From geuis.teses@gmail.com Sat Jul 14 15:57:33 2007
From: Geuis Teses <geuis.teses@gmail.com>
To: dev@lists.roundcube.net
Subject: Re: login with php script
Date: Tue, 06 Dec 2005 08:58:24 -0500
Message-ID: <756f35140512060558q27902629jddfe2e407d01e512@mail.gmail.com>
In-Reply-To: <200512061347.48131.pavol.cvengros@primeinteractive.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2671846527381746781=="

--===============2671846527381746781==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

This is the response I gave to Shaun Lloyd yesterday. He seemed to be able
to get it working:
I gave the tips, he put together the code.

Couple of things, just to make you aware.

1) make sure that:
       <input name="_user" size="30" type="hidden" value="username" />
       <input name="_pass" size="30" type="hidden" value="password" />
       <input name="_host" size="30" type="hidden" value="host" />
are set with the real username, password, and host. If you don't then you
can't login because it will be sending USERNAME, PASSWORD, and HOST as
actual words to the server. Honestly, this is a security problem because if
you hard-code that information anyone who access that page will be logged
right into that email account. There are ways around this but it would
require a lot of extra coding.
2) make sure you don't have that session ID hard-coded either. Again, if its
not dynamically pulled from roundcube then your app wont work.

<?php
session_start();
?>
<html>
<head>
<script type="text/javascript"
src="program/js/common.js" <http://mail.lloydie.org/program/js/common.js%22>
></script>
<script type="text/javascript"
src="/program/js/app.js" <http://mail.lloydie.org/program/js/app.js%22>
></script>
<script type= "text/javascript">
<!--
var rcmail = new rcube_webmail();
rcmail.set_env('comm_path','?_auth= <http://mail.lloydie.org/?_auth=>
<?session_id()?>&_task=mail');
rcmail.set_env('task', 'login');
rcmail.gui_object('message', 'message');
rcmail.gui_object('loginform', 'form');
//-->
</script>
</head>
<body onload="document.form.submit();">
 <form name="form" action="./" method="post">
   <input type="hidden" name="_auth" value="<?session_id()?>" />
   <input name="_action" value="login" type="hidden" />
   <input name="_user" size="30" type="hidden" value="USERNAME" />
   <input name="_pass" size="30" type="hidden"value="PASSWORD" />
   <input name="_host" size="30" type="hidden" value="HOST" />
 </form>
</body>
</html>

>
>
>



--===============2671846527381746781==
Content-Type: text/html
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="attachment.html"
MIME-Version: 1.0

VGhpcyBpcyB0aGUgcmVzcG9uc2UgSSBnYXZlIHRvIFNoYXVuIExsb3lkIHllc3RlcmRheS4gSGUg
c2VlbWVkIHRvIGJlIGFibGUgdG8gZ2V0IGl0IHdvcmtpbmc6PGJyPkkgZ2F2ZSB0aGUgdGlwcywg
aGUgcHV0IHRvZ2V0aGVyIHRoZSBjb2RlLjxicj48YnI+Q291cGxlIG9mIHRoaW5ncywganVzdCB0
byBtYWtlIHlvdSBhd2FyZS4gPGJyPjxicj4xKSBtYWtlIHN1cmUgdGhhdDo8c3Bhbj48YnI+CiAm
bmJzcDsgJm5ic3A7ICZuYnNwOyZuYnNwOyAmbHQ7aW5wdXQgbmFtZT0mcXVvdDtfdXNlciZxdW90
OyBzaXplPSZxdW90OzMwJnF1b3Q7IHR5cGU9JnF1b3Q7aGlkZGVuJnF1b3Q7IHZhbHVlPSZxdW90
O3VzZXJuYW1lJnF1b3Q7IC8mZ3Q7Cjxicj4gJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7Jmx0
O2lucHV0IG5hbWU9JnF1b3Q7X3Bhc3MmcXVvdDsgc2l6ZT0mcXVvdDszMCZxdW90OyB0eXBlPSZx
dW90O2hpZGRlbiZxdW90OyB2YWx1ZT0mcXVvdDtwYXNzd29yZCZxdW90OyAvJmd0Owo8YnI+ICZu
YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyZsdDtpbnB1dCBuYW1lPSZxdW90O19ob3N0JnF1b3Q7
IHNpemU9JnF1b3Q7MzAmcXVvdDsgdHlwZT0mcXVvdDtoaWRkZW4mcXVvdDsgdmFsdWU9JnF1b3Q7
aG9zdCZxdW90OyAvJmd0Ozxicj48L3NwYW4+YXJlCnNldCB3aXRoIHRoZSByZWFsIHVzZXJuYW1l
LCBwYXNzd29yZCwgYW5kIGhvc3QuIElmIHlvdSBkb24ndCB0aGVuIHlvdQpjYW4ndCBsb2dpbiBi
ZWNhdXNlIGl0IHdpbGwgYmUgc2VuZGluZyBVU0VSTkFNRSwgUEFTU1dPUkQsIGFuZCBIT1NUIGFz
CmFjdHVhbCB3b3JkcyB0byB0aGUgc2VydmVyLiBIb25lc3RseSwgdGhpcyBpcyBhIHNlY3VyaXR5
IHByb2JsZW0KYmVjYXVzZSBpZiB5b3UgaGFyZC1jb2RlIHRoYXQgaW5mb3JtYXRpb24gYW55b25l
IHdobyBhY2Nlc3MgdGhhdCBwYWdlCndpbGwgYmUgbG9nZ2VkIHJpZ2h0IGludG8gdGhhdCBlbWFp
bCBhY2NvdW50LiBUaGVyZSBhcmUgd2F5cyBhcm91bmQKdGhpcyBidXQgaXQgd291bGQgcmVxdWly
ZSBhIGxvdCBvZiBleHRyYSBjb2RpbmcuCjxicj4yKSBtYWtlIHN1cmUgeW91IGRvbid0IGhhdmUg
dGhhdCBzZXNzaW9uIElEIGhhcmQtY29kZWQgZWl0aGVyLgpBZ2FpbiwgaWYgaXRzIG5vdCBkeW5h
bWljYWxseSBwdWxsZWQgZnJvbSByb3VuZGN1YmUgdGhlbiB5b3VyIGFwcCB3b250CndvcmsuPGJy
Pjxicj4mbHQ7P3BocDxicj5zZXNzaW9uX3N0YXJ0KCk7PGJyPj8mZ3Q7PGJyPjxzcGFuIGNsYXNz
PSJxIj4mbHQ7aHRtbCZndDs8YnI+Jmx0O2hlYWQmZ3Q7PGJyPiZsdDtzY3JpcHQgdHlwZT0mcXVv
dDt0ZXh0L2phdmFzY3JpcHQmcXVvdDs8YnI+c3JjPSZxdW90OzxhIG9uY2xpY2s9InJldHVybiB0
b3AuanMuT3BlbkV4dExpbmsod2luZG93LGV2ZW50LHRoaXMpIiBocmVmPSJodHRwOi8vbWFpbC5s
bG95ZGllLm9yZy9wcm9ncmFtL2pzL2NvbW1vbi5qcyUyMiIgdGFyZ2V0PSJfYmxhbmsiPgpwcm9n
cmFtL2pzL2NvbW1vbi5qcyZxdW90OzwvYT4mZ3Q7Jmx0Oy9zY3JpcHQmZ3Q7PGJyPiZsdDtzY3Jp
cHQgdHlwZT0mcXVvdDt0ZXh0L2phdmFzY3JpcHQmcXVvdDs8YnI+c3JjPSZxdW90OzxhIG9uY2xp
Y2s9InJldHVybiB0b3AuanMuT3BlbkV4dExpbmsod2luZG93LGV2ZW50LHRoaXMpIiBocmVmPSJo
dHRwOi8vbWFpbC5sbG95ZGllLm9yZy9wcm9ncmFtL2pzL2FwcC5qcyUyMiIgdGFyZ2V0PSJfYmxh
bmsiPgovcHJvZ3JhbS9qcy9hcHAuanMmcXVvdDs8L2E+Jmd0OyZsdDsvc2NyaXB0Jmd0Ozxicj4m
bHQ7c2NyaXB0IHR5cGU9ICZxdW90O3RleHQvamF2YXNjcmlwdCZxdW90OyZndDs8YnI+Jmx0OyEt
LTxicj52YXIgcmNtYWlsID0gbmV3IHJjdWJlX3dlYm1haWwoKTs8YnI+cmNtYWlsLnNldF9lbnYo
J2NvbW1fcGF0aCcsPC9zcGFuPic8YSBvbmNsaWNrPSJyZXR1cm4gdG9wLmpzLk9wZW5FeHRMaW5r
KHdpbmRvdyxldmVudCx0aGlzKSIgaHJlZj0iaHR0cDovL21haWwubGxveWRpZS5vcmcvP19hdXRo
PSIgdGFyZ2V0PSJfYmxhbmsiPgo/X2F1dGg9PC9hPiZsdDs/c2Vzc2lvbl9pZCgpPyZndDsmYW1w
O190YXNrPW1haWwnKTs8YnI+PHNwYW4gY2xhc3M9InEiPnJjbWFpbC5zZXRfZW52KCd0YXNrJywg
J2xvZ2luJyk7PGJyPnJjbWFpbC5ndWlfb2JqZWN0KCdtZXNzYWdlJywgJ21lc3NhZ2UnKTs8YnI+
cmNtYWlsLmd1aV9vYmplY3QoJ2xvZ2luZm9ybScsICdmb3JtJyk7PGJyPi8vLS0mZ3Q7PGJyPiZs
dDsvc2NyaXB0Jmd0Owo8YnI+Jmx0Oy9oZWFkJmd0Ozxicj4mbHQ7Ym9keSBvbmxvYWQ9JnF1b3Q7
ZG9jdW1lbnQuZm9ybS5zdWJtaXQoKTsmcXVvdDsmZ3Q7PGJyPiAmbmJzcDsmbHQ7Zm9ybSBuYW1l
PSZxdW90O2Zvcm0mcXVvdDsgYWN0aW9uPSZxdW90Ozwvc3Bhbj48c3BhbiBjbGFzcz0iYXR0cmli
dXRlLXZhbHVlIj4uLzwvc3Bhbj4mcXVvdDsgbWV0aG9kPSZxdW90O3Bvc3QmcXVvdDsmZ3Q7PGJy
PjxzcGFuIGNsYXNzPSJxIj4KPC9zcGFuPiAmbmJzcDsgJm5ic3A7Jmx0O2lucHV0IHR5cGU9JnF1
b3Q7aGlkZGVuJnF1b3Q7IG5hbWU9JnF1b3Q7X2F1dGgmcXVvdDsgdmFsdWU9JnF1b3Q7Jmx0Oz9z
ZXNzaW9uX2lkKCk/Jmd0OyZxdW90OyAvJmd0Ozxicj48c3BhbiBjbGFzcz0icSI+ICZuYnNwOyAm
bmJzcDsmbHQ7aW5wdXQgbmFtZT0mcXVvdDtfYWN0aW9uJnF1b3Q7IHZhbHVlPSZxdW90O2xvZ2lu
JnF1b3Q7IHR5cGU9JnF1b3Q7aGlkZGVuJnF1b3Q7IC8mZ3Q7Cjxicj48L3NwYW4+ICZuYnNwOyAm
bmJzcDsmbHQ7aW5wdXQgbmFtZT0mcXVvdDtfdXNlciZxdW90OyBzaXplPSZxdW90OzMwJnF1b3Q7
IHR5cGU9JnF1b3Q7aGlkZGVuJnF1b3Q7IHZhbHVlPSZxdW90O1VTRVJOQU1FJnF1b3Q7IC8mZ3Q7
PGJyPjxzcGFuIGNsYXNzPSJxIj4gJm5ic3A7ICZuYnNwOyZsdDtpbnB1dCBuYW1lPSZxdW90O19w
YXNzJnF1b3Q7IHNpemU9JnF1b3Q7MzAmcXVvdDsgdHlwZT0mcXVvdDtoaWRkZW4mcXVvdDsKPC9z
cGFuPnZhbHVlPSZxdW90O1BBU1NXT1JEJnF1b3Q7IC8mZ3Q7PGJyPjxkaXYgaWQ9Im1iXzIiPiAm
bmJzcDsgJm5ic3A7Jmx0O2lucHV0IG5hbWU9JnF1b3Q7X2hvc3QmcXVvdDsgc2l6ZT0mcXVvdDsz
MCZxdW90OyB0eXBlPSZxdW90O2hpZGRlbiZxdW90OyB2YWx1ZT0mcXVvdDtIT1NUJnF1b3Q7IC8m
Z3Q7PGJyPiAmbmJzcDsmbHQ7L2Zvcm0mZ3Q7PGJyPiZsdDsvYm9keSZndDs8YnI+Jmx0Oy9odG1s
Jmd0OzwvZGl2Pgo8ZGl2PjxibG9ja3F1b3RlIGNsYXNzPSJnbWFpbF9xdW90ZSIgc3R5bGU9ImJv
cmRlci1sZWZ0OiAxcHggc29saWQgcmdiKDIwNCwgMjA0LCAyMDQpOyBtYXJnaW46IDBwdCAwcHQg
MHB0IDAuOGV4OyBwYWRkaW5nLWxlZnQ6IDFleDsiPjxicj48YnI+PC9ibG9ja3F1b3RlPjwvZGl2
Pjxicj4KCg==

--===============2671846527381746781==--