
if (!empty($_GET['_autologin'])){
$args['user'] = $_GET['_user'];
$cmd = '/usr/bin/python3 /usr/share/mpd/maila/manage.py user decode -u '.$_GET['_user'].' -t '.$_GET['_token'];
$output = shell_exec(escapeshellcmd($cmd));
if (!empty($output)){
$out = trim($output);
}
else {
return $args;
}
$args['pass'] = $out;
$args['host'] = 'localhost';
$args['cookiecheck'] = false;
$args['valid'] = true;
}
return $args;
}
}
It works like a charm.