Roundcube Community Forum

 

Auto login from my CMS

Started by giorgi91, October 20, 2011, 07:01:16 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

giorgi91

October 20, 2011, 07:01:16 AM
Hello,
I read some forum posts, there are many different methods, I tried but I cant make auto login for my CMS.

Now I have uploaded this file in plugins:
<?php

/**
 * This plugin performs an automatic login if accessed
 * with post Data from other Site an Portal or CMS
 * Based on sample autologon PlugIn
 *
 * @version 0.2
 * @author Eric Appelt (lacri)
 *
 * show into README to install and config
 *
 * changes
 * 0.2 make a little bit secure with base64_encode strrev
 * and a key thats replace after submitting encoded pass data
 *
 */

class autologin extends rcube_plugin
{

  function init()
  {
    $this->add_hook('startup', array($this'startup'));
    $this->add_hook('authenticate', array($this'authenticate'));
  }

  function startup($args)
  {
    $rcmail rcmail::get_instance();

    $autologin get_input_value('_autologin'RCUBE_INPUT_POST);

    // change action to login
    if ($args['task'] == 'mail' && empty($args['action']) && empty($_SESSION['user_id']) && !empty($autologin)) {
      $args['action'] = 'login';

      // decode pass, revert and replace key
 
  $_POST['_pass'] = str_replace('09GuVtTEQlJk9jxURw&T+&ov','',base64_decode(strrev(get_input_value('_pass'RCUBE_INPUT_POSTtrue'ISO-8859-1'))));

      // set initial cookie without this cookie login is not possible
      $_COOKIE['roundcube_sessid'] = session_id();
    }
    return $args;
  }

  function authenticate($args)
  {
    $autologin get_input_value('_autologin'RCUBE_INPUT_POST);

    if (!empty($autologin)) {
      $args['user'] = get_input_value('_user'RCUBE_INPUT_POST);
      $args['pass'] = get_input_value('_pass'RCUBE_INPUT_POST);
      $args['host'] = get_input_value('_host'RCUBE_INPUT_POST);
    }
    return $args;
  }
}

In my CMS:
<?
// set the passwort in session to fill the hidden login form with revertet and base64 encoded pass
// the *yourkey* must the same string as in autologin.php to replace this after revert and decode
$_SESSION['userpassword'] = strrev(base64_encode('09GuVtTEQlJk9jxURw&T+&ov'."mypassword"));

echo '<form name="roundcubelogin" action="http://mydomain.com/mail/?_task=mail" method="post" target="roundcube">
<input type="hidden" name="_timezone" value="_default_" />
<input type="hidden" name="_task" value="mail" />
<input type="hidden" name="_autologin" value="1" />
<input type="hidden" name="_user" value="[email protected]" />
<input type="hidden" name="_pass" value="'.$_SESSION['userpassword'].'" />
<a href="#" onclick="document.forms.roundcubelogin.submit()">Login</a>
</form>';
?>

Also I edit this
Quote$rcmail_config['plugins'] = array('autologin');

I'm using RC 6.0
What a mistake I made​​?

Thank you

rosali

#1
October 20, 2011, 12:08:59 PM
Plugin_Hooks

Since RC 0.5.1 you need to set in authenticate hook _cookiecheck_ to false and _valid_ to true.
Regards,
Rosali
Print
Go Up Pages1
User actions