Roundcube Community Forum

 

Need help with auto login or auto signup !

Started by sirola, October 10, 2006, 09:48:28 AM

Previous topic - Next topic

aclertant

hello Stevie,

I tried to simplify my process and I'm not sure if your script work well :-[
Because on a simple page like that :
test.html
<!DOCTYPE html PUBLIC &quot;-//W3C//DTD XHTML 1.0 Transitional//EN&quot; &quot;[url]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd&quot;>[/url]
<html xmlns=&quot;[url]http://www.w3.org/1999/xhtml&quot;>[/url]
<head>
<meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=iso-8859-1&quot; />
<title>Logging You In..</title>
</head>
<body onload=&quot;document.login.submit();&quot;>
<center>Please Wait..</center>
<form id=&quot;login&quot; name=&quot;login&quot; method=&quot;post&quot; action=&quot;[url]http://www.mydomain.com/webmail/index.php&quot;>[/url]
<input type=&quot;hidden&quot; name=&quot;_action&quot; value=&quot;login&quot; />
<input type=&quot;hidden&quot; name=&quot;_user&quot; value=&quot;itineris1&quot; />
<input type=&quot;hidden&quot; name=&quot;_pass&quot; value=&quot;itineris&quot; />
</form>
</body>
</html>

I got the "your browser does not accept cookies" message.
And I try from a new computer with IE7 and FF both failled.

But if you retry the test.html url (and leave the index webmail) then it work ...

It mean that at the first load his make the cookie and display the erreur, and the second time every things work well :P


May I ask you again ::) I realy would love to see this webmail working.

sincerly Andre

aclertant

Hello,

So I look at the RC process and I found the solution 8)

The Stevie script is almost good ;) just miss a small thing because in the index.php of RC there is a test about session.. so that why sometimes it's work (because a session steal activate) or not if there is no session able.

This script is working for me as well inside an IFRAME under IE and FF and on a new computer with db empty.

test.php (ya must be php)
<?php
session_start
();
session_register(&quot;user_id&quot;);
$_SESSION['user_id'] = '';
?>

<!DOCTYPE html PUBLIC &quot;-//W3C//DTD XHTML 1.0 Transitional//EN&quot; &quot;[url]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd&quot;>[/url]
<html xmlns=&quot;[url]http://www.w3.org/1999/xhtml&quot;>[/url]
<head>
<title>welcome</title>
</head>
<body onload=&quot;document.form.submit();&quot;>
<form name=&quot;form&quot; action=&quot;[url]http://www.yourdomain.com/webmail/&quot;[/url] method=&quot;post&quot;>
<input name=&quot;_action&quot; value=&quot;login&quot; type=&quot;hidden&quot; />
<input type=&quot;hidden&quot; id=&quot;rcmloginuser&quot; name=&quot;_user&quot; value=&quot;your_login&quot; />
<input type=&quot;hidden&quot; id=&quot;rcmloginpwd&quot; name=&quot;_pass&quot; value=&quot;your_pwd&quot; />
</form>
</body>
</html>

Actualy I'm using this in an Iframe like this.



test.php
session_start();
session_register("user_id");
$_SESSION['user_id'] = '';

$mylogin = $_GET['mylogin'];
$mypwd = $_GET['mypwd'];
?>
[/url]
[/url]

welcome




" />
" />



Thanks you very much Stevie you was first on the good way ;)
Hope this help you
AndrÃÃ,©

Bradleyenator

Quote from: helga search in index.php:

else if (isset($_POST['_user']) && isset($_POST['_pass']) &&
      rcmail_login(get_input_value('_user', RCUBE_INPUT_POST), $_POST['_pass'], $host))
  {

change to:

else if (isset($_REQUEST['_user']) && isset($_REQUEST['_pass']) &&
      rcmail_login(get_input_value('_user', RCUBE_INPUT_POST), $_REQUEST['_pass'], $host))
  {

Actually you also need to make another small change for this to work. You need to change the RCUBE_INPUT_POST to GET
But then that means that if you login via the normal form it doesn't work. So below is what I did.

// try to log in
if ($_action=='login' && $_task=='mail') {
 $host = rcmail_autoselect_host();
 
 // check if client supports cookies
 if (empty($_COOKIE)) {
  show_message("cookiesdisabled", 'warning');

 } else if (isset($_REQUEST['_user']) && isset($_REQUEST['_pass'])) {
//Check Auth Details.
if (rcmail_login(get_input_value('_user', RCUBE_INPUT_POST), get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host)) {
// send redirect
  header("Location: $COMM_PATH");
  exit;
} elseif (rcmail_login(get_input_value('_user', RCUBE_INPUT_GET), get_input_value('_pass', RCUBE_INPUT_GET, true, 'ISO-8859-1'), $host)) {
// send redirect
  header("Location: $COMM_PATH");
  exit;
} else {
  show_message("loginfailed", 'warning');
  $_SESSION['user_id'] = '';
}

 } else {
  show_message("loginfailed", 'warning');
  $_SESSION['user_id'] = '';
 }
}

Then you can either login normally or via a link.
Eg: http://domain.com/roundcube/index.php?_user=[USERNAME]&_pass=[PASSWORD]&_action=login

To log the user in automatically I just included RC in an iframe and populated the SRC attribute of the iframe with the correct username and password obtained from MY user database.

That all works fine however due to it being in an Iframe, IE has a heart attack because it is getting a Third Party cookie from RC. I have yet to find a solution to this apart from lowering the Privacy settings in IE to allow Third Party cookies.

Just wondering has anyone got plans for incorporating a P3P Privacy Policy because i believe this would solve the issue.

minoan

The Session:

<?php 
session_start
();
session_register(&quot;user_id&quot;);
$_SESSION['user_id'] = ''
?>

Doesn't seem to solve the problem! :-\
Any other suggestions?

minoan

Id did this:
// try to log in
if ($_action=='login' && $_task=='mail')
 {
 $host = rcmail_autoselect_host();
 
 // check if client supports cookies
 //if (empty($_COOKIE))
  //{
  //show_message(&quot;cookiesdisabled&quot;, 'warning');
  //}
 //else
  if (isset($_POST['_user']) && isset($_POST['_pass']) &&
      rcmail_login(get_input_value('_user', RCUBE_INPUT_POST),
       get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host))
  {
  // send redirect
  header(&quot;Location: $COMM_PATH&quot;);
  exit;
  }
 else
  {
  show_message(&quot;loginfailed&quot;, 'warning');
  $_SESSION['user_id'] = '';
  }
 }
Now works perfect but it doesn't check for the cookie! I think that is not something which is needed!