[RCU] autologin from other php page

kaifamm at libero.it kaifamm at libero.it
Tue Mar 6 17:01:36 CET 2012


Hi All, 

   it's me again :-) !!!!!!!

I would use roundcube with autologin from another php script. I found the 
plugin "autologin" but it seems to work.
This is my php script :

<!DOCTYPE html>
<html>
<head>
</head>
<body>
<?
$_POST['password'] = 'password in clear and in plain text';
$_SESSION['userpassword'] = strrev(base64_encode('*yourkey*'.$_POST
['password']));
?>
<form name="roundcubelogin" action="http://192.168.254.201/roundcube/?
_task=mail" method="post" target="roundcube">
<input type="hidden" name="_timezone" value="_default_" />
<input type="hidden" name="_task" value="mail" />
<input type="hidden" name="_autologin" value="1" />
<input type="hidden" name="_user" value="mark" />
<input type="hidden" name="_host" value="192.168.254.201:143" />
<input type="hidden" name="_pass" value="<?echo $_SESSION['userpassword']?>" 
/>
<input type="submit" name="submit" value="SUBMIT" />
</form>
</body>
</html>

The plugin autologin.php :

<?php

/**
 * This plugin performs an automatic login if accessed
 * with post Data from other Site an Portal or CMS
 * Based on sample autologon PlugIn
 *
 * @version 0.2
 * @author Eric Appelt (lacri)
 *
 * show into README to install and config
 *
 * changes
 * 0.2 make a little bit secure with base64_encode strrev
 * and a key thats replace after submitting encoded pass data
 *
 */

class autologin extends rcube_plugin
{

  function init()
  {
    $this->add_hook('startup', array($this, 'startup'));
    $this->add_hook('authenticate', array($this, 'authenticate'));
  }

  function startup($args)
  {
    $rcmail = rcmail::get_instance();

    $autologin = get_input_value('_autologin', RCUBE_INPUT_POST);

    // change action to login
    if ($args['task'] == 'mail' && empty($args['action']) && empty($_SESSION
['user_id']) && !empty($autologin)) {
      $args['action'] = 'login';

      // decode pass, revert and replace key
 		  $_POST['_pass'] = str_replace('*yourkey*','',base64_decode(strrev
(get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'))));

      // set initial cookie without this cookie login is not possible
      $_COOKIE['roundcube_sessid'] = session_id();
    }
    return $args;
  }

  function authenticate($args)
  {
    $autologin = get_input_value('_autologin', RCUBE_INPUT_POST);

    if (!empty($autologin)) {
      $args['user'] = get_input_value('_user', RCUBE_INPUT_POST);
      $args['pass'] = get_input_value('_pass', RCUBE_INPUT_POST);
      $args['host'] = get_input_value('_host', RCUBE_INPUT_POST);
    }
    return $args;
  }
}


More information about the users mailing list