-----BEGIN PGP SIGNED MESSAGE-----
Daniel Watts wrote:
>> This kind of thing interests me, and, I believe, is a lot easier than
>> Tomas has made it, depending on setup.
>> Is the portal, and SquirrelMail installation under the same domain? If
>> so, then take a look at the login_auto (or is it auto_login?) plugin.
>> - From your "redirect" page, you can encrypt the user/pass into a cookie,
>> set them to the same name the plugin expects, and redirect to the login
>> If they are not on the same domain, it complicates it just slightly, but
>> the login_auto plugin can be used for a base plugin. The basic steps
>> would be something like this:
>> - -- Portal --
>> 1. Provide link
>> 2. Link loads a redirector page which builds a GUID, and writes the
>> user/pass *encrypted* to a SQL table
>> 3. Portal redirector forwards user to src/login.php?authme=<guid>
>> - -- SM --
>> 1. login_auto hack sees authme=<guid> and redirects user to
>> 2. src/redirect.php triggers before_login hook, and makes a call to your
>> customized version of login_auto.
>> 3. Customized version of login_auto decrypts user/pass from DB, and
>> assigns them to login_username and secretkey
>> 4. SquirrelMail authenticates normally, and nothing else changes
>> This would then allow you to move your code around between versions
>> without having to worry about breaking any new SM versions.
> Thanks for responding to this. My developer went away and thought about
> this a bit more shortly after I first posted. He came up with the
> ingenious solution of using CURL to effectively 'log in'. He then took
> the return headers, set the cookies in his code into the browser, and
> then redirected to webmail.php.
> This works really well. Do you see any problem with doing it this way?
> It certainly saves having to deploy an SQL based solution which I think
> would be more complex to set up than just enabling CURL.
I don't see any issues at all. Whatever works for you, and your
auto-detect function on the login page will be bypassed, so you might
find a few unusual bug reports about things like the spell checker not
working the same. That can easily be worked around by changing the user
fine, even with upgrades.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----