Hi,
Was interested in testing Roundcube prior to installing. Will the demo be up soon?
Also,
Is there a way via roundcube to allow new users to sign up for an email account?
Thanks
Ray
Ray Masa wrote:
Hi,
Was interested in testing Roundcube prior to installing. Will the demo be up soon?
We have to build in some Spam protection functions first to avoid this in future. This will take some days...
Also,
Is there a way via roundcube to allow new users to sign up for an email account?
No, RoundCube is just designed to access existing IMAP accounts.
Thanks
Ray
Regards, Thomas
Couldn't we just disable the send functions (like by killing the
SMPT)? Or limit them in compose.inc by making the _to array (and bcc
and cc) arrays trim to one?
J-dawg
On Dec 13, 2005, at 3:25 AM, Thomas Bruederli wrote:
Ray Masa wrote:
Hi,
Was interested in testing Roundcube prior to installing. Will the
demo be up soon?We have to build in some Spam protection functions first to avoid this in future. This will take some days...
Also,
Is there a way via roundcube to allow new users to sign up for an
email account?No, RoundCube is just designed to access existing IMAP accounts.
Thanks
Ray
Regards, Thomas
Jared W. Alessandroni wrote:
Couldn't we just disable the send functions (like by killing the SMPT)? Or limit them in compose.inc by making the _to array (and bcc and cc) arrays trim to one?
Thats what I intended to do but there's more: when a user tries to enter more recipients the session should be terminated automatically and the IP needs to be blacklisted to complicate a quick re-login.
I want id done right before opening the demo again. Please sorry for these circumstances but spammers are just waiting around the corner...
Regards, Thomas
J-dawg
On Dec 13, 2005, at 3:25 AM, Thomas Bruederli wrote:
Ray Masa wrote:
Hi,
Was interested in testing Roundcube prior to installing. Will the demo
be up soon?
We have to build in some Spam protection functions first to avoid this
in future. This will take some days...
Also,
Is there a way via roundcube to allow new users to sign up for an email
account?
No, RoundCube is just designed to access existing IMAP accounts.
Thanks
Ray
Regards,
Thomas
On 13 Dec 2005, at 15:47, Thomas Bruederli wrote:
Jared W. Alessandroni wrote:
Couldn't we just disable the send functions (like by killing the
SMPT)? Or limit them in compose.inc by making the _to array (and bcc and cc) arrays trim to one?Thats what I intended to do but there's more: when a user tries to
enter more recipients the session should be terminated automatically and the IP needs to be blacklisted to complicate a quick re-login.I want id done right before opening the demo again. Please sorry for these circumstances but spammers are just waiting around the corner...
I'd say it was safer to completely disable sending... otherwise a
spammer could write a script to send a message one-by-one instead of
to many recipients at once. A simple page or notice saying "For
security reason, sending has been disabled in the demo" should be
sufficient. This way there's no worry about blacklisting IPs, or
people somehow getting around any sender restrictions: it's simply
impossible to send anything.
Yours, Craig -- Craig Webster | t: +44 (0)131 516 8595 | e: craig@xeriom.net Xeriom.NET | f: +44 (0)709 287 1902 | w: http://xeriom.net
I agree with you. Just thought that this was a good reason to build some sort of spammer-protection for RoundCube anyway... will keep thinking of it.
Thomas
Craig Webster wrote:
On 13 Dec 2005, at 15:47, Thomas Bruederli wrote:
Jared W. Alessandroni wrote:
Couldn't we just disable the send functions (like by killing the SMPT)? Or limit them in compose.inc by making the _to array (and bcc and cc) arrays trim to one?
Thats what I intended to do but there's more: when a user tries to enter more recipients the session should be terminated automatically and the IP needs to be blacklisted to complicate a quick re-login.
I want id done right before opening the demo again. Please sorry for these circumstances but spammers are just waiting around the corner...
I'd say it was safer to completely disable sending... otherwise a spammer could write a script to send a message one-by-one instead of to many recipients at once. A simple page or notice saying "For security reason, sending has been disabled in the demo" should be sufficient. This way there's no worry about blacklisting IPs, or people somehow getting around any sender restrictions: it's simply impossible to send anything.
Yours, Craig -- Craig Webster | t: +44 (0)131 516 8595 | e: craig@xeriom.net Xeriom.NET | f: +44 (0)709 287 1902 | w: http://xeriom.net
I'd say it was safer to completely disable sending... otherwise a spammer could write a script to send a message one-by-one instead of to many recipients at once. A simple page or notice saying "For security reason, sending has been disabled in the demo" should be sufficient.
Why not just allow sending mails to the demo account? This way everybody can easily see how sending and receiving mails works (as in: looks like..) without endangering the rest of the internet :]
Cheers, Niels
Question:
I'm trying to create my own out-of-directory script for logging into
RC. I tried it myself, and then with the info from
http://lists.dorkzilla.org/archive/roundcube-dev/2005Dec/1352.html
and still haven't been able to get it.
My page does this...
<?php start_session(); ?>
<html head and stuff>
<script type="text/javascript" src="/path-to-roundcube/program/js/ common.js"></script>
<script type="text/javascript" src="/path-to-roundcube/program/js/ app.js"></script>
<script type="text/javascript"> <!-- var rcmail = new rcube_webmail(); rcmail.set_env('comm_path', '/path-to-roundcube/?_auth=<?php print session_id(); ?>&_task=mail'); rcmail.display_message('Read below to learn more about our two development Webmail projects.'); rcmail.set_env('task', 'login'); rcmail.gui_object('message', 'message'); rcmail.gui_object('loginform', 'form'); //--> </script>
Then a login form with the hidden (as well as the _user, _pass
variable as text entry)
<input type="hidden" name="_auth" value="<?php print session_id(); ?
" />
<input name="_action" value="login" type="hidden" />
The form worked when I first copied it, not thinking about session
variables or anything, when that session variable was still active,
so I'm confident that the issue is that the $_auth is not being set
with the JS - please let me know any thoughts you might have 'cause
this is the only thing stopping this baby from going live.
Thanks!
J-dawg
Ok, here's the original chunk of code that is most important:
<body onload="document.form.submit();"> <form name="form" action="./" method="post"> <input type="hidden" name="_auth" value="<?session_id()?>" /> <input name="_action" value="login" type="hidden" /> <input name="_user" size="30" type="hidden" value="USERNAME" /> <input name="_pass" size="30" type="hidden"value="PASSWORD" /> <input name="_host" size="30" type="hidden" value="HOST" /> </form> </body>
You shortened your code example, so I dont know if you did this, but:
- make sure your form action is set to "./"
- make sure you have specified USERNAME, PASSWORD, **and** HOST
- the magic part that makes it login automatically is the <body onload="
document.form.submit();">
If this doesn't help, post the entire page of code you are using instead of just snippets.
-Geuis
On 12/14/05, Jared W. Alessandroni < Jared.W.Alessandroni.03@alum.dartmouth.org> wrote:
Question:
I'm trying to create my own out-of-directory script for logging into RC. I tried it myself, and then with the info from
http://lists.dorkzilla.org/archive/roundcube-dev/2005Dec/1352.html
and still haven't been able to get it.
My page does this...
<?php start_session(); ?>
<html head and stuff>
<script type="text/javascript" src="/path-to-roundcube/program/js/ common.js"></script>
<script type="text/javascript" src="/path-to-roundcube/program/js/ app.js"></script>
<script type="text/javascript"> <!-- var rcmail = new rcube_webmail(); rcmail.set_env('comm_path', '/path-to-roundcube/?_auth=<?php print session_id(); ?>&_task=mail'); rcmail.display_message('Read below to learn more about our two development Webmail projects.'); rcmail.set_env('task', 'login'); rcmail.gui_object('message', 'message'); rcmail.gui_object('loginform', 'form'); //--> </script>
Then a login form with the hidden (as well as the _user, _pass variable as text entry)
<input type="hidden" name="_auth" value="<?php print session_id(); ?
" />
<input name="_action" value="login" type="hidden" />
The form worked when I first copied it, not thinking about session variables or anything, when that session variable was still active, so I'm confident that the issue is that the $_auth is not being set with the JS - please let me know any thoughts you might have 'cause this is the only thing stopping this baby from going live.
Thanks!
J-dawg
It's bit more complicated than that. Actually you have to do what index.php of RoundCube does on the first couple of lines:
$INSTALL_PATH = './';
ini_set('session.name', 'sessid'); ini_set('session.use_cookies', 1);
// include base files // ! make sure the include path is set correctly ! require_once('include/rcube_shared.inc'); require_once('include/rcube_imap.inc'); require_once('include/bugs.inc'); require_once('include/main.inc'); require_once('PEAR.php');
// start roundcube session // this will set the session cookie and define $sess_auth rcmail_startup('dummy');
// print the hidden field with the valid authorization hash // to your page printf('<input type="hidden" name="_auth" value="%s" />', $sess_auth);
I know that this is not a very nice way and I think we will create some API to open a RoundCube session and optain a valid authorization hash form the RoundCube server.
Good luck! Thomas
P.S. The code above is untested.
Jared W. Alessandroni wrote:
Question:
I'm trying to create my own out-of-directory script for logging into RC. I tried it myself, and then with the info from
http://lists.dorkzilla.org/archive/roundcube-dev/2005Dec/1352.html
and still haven't been able to get it.
My page does this...
<?php start_session(); ?>
<html head and stuff>
<script type="text/javascript" src="/path-to-roundcube/program/js/common.js"></script>
<script type="text/javascript" src="/path-to-roundcube/program/js/app.js"></script>
<script type="text/javascript"> <!-- var rcmail = new rcube_webmail(); rcmail.set_env('comm_path', '/path-to-roundcube/?_auth=<?php print session_id(); ?>&_task=mail'); rcmail.display_message('Read below to learn more about our two development Webmail projects.'); rcmail.set_env('task', 'login'); rcmail.gui_object('message', 'message'); rcmail.gui_object('loginform', 'form'); //--> </script>
Then a login form with the hidden (as well as the _user, _pass variable as text entry)
<input type="hidden" name="_auth" value="<?php print session_id(); ?>" /> <input name="_action" value="login" type="hidden" />
The form worked when I first copied it, not thinking about session variables or anything, when that session variable was still active, so I'm confident that the issue is that the $_auth is not being set with the JS - please let me know any thoughts you might have 'cause this is the only thing stopping this baby from going live.
Thanks!
J-dawg
That was totally it - my reason was that I'm letting my users test
out different mail clients from one page (separate logins, but all
from one). It is REALLY unelegant, but I just put the other logins
in the login template - :) I was trying to hack my way into making my
own API, but I don't know the ins and outs yet. Thanks all.
J
On Dec 14, 2005, at 10:00 AM, Thomas Bruederli wrote:
I know that this is not a very nice way and I think we will create
some API to open a RoundCube session and optain a valid authorization hash form the RoundCube server.Good luck! Thomas
P.S. The code above is untested.
-
Craig Webster -
Geuis Teses -
Jared W. Alessandroni -
Niels Ganser -
Ray Masa -
Thomas Bruederli