Roundcube Community Forum

 

intercepting and re-posting login data?

Started by npaufler, July 10, 2008, 12:46:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

npaufler

July 10, 2008, 12:46:19 PM
I've got a scenario where I want to have a login box on a website where users can put in their username and password, hit submit, and have it log them into Roundcube. That's pretty easy in this simple form, it pretty much just works.

However, I need to extend that functionality. I have more than one mailserver but I'd still like a common login form. My idea was to have an intermediary PHP script that would be the ACTION target of the login form. It could then do an evaluation of the username and then re-POST the data to the Roundcube login form.

I'm using the curl PHP extension for this and it is in theory doable. I've managed to get it to the point where my initial form will post to a 'test' PHP form and I can confirm that the username and password are being correctly submitted. When I try and point it at the Roundcube login, though, it failed.

Initially I was getting an error about my browser not supporting cookies. I was pretty sure it was something to do with how Roundcube expects a session cookie so I tried faking that value and submitting it as part of that. That got me farther, it got rid of the cookie error, but no login happened. No other errors, and I didn't see an attempt in my IMAP log, so i don't think it actually tried to authenticate.

Has anyone done anything like this, or perhaps have some ideas of what I might be missing? I'll reply to this post with some sample code.

Thanks

npaufler

#1
July 10, 2008, 12:48:12 PM
login.html:
Code Select
<html>
<form action=&quot;http://webmail.mydomain.net/post.php&quot; method=&quot;post&quot; name=&quot;rcLogin&quot; id=&quot;rcLogin&quot;>
<input name=&quot;_action&quot; type=&quot;hidden&quot; value=&quot;login&quot;>
E-Mail: <input name=&quot;_user&quot; type=&quot;text&quot;><br />
Password: <input name=&quot;_pass&quot; type=&quot;password&quot;><br />
<center><input name=&quot;button&quot; type=&quot;Submit&quot; value=&quot;Login&quot;></center>
</form>
</html>


post.php:
Code Select
if(isset($_POST['_user']))     $username   = $_POST['_user'];
if(isset($_POST['_pass']))   $password   = $_POST['_pass'];

$cookie = "roundcube_sessid=1077bde6d23ed83a5cbdf24f5bbd2a82";

$Curl_Session = curl_init('http://webmail.mydomain.net/');
curl_setopt ($Curl_Session, CURLOPT_POST, 1);
curl_setopt ($Curl_Session, CURLOPT_AUTOREFERER, 1);
curl_setopt ($Curl_Session, CURLOPT_UNRESTRICTED_AUTH, 1);
curl_setopt ($Curl_Session, CURLOPT_COOKIE, $cookie);

curl_setopt ($Curl_Session, CURLOPT_POSTFIELDS, "_action=login&_user=$username&_pass=$password");
curl_setopt ($Curl_Session, CURLOPT_FOLLOWLOCATION, 1);
curl_exec ($Curl_Session);
curl_close ($Curl_Session);
?>
Print
Go Up Pages1
User actions