I have tried all the post i can find to get RoundCube autologin to work, every time is results in "Your session is invalid or expired."
I added the $args['valid']=true; to the autologin.php file.
Any thoughts?
Why don't you post your autologin.php file.
<?php
/**
* This plugin performs an automatic login if accessed
* with post Data from other Site an Portal or CMS
* Based on sample autologon PlugIn
*
* @version 0.2
* @author Eric Appelt (lacri)
*
* show into README to install and config
*
* changes
* 0.2 make a little bit secure with base64_encode strrev
* and a key thats replace after submitting encoded pass data
*
*/
class autologin extends rcube_plugin
{
function init()
{
$this->add_hook('startup', array($this, 'startup'));
$this->add_hook('authenticate', array($this, 'authenticate'));
}
function startup($args)
{
$rcmail = rcmail::get_instance();
$autologin = get_input_value('_autologin', RCUBE_INPUT_POST);
// change action to login
if ($args['task'] == 'mail' && empty($args['action']) && empty($_SESSION['user_id']) && !empty($autologin)) {
$args['action'] = 'login';
// decode pass, revert and replace key
$_POST['_pass'] = str_replace('1800','',base64_decode(strrev(get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'))));
// set initial cookie without this cookie login is not possible
$_COOKIE['roundcube_sessid'] = session_id();
}
return $args;
}
function authenticate($args)
{
$autologin = get_input_value('_autologin', RCUBE_INPUT_POST);
if (!empty($autologin)) {
$args['user'] = get_input_value('_user', RCUBE_INPUT_POST);
$args['pass'] = get_input_value('_pass', RCUBE_INPUT_POST);
$args['host'] = get_input_value('_host', RCUBE_INPUT_POST);
$args['cookiecheck'] = false;
$args['valid'] = true;
}
return $args;
}
}
Try the following instead of what your using, if you still have problems post the form that submits to RoundCube.
<?php
class autologon extends rcube_plugin
{
public $task = 'login';
function init()
{
$this->add_hook('startup', array($this, 'startup'));
$this->add_hook('authenticate', array($this, 'authenticate'));
}
function startup($args)
{
$rcmail = rcmail::get_instance();
// change action to login
if (empty($_SESSION['user_id']) && !empty($_POST['_autologin']))
$args['action'] = 'login';
return $args;
}
function authenticate($args)
{
if (!empty($_POST['_autologin'])) {
$args['user'] = $_POST['_user'];
$args['pass'] = $_POST['_pass'];
$args['host'] = $_POST['_host'];
$args['cookiecheck'] = false;
$args['valid'] = true;
}
return $args;
}
}
still takes me to "Your session is invalid or expired."
how do i post to roundcube ? does this not?
Are you expecting to just go to RoundCube and be automatically logged in or are you trying to login from a different place like a form on a website?
I have an intranet side that users already log into that already has their loging information stores in a database. I was trying to build a "click here" that logs into the roundcube mail app.
Ah well then your missing some steps, the plugin that you've posted is only setup to accept posts from another form. Where you trying to pass the login information in the link?
Either way (post or get). I had been tryin with a hidden form submit to http://<server ip>/?task=login. The form would fill out everything except the password and the form would error out. But whatever is easier.
Well you'd need to have the password in order to login.
I know, and I would submit it in the form.
Ok then can post the form you are trying to use?
<?
// set the passwort in session to fill the text login form with revertet and base64 encoded pass
// the *yourkey* must the same string as in autologin.php to replace this after revert and decode
echo '<form name="roundcubelogin" action="http://10.145.66.139/roundcube/?_task=mail" method="post" target="roundcube">
<input type="text" name="_timezone" value="_default_" />
<input type="text" name="_task" value="mail" />
<input type="text" name="_autologin" value="1" />
<input type="text" name="_user" value="<email address>" />
<input type="text" name="_host" value="imap.emailsrvr.com:143" />
<input type="text" name="_pass" value="<password>" />
<a href="#" onclick="document.forms.roundcubelogin.submit()">linktext image</a>
</form>';
?>
This is the same code as was given in the plugin sans the removal of the "encrypted" password line
*note .. the username and password were removed.
Ok try this for the autologon.php plugin file:
<?php
class autologon extends rcube_plugin
{
public $task = 'login';
function init()
{
$this->add_hook('startup', array($this, 'startup'));
$this->add_hook('authenticate', array($this, 'authenticate'));
}
function startup($args)
{
$rcmail = rcmail::get_instance();
// change action to login
if (empty($_SESSION['user_id']) && !empty($_POST['_autologin']))
$args['action'] = 'login';
return $args;
}
function authenticate($args)
{
if (!empty($_POST['_autologin'])) {
$args['user'] = $_POST['_user'];
$args['pass'] = str_replace('1800','',base64_decode(strrev(get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'))));
$args['host'] = $_POST['_host'];
$args['cookiecheck'] = false;
$args['valid'] = true;
}
return $args;
}
}
And the following for the form:
echo '<form name="roundcubelogin" action="http://10.145.66.139/roundcube/" method="post" target="roundcube">
<input type="text" name="_autologin" value="1" />
<input type="text" name="_user" value="<email address>" />
<input type="text" name="_host" value="imap.emailsrvr.com:143" />
<input type="text" name="_pass" value="<password>" />
<a href="#" onclick="document.forms.roundcubelogin.submit()">linktext image</a>
</form>';
ok ... that no longer errors, but it just takes me to the login screen and input the information (sans the password) into the form.
Probably the password is wrong. If you replace:
str_replace('1800','',base64_decode(strrev(get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'))))
with the account password in clear text (ie "password") does it work?
i changed it to:
function authenticate($args) {
if (!empty($_POST['_autologin'])) {
$args ['user']= $_POST['_user'];
$args['pass']='<password>';
$args['host']=$_POST['_host'];
$args['cookiecheck']= false;
$args['valid'] = true;
}
return $args;
}
that goes back to returning "your session is invalid or expired"
There shouldn't be a space between $args and ['user'].
there isn't .... miss copied. (i am doing this from a vm)
Ok then add die('<pre>'. print_r($args, true)); before: return $args; and post whats returned after a login attempt.
now reads:
function authenticate($args) {
if (!empty($_POST['_autologin'])) {
$args['user']= $_POST['_user'];
$args['pass']='<password>';
$args['host']=$_POST['_host'];
$args['cookiecheck']= false;
$args['valid'] = true;
}
die ('<pre>'. print_r($args, true));
return $args;
}
That take me back to the login screen with error: "Your session is invalid or expired."
as a side note ... i also tried in the die field die('<pre>'.implode(",",$args)); and die ('<pre>'; print_r($args,true)); I was unsure if php accepted a print_r after a '.'
Hmm it doesn't look like its getting to the authenticate function, try changing the form action to point to http://10.145.66.139/roundcube/?_task=login
that bring me back to login page with everything but the password filled in. No errors. No dump from the die line.
Hmm maybe its doing a ajax post at that point for some reason, its hard to guess without being able to see/test it. Is there anyway I could get test access to it?
Unfortunately no. It is internal only. Does it make any difference that it is most current release of roundcube. Or that the install was done with aptitude? Is there anyway to know that the plugin is working (I have the plugin added to the config file)?
Shame, it shouldn't make a difference that it was installed aptitude and the code should work with any version of the 0.7.x series. You could try this code to see if the plugin is working in its most basic form:
<?php
class autologon extends rcube_plugin
{
function init()
{
$this->add_hook('startup', array($this, 'startup'));
$this->add_hook('authenticate', array($this, 'authenticate'));
}
function startup($args)
{
$rcmail = rcmail::get_instance();
// change action to login
if (empty($_SESSION['user_id']))
$args['action'] = 'login';
return $args;
}
function authenticate($args)
{
$args['user'] = '<username>';
$args['pass'] = '<password>';
$args['host'] = '<host>';
$args['cookiecheck'] = false;
$args['valid'] = true;
return $args;
}
}
That should automatically log you into RoundCube when you go directly to it.
no joy.
That just runs me to the login screen with the username and host pre-filled out ... No error however.
But with that information pre-filled in, if i just add my password, it does login.
after some additional testing ... i am finding that none of the plugins I am adding seem to work. I tired a rather easy one with "html5_notifier" with a chrome browser and got no notification that the plugin was working or trying to work.
The line in the main.inc.php.dist file for plugins reads:
$rcmail_config['plugins'] = array('autologin','html5_notifier');
the plugins directory contains:
autologin , filesystem_attachments, html5_notifier , jqueryui
is there something i am missing?
I am experiencing exactly the same issue as you, and followed all the steps here, unfortunately there's no solution. Still, the rest of the plugins work fine for me (fail2ban, google_ads, and others)
The strange thing is that I can see in the errors file for every time i try the autologon this:
[27-Jun-2012 11:11:34 +0200]: PHP Error: No handler found for action plugin.wrapper in /var/www/webmail.example.com/program/include/rcube_plugin_api.php on line 300 (GET /?_task=mail&_default_width=1000&_screen_width=806&_action=plugin.wrapper)
Quote from: ASeques on June 27, 2012, 05:17:36 AM
I am experiencing exactly the same issue as you, and followed all the steps here, unfortunately there's no solution. Still, the rest of the plugins work fine for me (fail2ban, google_ads, and others)
The strange thing is that I can see in the errors file for every time i try the autologon this:
[27-Jun-2012 11:11:34 +0200]: PHP Error: No handler found for action plugin.wrapper in /var/www/webmail.example.com/program/include/rcube_plugin_api.php on line 300 (GET /?_task=mail&_default_width=1000&_screen_width=806&_action=plugin.wrapper)
Your getting errors form another plugin, try disabling all other plugins and test just the autologin plugin.
Ok, the plugin that caused the log errors was google_ads. Still, it seems that the problem persists afterwards :(
After all I still cannot yet login.
I have been trying on a ubuntu server 10.10 with php 5.3.2, I will try on another server with debian squeeze to see if it could be related.
Finally got the solution, it seems that the parameters were incorrect. That's what I found in my case.
We are passing via POST the variables:
_user,_host,_pass
In my case I passed _host=localhost and in main.inc.php I had 127.0.0.1
In the file program/include/rcmail.php there is this code that validates the default_host, since '127.0.0.1' is different from 'localhost' it simply fails.
It would be much better if it gave a proper error message.
// Validate that selected host is in the list of configured hosts
if (is_array($config['default_host'])) {
$allowed = false;
foreach ($config['default_host'] as $key => $host_allowed) {
if (!is_numeric($key))
$host_allowed = $key;
if ($host == $host_allowed) {
$allowed = true;
break;
}
}
I am trying to prepare a patch so the users with problems get notified, but meanwhile you know my solution.
The bug report was http://trac.roundcube.net/ticket/1488550 and has been fixed only after a couple of days in https://github.com/roundcube/roundcubemail/commit/7c8fd8031038e7958ef4dbb059e86decd6fefa28
Amazing support !
I am Still facing problem.. Your session is in valid or expired..
My autologon script is as under
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<?
$_POST['password'] = 'test@123';
$_SESSION['userpassword'] = strrev(base64_encode('1234'.$_POST
['password']));
?>
<form name="roundcubelogin" action="http://ns2.ctns.info/rcube/?_task=mail" method="post" target="rcube">
<input type="hidden" name="_timezone" value="_default_" />
<input type="hidden" name="_task" value="mail" />
<input type="hidden" name="_autologin" value="1" />
<input type="text" name="_user" value="
[email protected]" />
<input type="password" name="_pass" value="<?echo $_SESSION['userpassword']?>" />
<input type="submit" name="submit" value="SUBMIT" />
</form>
</body>
</html>
user ID and passwordd changed..
My Autologin.php Plugin is as follows
<?php
/**
* This plugin performs an automatic login if accessed
* with post Data from other Site an Portal or CMS
* Based on sample autologon PlugIn
*
* @version 0.2
* @author Eric Appelt (lacri)
*
* show into README to install and config
*
* changes
* 0.2 make a little bit secure with base64_encode strrev
* and a key thats replace after submitting encoded pass data
*
*/
class autologin extends rcube_plugin
{
function init()
{
$this->add_hook('startup', array($this, 'startup'));
$this->add_hook('authenticate', array($this, 'authenticate'));
}
function startup($args)
{
$rcmail = rcmail::get_instance();
$autologin = get_input_value('_autologin', RCUBE_INPUT_POST);
// change action to login
if ($args['task'] == 'mail' && empty($args['action']) && empty($_SESSION['user_id']) && !empty($autologin)) {
$args['action'] = 'login';
// decode pass, revert and replace key
$_POST['_pass'] = str_replace('1234','',base64_decode(strrev(get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'))));
// set initial cookie without this cookie login is not possible
$_COOKIE['roundcube_sessid'] = session_id();
}
return $args;
}
function authenticate($args)
{
$autologin = get_input_value('_autologin', RCUBE_INPUT_POST);
if (!empty($autologin)) {
$args['user'] = get_input_value('_user', RCUBE_INPUT_POST);
$args['pass'] = get_input_value('_pass', RCUBE_INPUT_POST);
$args['host'] = 'localhost';
$args['cookiecheck'] = false;
$args['valid'] = true;
}
die('<pre>'. print_r($args, true));
return $args;
}
}
Hope someone can really help... I need this working desperately.. I am using Windows Platform with Hmailserver and roundcube..
This is what i get in my session logs
[07-Jul-2012 04:16:35 +0530]: Aborted session nuuu14r3a0on62njgns8g356g1; no valid session data found
Regards
You don't need the "$_COOKIE['roundcube_sessid'] = session_id();" line.