[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-devel
Subject:    Re: [SM-DEVEL] Remote One Click Login
From:       Daniel Watts <d () nielwatts ! com>
Date:       2007-06-20 15:23:25
Message-ID: 4679466D.3020304 () nielwatts ! com
[Download RAW message or body]

Tomas Kuliavas wrote:
>> Could you possibly help with a problem we have?
>>
>> We have a general portal system that uses the same username/password as 
>> our email accounts. We would like the portal to contain a link "Open 
>> Webmail" which will open a squirrelmail page in a new browser window 
>> without requiring an additional login.
>>
>> We have a way which works but it involves the link which opens a new 
>> launch page which looks up the authentication details from the session 
>> and does a header(Location: x) redirect.
>>
>> This, however, briefly shows all the authentication details in a '?get' 
>> string in the address bar - unprofessional and a security risk.
>>
>> Any better ideas? We'd rather not hack the sqm source.
> 
> You don't have to read entire SquirrelMail source code. All login code is in two
> scripts (functions/strings.php and src/redirect.php). Other code (functions from
> functions/global.php) can be reproduced by reading SquirrelMail documentation
> and checking SquirrelMail session cookie name.

Hi Tomas - I didn't mean we didn't want to read the code I just didn't 
want to make changes to it within our systems. It just never occurred to 
me to basically replicate what redirect.php within our own script!

Thank you very very much for the really helpful answer shown below.

Best wishes,
Daniel

> 
> ----
> ini_set('session.name' , 'SQMSESSID');
> session_start();
> $username = 'some-username';
> $password = 'some-password';
> $_SESSION['username'] = $username;
> $_SESSION['delimiter'] = '/';
> $_SESSION['base_uri'] = '/squirrelmail-1.4.10/';
> $_SESSION['user_is_logged_in'] = true;
> $_SESSION['just_logged_in'] = true;
> 
> sqauth_save_password($password);
> session_write_close();
> header('Location: http://www.example.org/squirrelmail-1.4.10/src/webmail.php');
> exit();
> ----
> 
> sqauth_save_password(), OneTimePadCreate() are OneTimePadEncrypt() are licensed
> under GPL. All three can be reverse engineered with minimal efforts.
> sq_mt_randomize() is not needed for PHP 4.2.0+.  attachment_common_parse(),
> expired session and javascript issues you can solve yourself by checking code in
> src/redirect.php





-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
--
squirrelmail-devel mailing list
Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: squirrelmail-devel@lists.sourceforge.net
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.devel
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=7139
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel
[prev in list] [next in list] [prev in thread] [next in thread]