Check remotely if username/password correct in roundcube

pkleczek · April 19, 2012, 12:33:47 PM

The task is:
as an input I get e-mail address and password and all I need to do is to check on a webmail server (which is not a part of my service) whether the data are valid ( = it is possible to log in).
The idea behind it is to authenticate users on my website using their existing e-mail accounts.

I've tried to simply prepare an appropriate header, send a request and analyze the response code, but I receive 200 (= login failed) instead of 302 even if I use my proper login data.
Is it at all possible to do such an operation using cURL and if yes, then what should I change in the following snippet? Should I set some cookies or what?

$url = "https://poczta.agh.edu.pl/";

$fields = array(
            '_task'     => urlencode("login"),
            '_action'   => urlencode("login"),
            '_timezone' => urlencode("1"),
            '_dstactive'=> urlencode("1"),
            '_url'      => urlencode(""),
            '_user'     => urlencode("[email protected]"),
            '_pass'     => urlencode("my_password")
        );

$fields_string = "";
foreach($fields as $key=>$value) {
    $fields_string .= $key.'='.$value.'&';
    }

rtrim($fields_string,'&');

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);

curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

$result = curl_exec($ch);

echo "ERROR: " . curl_error($ch) . "<br>";

$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

echo "HTTP code : " . $httpCode . "<br>";

SKaero · April 19, 2012, 03:51:53 PM

I think you'd need to setup a RoundCube plugin to send back if the login was successful or not, you'll need a plugin anyways to disable the cookie check. Check out the Auto Login plugin http://trac.roundcube.net/browser/trunk/roundcubemail/plugins/autologon/autologon.php you should be able to modify it to meet your needs.

pkleczek · April 21, 2012, 01:07:23 AM

Hm.. what do you mean by "setting up a RoundCube plugin"? Well, I don't have any access to internal settings of the RC I want to use, so I guess all I can do is to mimic the behavior of a browser.
I thought that maybe adding these two parameters (cookiecheck, valid) from the autologin plugin to my POST request will do the trick but no...

SKaero · April 21, 2012, 04:01:11 AM

If you don't have access to RoundCube you wont be able to login to RoundCube from your custom form.

pkleczek · April 24, 2012, 01:49:36 AM

OK, thanks a lot. This short answer has saved me a lot of hours of work which would be wasted : )

Check remotely if username/password correct in roundcube

pkleczek

SKaero

pkleczek

SKaero

pkleczek