|

»

squirrelmail-users

Auto Login in SquirrelMail.

View: New views

5 Messages — Rating Filter: Alert me

	Auto Login in SquirrelMail. by gerry-26 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Is there a way in SquirrelMail to bypass the sign on and pass in the user and password through a query string or Post? I have already authenticated the user on my own site, I would prefer not to have them enter a use rid and password again. Thanks. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@... List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
	Re: Auto Login in SquirrelMail. by Philip Butler :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Gerry, I don't know if this is the right way to do it, but I have done so with: /webmail/src/redirect.php?login_username=$user&secretkey=$pw&just_logged_in=1&js_autodetect_results=0 where $user is the username and $pw is the password (this is a snip from some PHP that I use). I also do a target=_blank to bring it up in a new window. I would be interested in hearing from others to see if this is the "right" way to do it. Phil On Mar 25, 2008, at 8:13 PM, Gerry Lieberwirth wrote: Is there a way in SquirrelMail to bypass the sign on and pass in the user and password through a query string or Post? I have already authenticated the user on my own site, I would prefer not to have them enter a use rid and password again. Thanks. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@... List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@... List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
	Re: Auto Login in SquirrelMail. by Matthew Hardwick-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message How have you already authenticated users? Because I believe there is a plug-in that pulls details from a .htaccess login if that is what you are using. I do it with a PHP page that generates the login form with all elements as hidden fields and then use JavaScript to automatically submit the form. Keeping a "You don't have Javascript so click here" submit button for the form visible so people that don't have it will still see the button. I know this isn't the most secure way in theory - but I have already authenticated the user, and they wouldn't be able to get to that page unless they had already logged in. On 26/03/2008, Philip Butler <butler@...> wrote: > > Gerry, > > > I don't know if this is the right way to do it, but I have done so with: > > > /webmail/src/redirect.php?login_username=$user&secretkey=$pw&just_logged_in=1&js_autodetect_results=0 > > > where $user is the username and $pw is the password (this is a snip from some PHP that I use). > > > > I also do a target=_blank to bring it up in a new window. > > > I would be interested in hearing from others to see if this is the "right" way to do it. > > > Phil > > > > > > > > On Mar 25, 2008, at 8:13 PM, Gerry Lieberwirth wrote: > > > > > > Is there a way in SquirrelMail to bypass the sign on and pass in the user and password through a query string or Post? > I have already authenticated the user on my own site, I would prefer not to have them enter a use rid and password again. > > Thanks.------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace----- > squirrelmail-users mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squirrelmail-users@... > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user > List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > ----- > squirrelmail-users mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squirrelmail-users@... > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user > List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@... List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
	Re: Auto Login in SquirrelMail. by Paul Lesniewski :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Please do not top-post > > Is there a way in SquirrelMail to bypass the sign on and pass in the user > > and password through a query string or Post? > > I have already authenticated the user on my own site, I would prefer not to > > have them enter a use rid and password again. > > I don't know if this is the right way to do it, but I have done so with: > > /webmail/src/redirect.php?login_username=$user&secretkey=$pw&just_logged_in=1&js_autodetect_results=0 Sending the password in a URI is never a good idea. If you're already using PHP and have an authenticated user, the best approach would be to try to set a SquirrelMail key cookie in your code before you redirect to SM. You could rip out most of the needed code from src/redirect.php and then just redirect to src/webmail.php. If directory path issues prevent your other application from setting the cookie in the right place (path), then you can add some code to the top of src/webmail.php that catches un-logged-in (to SquirrelMail) users and get their credentials from your other application and do the work there to set up SM. Yet another possibility that may be less work is to modify src/redirect.php to work with credentials from your other application instead of the typical POST data from the login page. This all is probably possible to do as a SM plugin (please share with the community). > where $user is the username and $pw is the password (this is a snip from > some PHP that I use). > > I also do a target=_blank to bring it up in a new window. > > I would be interested in hearing from others to see if this is the "right" > way to do it. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@... List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
	Re: Auto Login in SquirrelMail. by matthiman :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello I try to do an auto login without using plugin, with the use of cookies : first, users have to log in on our intranet, and after there is a link to connect to SM With SM 1.2, redirect.php was modified like this if (isset($_SESSION['userdata']['utilisateurID'])) {$login_username = $_SESSION['userdata']['utilisateurID'];} if (isset($_SESSION['userdata']['pAssWOrD!'])) {$secretkey = $userdata["pAssWOrD!"];} But in version 1.4.19, now there is sqGetGlobalVar and I don't know how to modify this for use of users cookies... Anyone could help pease ? Thanks Matthieu Paul Lesniewski wrote: Please do not top-post > > Is there a way in SquirrelMail to bypass the sign on and pass in the user > > and password through a query string or Post? > > I have already authenticated the user on my own site, I would prefer not to > > have them enter a use rid and password again. > > I don't know if this is the right way to do it, but I have done so with: > > /webmail/src/redirect.php?login_username=$user&secretkey=$pw&just_logged_in=1&js_autodetect_results=0 Sending the password in a URI is never a good idea. If you're already using PHP and have an authenticated user, the best approach would be to try to set a SquirrelMail key cookie in your code before you redirect to SM. You could rip out most of the needed code from src/redirect.php and then just redirect to src/webmail.php. If directory path issues prevent your other application from setting the cookie in the right place (path), then you can add some code to the top of src/webmail.php that catches un-logged-in (to SquirrelMail) users and get their credentials from your other application and do the work there to set up SM. Yet another possibility that may be less work is to modify src/redirect.php to work with credentials from your other application instead of the typical POST data from the login page. This all is probably possible to do as a SM plugin (please share with the community). > where $user is the username and $pw is the password (this is a snip from > some PHP that I use). > > I also do a target=_blank to bring it up in a new window. > > I would be interested in hearing from others to see if this is the "right" > way to do it. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users