From: Gerry L. <ge...@li...> - 2008-03-26 00:14:09
|
Is there a way in SquirrelMail to bypass the sign on and pass in the user and password through a query string or Post? I have already authenticated the user on my own site, I would prefer not to have them enter a use rid and password again. Thanks. |
From: Philip B. <bu...@gl...> - 2008-03-26 00:35:02
|
Gerry, I don't know if this is the right way to do it, but I have done so with: /webmail/src/redirect.php?login_username=$user&secretkey= $pw&just_logged_in=1&js_autodetect_results=0 where $user is the username and $pw is the password (this is a snip from some PHP that I use). I also do a target=_blank to bring it up in a new window. I would be interested in hearing from others to see if this is the "right" way to do it. Phil On Mar 25, 2008, at 8:13 PM, Gerry Lieberwirth wrote: > Is there a way in SquirrelMail to bypass the sign on and pass in the > user and password through a query string or Post? > I have already authenticated the user on my own site, I would prefer > not to have them enter a use rid and password again. > > Thanks. > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace----- > squirrelmail-users mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squ...@li... > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user > List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users |
From: Matthew H. <mj...@go...> - 2008-03-26 09:06:45
|
How have you already authenticated users? Because I believe there is a plug-in that pulls details from a .htaccess login if that is what you are using. I do it with a PHP page that generates the login form with all elements as hidden fields and then use JavaScript to automatically submit the form. Keeping a "You don't have Javascript so click here" submit button for the form visible so people that don't have it will still see the button. I know this isn't the most secure way in theory - but I have already authenticated the user, and they wouldn't be able to get to that page unless they had already logged in. On 26/03/2008, Philip Butler <bu...@gl...> wrote: > > Gerry, > > > I don't know if this is the right way to do it, but I have done so with: > > > /webmail/src/redirect.php?login_username=$user&secretkey=$pw&just_logged_in=1&js_autodetect_results=0 > > > where $user is the username and $pw is the password (this is a snip from some PHP that I use). > > > > I also do a target=_blank to bring it up in a new window. > > > I would be interested in hearing from others to see if this is the "right" way to do it. > > > Phil > > > > > > > > On Mar 25, 2008, at 8:13 PM, Gerry Lieberwirth wrote: > > > > > > Is there a way in SquirrelMail to bypass the sign on and pass in the user and password through a query string or Post? > I have already authenticated the user on my own site, I would prefer not to have them enter a use rid and password again. > > Thanks.------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace----- > squirrelmail-users mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squ...@li... > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user > List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > ----- > squirrelmail-users mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squ...@li... > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user > List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > |
From: Paul L. <pa...@sq...> - 2008-04-01 02:26:08
|
Please do not top-post > > Is there a way in SquirrelMail to bypass the sign on and pass in the user > > and password through a query string or Post? > > I have already authenticated the user on my own site, I would prefer not to > > have them enter a use rid and password again. > > I don't know if this is the right way to do it, but I have done so with: > > /webmail/src/redirect.php?login_username=$user&secretkey=$pw&just_logged_in=1&js_autodetect_results=0 Sending the password in a URI is never a good idea. If you're already using PHP and have an authenticated user, the best approach would be to try to set a SquirrelMail key cookie in your code before you redirect to SM. You could rip out most of the needed code from src/redirect.php and then just redirect to src/webmail.php. If directory path issues prevent your other application from setting the cookie in the right place (path), then you can add some code to the top of src/webmail.php that catches un-logged-in (to SquirrelMail) users and get their credentials from your other application and do the work there to set up SM. Yet another possibility that may be less work is to modify src/redirect.php to work with credentials from your other application instead of the typical POST data from the login page. This all is probably possible to do as a SM plugin (please share with the community). > where $user is the username and $pw is the password (this is a snip from > some PHP that I use). > > I also do a target=_blank to bring it up in a new window. > > I would be interested in hearing from others to see if this is the "right" > way to do it. |
From: matthiman <mat...@ya...> - 2009-10-28 11:07:16
|
Hello I try to do an auto login without using plugin, with the use of cookies : first, users have to log in on our intranet, and after there is a link to connect to SM With SM 1.2, redirect.php was modified like this if (isset($_SESSION['userdata']['utilisateurID'])) {$login_username = $_SESSION['userdata']['utilisateurID'];} if (isset($_SESSION['userdata']['pAssWOrD!'])) {$secretkey = $userdata["pAssWOrD!"];} But in version 1.4.19, now there is sqGetGlobalVar and I don't know how to modify this for use of users cookies... Anyone could help pease ? Thanks Matthieu Paul Lesniewski wrote: > > Please do not top-post > >> > Is there a way in SquirrelMail to bypass the sign on and pass in the >> user >> > and password through a query string or Post? >> > I have already authenticated the user on my own site, I would prefer >> not to >> > have them enter a use rid and password again. >> >> I don't know if this is the right way to do it, but I have done so with: >> >> /webmail/src/redirect.php?login_username=$user&secretkey=$pw&just_logged_in=1&js_autodetect_results=0 > > Sending the password in a URI is never a good idea. If you're already > using PHP and have an authenticated user, the best approach would be > to try to set a SquirrelMail key cookie in your code before you > redirect to SM. You could rip out most of the needed code from > src/redirect.php and then just redirect to src/webmail.php. If > directory path issues prevent your other application from setting the > cookie in the right place (path), then you can add some code to the > top of src/webmail.php that catches un-logged-in (to SquirrelMail) > users and get their credentials from your other application and do the > work there to set up SM. Yet another possibility that may be less > work is to modify src/redirect.php to work with credentials from your > other application instead of the typical POST data from the login > page. This all is probably possible to do as a SM plugin (please > share with the community). > >> where $user is the username and $pw is the password (this is a snip from >> some PHP that I use). >> >> I also do a target=_blank to bring it up in a new window. >> >> I would be interested in hearing from others to see if this is the >> "right" >> way to do it. > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > ----- > squirrelmail-users mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squ...@li... > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user > List info (subscribe/unsubscribe/change options): > https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > > -- View this message in context: http://www.nabble.com/Auto-Login-in-SquirrelMail.-tp16292466p26092766.html Sent from the squirrelmail-users mailing list archive at Nabble.com. |