if (empty($RCMAIL->user->ID)) {
if ($OUTPUT->ajax_call)
$OUTPUT->redirect(array(), 2000);
The above lines in index.php prevent from sending ajax calls ($rcmail->output->command(..)), if the user isn't logged in. I'm wondering, why is it there?
I'm trying to develop a plugin to reset user's password. It's clear that user cannot be logged in at this stage. However, I still want to use roundcube's facilities to render standard forms, send requests and handle responses.
Can't you set a dummy user id?
Quote from: rosali;32428Can't you set a dummy user id?
I could. But it's dirty and hacky and it's not the way it should be done.
And I could even hack the core and make an exception for my actions and maintain my own patch. But the question still remains, for what reason is it there?
I think it is just there due to security reasons. It locks Roundcube for any AJAX requests unless there is an authenticated session. I don't believe devs will remove it. So I suggest to be 'hacky'.