Roundcube Community Forum

 

Login with GET Parameters

Started by ANGDIC, March 30, 2011, 04:51:33 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

ANGDIC

March 30, 2011, 04:51:33 AM
HI,

does anyone know how to login via GET  variables in url skipping the login page?

Thank you so much?

alec

#1
March 30, 2011, 05:15:42 AM
You can write a simple plugin.

ANGDIC

#2
March 30, 2011, 05:39:10 AM
Can you give me an example?

SKaero

#3
March 30, 2011, 11:40:54 AM
Here an auto login plugin http://trac.roundcube.net/browser/trunk/plugins/autologon/autologon.php you could modify it to login with url variables.

corbosman

#4
March 31, 2011, 03:21:16 AM
You really dont want to use GET for that. That would expose the password to possible third parties like proxies and also to logfiles.

ANGDIC

#5
April 01, 2011, 02:38:48 AM
class myautologin extends rcube_plugin
{
  public $task = 'login';
 
  function init()
  {
   $this->add_hook('startup', array($this, 'startup'));
    $this->add_hook('authenticate', array($this, 'authenticate'));
  }
 
  function startup($args)
     {
       $rcmail = rcmail::get_instance();
   
       // change action to login
       if (empty($_SESSION['user_id']) && !empty($_GET['_autologin']))
         $args['action'] = 'login';
   
       return $args;
     }
 
  function authenticate($args)
  {
   if (!empty($_GET['_user']) && $this->is_localhost()) {
         $args['user'] = $_GET['_user'];
         $args['pass'] = $_GET['_pass'];
    $args['valid'] = true;
   
    return $args;
    }
  }
}

Where are errors?
thks

ANGDIC

#6
April 01, 2011, 03:13:29 AM
class myautologin extends rcube_plugin
{
  public $task = 'login';
 
  function init()
  {
   $this->add_hook('startup', array($this, 'startup'));
    $this->add_hook('authenticate', array($this, 'authenticate'));
  }
 
  function startup($args)
     {
       $rcmail = rcmail::get_instance();
   
       // change action to login
       if (empty($_SESSION['user_id']) && !empty($_GET['_user']))
         $args['action'] = 'login';
   
       return $args;
     }
 
  function authenticate($args)
  {
   if (!empty($_GET['_user'])) {
         $args['user'] = $_GET['_user'];
         $args['pass'] = $_GET['_pass'];
    $args['valid'] = true;
   
    return $args;
    }
  }
}

rosali

#7
April 02, 2011, 04:38:04 PM
Just a side note:

Use ...


get_input_value('_user'RCUBE_INPUT_GPC)


... Dev_PHPCommons ? Roundcube Webmail ...

Please consider comment by Cor Bosman. You should never use GET params
unless you are on a INTRANET. Using get to transmit Login credentials opens
all backdoors.
Regards,
Rosali
Print
Go Up Pages1
User actions