From: Brock N. <nol...@um...> - 2004-03-30 19:06:44
|
Can't you just create a session just like Ilohamail and store in in the same place (DB or FS). Then pass the session just like Ilohamail. That way you will be completely integrated. On 30 Mar 2004, NGUYEN DINH Quoc-Huy wrote: > Suppose my visitor is login in my site. He doesn't want to check mail > yet, go somewhere in the site > and then go in Ilohamail. So if i want to pass user/host/pass to > ilohamail, I have to store them somewhere to > keep them during the surf. > > Even though I keep them until he goes to Ilohamail. My site should post > the user/host/pass for him. > If he goes back to the site, surf again, and goes again to Ilohamail, my > site should post the u/h/p again > in clear text... > Cuz, if I'm right, I can't go to an existing session by doing > http://ilohamail.url/index.php?user=XXXXXX-XXX > but I can go directly to http://...../contacts.php?user=XXXXXXX-XXX > Every time I come to index.php, it asks for login/pass although the > session is still opened. > > Ryo Chijiiwa wrote: > > >This comes up occasionally, particularly from people trying to integrate > >IlohaMail into existing portal/CMS-type sites... > > > >I can't give you a HOWTO, but I can provide some background information > >on how sessions are handled in IlohaMail, which may or may not help. > > > >When a user logs into IlohaMail, a session ID and random encryption key > >are generated. The user's user name, host and password are encrypted > >with this key, and stored in the backend. The session ID is passed > >around as $user or $session in GET and POST variables, and is used to > >retrieve the encrypted info. The encryption key is passed around as a > >cookie, and is used to decrypt the encrypted information, which is then > >used to access the mail server. That means the user/host/pass is > >communicated in cleartext once, and only once, at the very beginning. > >After logging out, the session info (i.e. encrypted data) is removed > >from the backend. Encryption keys are handled slightly differently in > >cases when cookies aren't enabled/supported, but that's a minor > >implementation detail. > > > >To integrate this session authentication mechanism into exsiting > >frameworks, you would have to have the user enter their email > >user/host/pass upon initial login to the site, and then pass on to > >IlohaMail, or otherwise have the credentials saved permanently in the > >backend (which isn't recommended). > > > >Ryo > > > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Ilohamail-users mailing list > Ilo...@li... > https://lists.sourceforge.net/lists/listinfo/ilohamail-users > |
From: Brock N. <nol...@um...> - 2004-03-30 19:43:54
|
when users login to your site can't you initiate a Ilohamail session by opening the website with fopen but never outputing it the result. Then you might be able to pass the session to Ilohamail. On 30 Mar 2004, NGUYEN DINH Quoc-Huy wrote: > I can't pass the session to index.php, it just asks me to login again > > Brock Noland wrote: > > >Can't you just create a session just like Ilohamail and store in in the > >same place (DB or FS). Then pass the session just like Ilohamail. That way > >you will be completely integrated. > > > >On 30 Mar 2004, NGUYEN DINH Quoc-Huy wrote: > > > > > >>Suppose my visitor is login in my site. He doesn't want to check mail > >>yet, go somewhere in the site > >>and then go in Ilohamail. So if i want to pass user/host/pass to > >>ilohamail, I have to store them somewhere to > >>keep them during the surf. > >> > >>Even though I keep them until he goes to Ilohamail. My site should post > >>the user/host/pass for him. > >>If he goes back to the site, surf again, and goes again to Ilohamail, my > >>site should post the u/h/p again > >>in clear text... > >>Cuz, if I'm right, I can't go to an existing session by doing > >>http://ilohamail.url/index.php?user=XXXXXX-XXX > >>but I can go directly to http://...../contacts.php?user=XXXXXXX-XXX > >>Every time I come to index.php, it asks for login/pass although the > >>session is still opened. > >> > >>Ryo Chijiiwa wrote: > >> > >> > >> > >>>This comes up occasionally, particularly from people trying to integrate > >>>IlohaMail into existing portal/CMS-type sites... > >>> > >>>I can't give you a HOWTO, but I can provide some background information > >>>on how sessions are handled in IlohaMail, which may or may not help. > >>> > >>>When a user logs into IlohaMail, a session ID and random encryption key > >>>are generated. The user's user name, host and password are encrypted > >>>with this key, and stored in the backend. The session ID is passed > >>>around as $user or $session in GET and POST variables, and is used to > >>>retrieve the encrypted info. The encryption key is passed around as a > >>>cookie, and is used to decrypt the encrypted information, which is then > >>>used to access the mail server. That means the user/host/pass is > >>>communicated in cleartext once, and only once, at the very beginning. > >>>After logging out, the session info (i.e. encrypted data) is removed > >>> > >>> > >>>from the backend. Encryption keys are handled slightly differently in > >> > >> > >>>cases when cookies aren't enabled/supported, but that's a minor > >>>implementation detail. > >>> > >>>To integrate this session authentication mechanism into exsiting > >>>frameworks, you would have to have the user enter their email > >>>user/host/pass upon initial login to the site, and then pass on to > >>>IlohaMail, or otherwise have the credentials saved permanently in the > >>>backend (which isn't recommended). > >>> > >>>Ryo > >>> > >>> > >>> > >>> > >> > >>------------------------------------------------------- > >>This SF.Net email is sponsored by: IBM Linux Tutorials > >>Free Linux tutorial presented by Daniel Robbins, President and CEO of > >>GenToo technologies. Learn everything from fundamentals to system > >>administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > >>_______________________________________________ > >>Ilohamail-users mailing list > >>Ilo...@li... > >>https://lists.sourceforge.net/lists/listinfo/ilohamail-users > >> > >> > >> > > > > > > > > > >------------------------------------------------------- > >This SF.Net email is sponsored by: IBM Linux Tutorials > >Free Linux tutorial presented by Daniel Robbins, President and CEO of > >GenToo technologies. Learn everything from fundamentals to system > >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > >_______________________________________________ > >Ilohamail-users mailing list > >Ilo...@li... > >https://lists.sourceforge.net/lists/listinfo/ilohamail-users > > > > > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Ilohamail-users mailing list > Ilo...@li... > https://lists.sourceforge.net/lists/listinfo/ilohamail-users > |
From: NGUYEN D. Quoc-H. <sn...@nt...> - 2004-03-30 20:06:09
|
Yes I can do that. But the problem is if I got back to lohamail with http://..../index.php?user=session_number Ilohamail ask me again for login Brock Noland wrote: >when users login to your site can't you initiate a Ilohamail session by >opening the website with fopen but never outputing it the result. Then you >might be able to pass the session to Ilohamail. > >On 30 Mar 2004, NGUYEN DINH Quoc-Huy wrote: > > >>I can't pass the session to index.php, it just asks me to login again >> >>Brock Noland wrote: >> >> >> >>>Can't you just create a session just like Ilohamail and store in in the >>>same place (DB or FS). Then pass the session just like Ilohamail. That >>> >>> >way > > >>>you will be completely integrated. >>> >>>On 30 Mar 2004, NGUYEN DINH Quoc-Huy wrote: >>> >>> >>> >>> >>>>Suppose my visitor is login in my site. He doesn't want to check mail >>>>yet, go somewhere in the site >>>>and then go in Ilohamail. So if i want to pass user/host/pass to >>>>ilohamail, I have to store them somewhere to >>>>keep them during the surf. >>>> >>>>Even though I keep them until he goes to Ilohamail. My site should post >>>> >>>> > > > >>>>the user/host/pass for him. >>>>If he goes back to the site, surf again, and goes again to Ilohamail, >>>> >>>> >my > > >>>>site should post the u/h/p again >>>>in clear text... >>>>Cuz, if I'm right, I can't go to an existing session by doing >>>>http://ilohamail.url/index.php?user=XXXXXX-XXX >>>>but I can go directly to http://...../contacts.php?user=XXXXXXX-XXX >>>>Every time I come to index.php, it asks for login/pass although the >>>>session is still opened. >>>> >>>>Ryo Chijiiwa wrote: >>>> >>>> >>>> >>>> >>>> >>>>>This comes up occasionally, particularly from people trying to >>>>> >>>>> >integrate > > >>>>>IlohaMail into existing portal/CMS-type sites... >>>>> >>>>>I can't give you a HOWTO, but I can provide some background >>>>> >>>>> >information > > >>>>>on how sessions are handled in IlohaMail, which may or may not help. >>>>> >>>>>When a user logs into IlohaMail, a session ID and random encryption >>>>> >>>>> >key > > >>>>>are generated. The user's user name, host and password are encrypted >>>>>with this key, and stored in the backend. The session ID is passed >>>>>around as $user or $session in GET and POST variables, and is used to >>>>>retrieve the encrypted info. The encryption key is passed around as a >>>>>cookie, and is used to decrypt the encrypted information, which is >>>>> >>>>> >then > > >>>>>used to access the mail server. That means the user/host/pass is >>>>>communicated in cleartext once, and only once, at the very beginning. >>>>>After logging out, the session info (i.e. encrypted data) is removed >>>>> >>>>> >>>>> >>>>> >>>>>from the backend. Encryption keys are handled slightly differently in >>>> >>>> >>>> >>>> >>>>>cases when cookies aren't enabled/supported, but that's a minor >>>>>implementation detail. >>>>> >>>>>To integrate this session authentication mechanism into exsiting >>>>>frameworks, you would have to have the user enter their email >>>>>user/host/pass upon initial login to the site, and then pass on to >>>>>IlohaMail, or otherwise have the credentials saved permanently in the >>>>>backend (which isn't recommended). >>>>> >>>>>Ryo >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>------------------------------------------------------- >>>>This SF.Net email is sponsored by: IBM Linux Tutorials >>>>Free Linux tutorial presented by Daniel Robbins, President and CEO of >>>>GenToo technologies. Learn everything from fundamentals to system >>>>administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >>>>_______________________________________________ >>>>Ilohamail-users mailing list >>>>Ilo...@li... >>>>https://lists.sourceforge.net/lists/listinfo/ilohamail-users >>>> >>>> >>>> >>>> >>>> >>> >>> >>>------------------------------------------------------- >>>This SF.Net email is sponsored by: IBM Linux Tutorials >>>Free Linux tutorial presented by Daniel Robbins, President and CEO of >>>GenToo technologies. Learn everything from fundamentals to system >>>administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >>>_______________________________________________ >>>Ilohamail-users mailing list >>>Ilo...@li... >>>https://lists.sourceforge.net/lists/listinfo/ilohamail-users >>> >>> >>> >>> >>> >> >>------------------------------------------------------- >>This SF.Net email is sponsored by: IBM Linux Tutorials >>Free Linux tutorial presented by Daniel Robbins, President and CEO of >>GenToo technologies. Learn everything from fundamentals to system >>administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >>_______________________________________________ >>Ilohamail-users mailing list >>Ilo...@li... >>https://lists.sourceforge.net/lists/listinfo/ilohamail-users >> >> >> > > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials >Free Linux tutorial presented by Daniel Robbins, President and CEO of >GenToo technologies. Learn everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Ilohamail-users mailing list >Ilo...@li... >https://lists.sourceforge.net/lists/listinfo/ilohamail-users > > > |
From: Brock N. <nol...@um...> - 2004-03-30 20:37:34
|
I see. I have a similar problem. When I login with the wrong user name and password and then try it with the correct username and password it keeps coming back the login screen with no error message. I have to open a new browser (to kill the globals/sessions?????) before it works. For you: http://..../index.php?user=3Dsession_number *might* not work if the Ilohamail index page only accepts that variable via POST. Have tried posting it to the index page? I am not a delevoper so I am just guessing. Brock On 3/30/2004, "NGUYEN DINH Quoc-Huy" <sn...@nt...> wrote: >Yes I can do that. >But the problem is if I got back to lohamail with >http://..../index.php?user=3Dsession_number >Ilohamail ask me again for login > >Brock Noland wrote: > >>when users login to your site can't you initiate a Ilohamail session by >>opening the website with fopen but never outputing it the result. Then you >>might be able to pass the session to Ilohamail. >> >>On 30 Mar 2004, NGUYEN DINH Quoc-Huy wrote: >> >> >>>I can't pass the session to index.php, it just asks me to login again >>> >>>Brock Noland wrote: >>> >>> >>> >>>>Can't you just create a session just like Ilohamail and store in in the >>>>same place (DB or FS). Then pass the session just like Ilohamail. That >>>> >>>> >>way >> >> >>>>you will be completely integrated. >>>> >>>>On 30 Mar 2004, NGUYEN DINH Quoc-Huy wrote: >>>> >>>> >>>> >>>> >>>>>Suppose my visitor is login in my site. He doesn't want to check mail >>>>>yet, go somewhere in the site >>>>>and then go in Ilohamail. So if i want to pass user/host/pass to >>>>>ilohamail, I have to store them somewhere to >>>>>keep them during the surf. >>>>> >>>>>Even though I keep them until he goes to Ilohamail. My site should post >>>>> >>>>> >> >> >> >>>>>the user/host/pass for him. >>>>>If he goes back to the site, surf again, and goes again to Ilohamail, >>>>> >>>>> >>my >> >> >>>>>site should post the u/h/p again >>>>>in clear text... >>>>>Cuz, if I'm right, I can't go to an existing session by doing >>>>>http://ilohamail.url/index.php?user=3DXXXXXX-XXX >>>>>but I can go directly to http://...../contacts.php?user=3DXXXXXXX-XXX >>>>>Every time I come to index.php, it asks for login/pass although the >>>>>session is still opened. >>>>> >>>>>Ryo Chijiiwa wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>This comes up occasionally, particularly from people trying to >>>>>> >>>>>> >>integrate >> >> >>>>>>IlohaMail into existing portal/CMS-type sites... >>>>>> >>>>>>I can't give you a HOWTO, but I can provide some background >>>>>> >>>>>> >>information >> >> >>>>>>on how sessions are handled in IlohaMail, which may or may not help. >>>>>> >>>>>>When a user logs into IlohaMail, a session ID and random encryption >>>>>> >>>>>> >>key >> >> >>>>>>are generated. The user's user name, host and password are encrypted >>>>>>with this key, and stored in the backend. The session ID is passed >>>>>>around as $user or $session in GET and POST variables, and is used to >>>>>>retrieve the encrypted info. The encryption key is passed around as a >>>>>>cookie, and is used to decrypt the encrypted information, which is >>>>>> >>>>>> >>then >> >> >>>>>>used to access the mail server. That means the user/host/pass is >>>>>>communicated in cleartext once, and only once, at the very beginning. >>>>>>After logging out, the session info (i.e. encrypted data) is removed >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>from the backend. Encryption keys are handled slightly differently in >>>>> >>>>> >>>>> >>>>> >>>>>>cases when cookies aren't enabled/supported, but that's a minor >>>>>>implementation detail. >>>>>> >>>>>>To integrate this session authentication mechanism into exsiting >>>>>>frameworks, you would have to have the user enter their email >>>>>>user/host/pass upon initial login to the site, and then pass on to >>>>>>IlohaMail, or otherwise have the credentials saved permanently in the >>>>>>backend (which isn't recommended). >>>>>> >>>>>>Ryo >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>------------------------------------------------------- >>>>>This SF.Net email is sponsored by: IBM Linux Tutorials >>>>>Free Linux tutorial presented by Daniel Robbins, President and CEO of >>>>>GenToo technologies. Learn everything from fundamentals to system >>>>>administration.http://ads.osdn.com/?ad_id=3D1470&alloc_id=3D3638&op=3Dcl= ick >>>>>_______________________________________________ >>>>>Ilohamail-users mailing list >>>>>Ilo...@li... >>>>>https://lists.sourceforge.net/lists/listinfo/ilohamail-users >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>>------------------------------------------------------- >>>>This SF.Net email is sponsored by: IBM Linux Tutorials >>>>Free Linux tutorial presented by Daniel Robbins, President and CEO of >>>>GenToo technologies. Learn everything from fundamentals to system >>>>administration.http://ads.osdn.com/?ad_id=3D1470&alloc_id=3D3638&op=3Dcli= ck >>>>_______________________________________________ >>>>Ilohamail-users mailing list >>>>Ilo...@li... >>>>https://lists.sourceforge.net/lists/listinfo/ilohamail-users >>>> >>>> >>>> >>>> >>>> >>> >>>------------------------------------------------------- >>>This SF.Net email is sponsored by: IBM Linux Tutorials >>>Free Linux tutorial presented by Daniel Robbins, President and CEO of >>>GenToo technologies. Learn everything from fundamentals to system >>>administration.http://ads.osdn.com/?ad_id=3D1470&alloc_id=3D3638&op=3Dclic= k >>>_______________________________________________ >>>Ilohamail-users mailing list >>>Ilo...@li... >>>https://lists.sourceforge.net/lists/listinfo/ilohamail-users >>> >>> >>> >> >> >> >> >>------------------------------------------------------- >>This SF.Net email is sponsored by: IBM Linux Tutorials >>Free Linux tutorial presented by Daniel Robbins, President and CEO of >>GenToo technologies. Learn everything from fundamentals to system >>administration.http://ads.osdn.com/?ad_id=3D1470&alloc_id=3D3638&op=3Dclick >>_______________________________________________ >>Ilohamail-users mailing list >>Ilo...@li... >>https://lists.sourceforge.net/lists/listinfo/ilohamail-users >> >> >> > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials >Free Linux tutorial presented by Daniel Robbins, President and CEO of >GenToo technologies. Learn everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=3D1470&alloc_id=3D3638&op=3Dclick >_______________________________________________ >Ilohamail-users mailing list >Ilo...@li... >https://lists.sourceforge.net/lists/listinfo/ilohamail-users |
From: NGUYEN D. Quoc-H. <sn...@nt...> - 2004-03-30 21:09:08
|
Does not work. Brock Noland wrote: >I see. I have a similar problem. When I login with the wrong user name >and password and then try it with the correct username and password it >keeps coming back the login screen with no error message. I have to open >a new browser (to kill the globals/sessions?????) before it works. > >For you: >http://..../index.php?user=session_number *might* not work if the >Ilohamail index page only accepts that variable via POST. Have tried >posting it to the index page? > >I am not a delevoper so I am just guessing. > >Brock > > |
From: Ryo C. <ry...@il...> - 2004-03-30 21:48:17
|
Actually, the solution is simple. Instead of $user, give it $session: http://..../index.php?session=3Dsession_number It's a slight idiosyncracy that's there for historical reasons, more than anything else. Ryo On 3/30/2004, "NGUYEN DINH Quoc-Huy" <sn...@nt...> wrote: >Does not work. > >Brock Noland wrote: > >>I see. I have a similar problem. When I login with the wrong user name >>and password and then try it with the correct username and password it >>keeps coming back the login screen with no error message. I have to open >>a new browser (to kill the globals/sessions?????) before it works. >> >>For you: >>http://..../index.php?user=3Dsession_number *might* not work if the >>Ilohamail index page only accepts that variable via POST. Have tried >>posting it to the index page? >> >>I am not a delevoper so I am just guessing. >> >>Brock >> >> > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials >Free Linux tutorial presented by Daniel Robbins, President and CEO of >GenToo technologies. Learn everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=3D1470&alloc_id=3D3638&op=3Dclick >_______________________________________________ >Ilohamail-users mailing list >Ilo...@li... >https://lists.sourceforge.net/lists/listinfo/ilohamail-users |
From: NGUYEN D. Quoc-H. <sn...@nt...> - 2004-03-30 21:59:42
|
Thanks ! Ryo Chijiiwa wrote: >Actually, the solution is simple. Instead of $user, give it $session: > >http://..../index.php?session=session_number > >It's a slight idiosyncracy that's there for historical reasons, more >than anything else. > >Ryo > >On 3/30/2004, "NGUYEN DINH Quoc-Huy" <sn...@nt...> wrote: > > > >>Does not work. >> >>Brock Noland wrote: >> >> >> >>>I see. I have a similar problem. When I login with the wrong user name >>>and password and then try it with the correct username and password it >>>keeps coming back the login screen with no error message. I have to open >>>a new browser (to kill the globals/sessions?????) before it works. >>> >>>For you: >>>http://..../index.php?user=session_number *might* not work if the >>>Ilohamail index page only accepts that variable via POST. Have tried >>>posting it to the index page? >>> >>>I am not a delevoper so I am just guessing. >>> >>>Brock >>> >>> >>> >>> >> >>------------------------------------------------------- >>This SF.Net email is sponsored by: IBM Linux Tutorials >>Free Linux tutorial presented by Daniel Robbins, President and CEO of >>GenToo technologies. Learn everything from fundamentals to system >>administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >>_______________________________________________ >>Ilohamail-users mailing list >>Ilo...@li... >>https://lists.sourceforge.net/lists/listinfo/ilohamail-users >> >> > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials >Free Linux tutorial presented by Daniel Robbins, President and CEO of >GenToo technologies. Learn everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click >_______________________________________________ >Ilohamail-users mailing list >Ilo...@li... >https://lists.sourceforge.net/lists/listinfo/ilohamail-users > > > |
From: NGUYEN D. Quoc-H. <sn...@nt...> - 2004-03-30 23:15:16
|
All works fine. I use an http class that emulate a browser http request. With that class you can do any POST or GET request to a web server for HTTP and also HTTPS. The class can be found at http://www.phpclasses.org/ So I just post login infos to Ilohamail at site login time. And at site logout time I just fopen a stream to ilohamail/logout.php Thats kewl ! By the way, Ryo, are u using build in IMAP functions ? or is it your own functions ? |
From: Ryo C. <ry...@il...> - 2004-03-31 01:19:54
|
On 3/30/2004, "NGUYEN DINH Quoc-Huy" <sn...@nt...> wrote: >By the way, Ryo, are u using build in IMAP functions ? or is it your own >functions ? I wrote my own IMAP & POP functions. THey're in include/imap.inc and pop3.inc Ryo |
From: NGUYEN D. Quoc-H. <sn...@nt...> - 2004-03-31 20:46:30
|
Hmm I got a strange behaviour. At home this works fine. But at my office I can't have it work. After login in my site, I click on the link that get to http://..../index.php?session=xxxx-xx And Ilohamail says Authentication failed! I think it's the cookies cuz it does the same if I manually delete cookie. So how comes that works at my home ? My script that send the user/pass/host to iloha does not create any cookie. At home no cookies are created (delete cookie and check the cookies dir) and it works fine. The Internet Options are security medium and confidentiality medium high. On 3/30/2004, "NGUYEN DINH Quoc-Huy" <sn...@nt...> wrote: >All works fine. >I use an http class that emulate a browser http request. >With that class you can do any POST or GET request to a web server for >HTTP and also HTTPS. >The class can be found at http://www.phpclasses.org/ > >So I just post login infos to Ilohamail at site login time. >And at site logout time I just fopen a stream to ilohamail/logout.php > >Thats kewl ! > >By the way, Ryo, are u using build in IMAP functions ? or is it your own >functions ? > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials >Free Linux tutorial presented by Daniel Robbins, President and CEO of >GenToo technologies. Learn everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Ilohamail-users mailing list >Ilo...@li... >https://lists.sourceforge.net/lists/listinfo/ilohamail-users > |
From: NGUYEN D. Quoc-H. <sn...@nt...> - 2004-04-01 08:04:30
|
hi, I've found why it doesn't work but don't know how to solve ! As I use a script that do a request, Ilohamail thinks that it doesn't accept cookies so Ilohamail uses IP-based encryption key. But as the script is run on my server, the encryption key is based on my server IP. But I'm checking mail at work, so my IP will be different and Ilohamail doesn't recognize me and says Authentication failed. So I just wonder how Ilohamail knows if the browser accept cookies or not. Does Ilohamail test it with javascript or analyzing HTTP headers ? Thanks On 3/31/2004, "NGUYEN DINH Quoc-Huy" <sn...@nt...> wrote: >Hmm I got a strange behaviour. > >At home this works fine. >But at my office I can't have it work. >After login in my site, I click on the link that get to >http://..../index.php?session=xxxx-xx >And Ilohamail says Authentication failed! >I think it's the cookies cuz it does the same if I manually delete >cookie. > >So how comes that works at my home ? >My script that send the user/pass/host to iloha does not create any >cookie. >At home no cookies are created (delete cookie and check the cookies dir) >and it works fine. > >The Internet Options are security medium and confidentiality medium high. > >On 3/30/2004, "NGUYEN DINH Quoc-Huy" <sn...@nt...> wrote: > >>All works fine. >>I use an http class that emulate a browser http request. >>With that class you can do any POST or GET request to a web server for >>HTTP and also HTTPS. >>The class can be found at http://www.phpclasses.org/ >> >>So I just post login infos to Ilohamail at site login time. >>And at site logout time I just fopen a stream to ilohamail/logout.php >> >>Thats kewl ! >> >>By the way, Ryo, are u using build in IMAP functions ? or is it your own >>functions ? >> >> >>------------------------------------------------------- >>This SF.Net email is sponsored by: IBM Linux Tutorials >>Free Linux tutorial presented by Daniel Robbins, President and CEO of >>GenToo technologies. Learn everything from fundamentals to system >>administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >>_______________________________________________ >>Ilohamail-users mailing list >>Ilo...@li... >>https://lists.sourceforge.net/lists/listinfo/ilohamail-users >> > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials >Free Linux tutorial presented by Daniel Robbins, President and CEO of >GenToo technologies. Learn everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Ilohamail-users mailing list >Ilo...@li... >https://lists.sourceforge.net/lists/listinfo/ilohamail-users > |
From: Ryo C. <ry...@il...> - 2004-04-05 07:53:13
|
On 4/1/2004, "NGUYEN DINH Quoc-Huy" <sn...@nt...> wrote: >So I just wonder how Ilohamail knows if the browser accept cookies or not. >Does Ilohamail test it with javascript or analyzing HTTP headers ? When you first load the login page, it tries to set a cookie. When you submit your login information, if that cookie is there, then the browser supports cookies. If the cookie isn't there, then it knows cookies are supported. Ryo |
From: NGUYEN D. Quoc-H. <sn...@nt...> - 2004-04-01 20:33:02
|
Hi, OK my problem is solved! I noticed something else in the 0.8.12: When you click on a link in a HTML mail, the location is loaded in the mail frame instead of opening a new window. Is it good to filter the HTML file before echoing it by adding a target=_blank to each <A> tags ? |
From: Jason A. <ja...@al...> - 2004-04-02 12:59:21
|
Yes, I've noticed this too. I reported it on the bug forum some time back: ============== If I follow any link in an HTML mail, the link is opened in the view message window (the main frame) instead of a new window. Consequently, after I'm done reading the link I followed, any subsequent links anywhere in the Ilohamail interface open in a new window. i.e: Log in to Ilohamail select an email from inbox (HTML message) follow included link in message (it opens in main frame, not new) Click on "Inbox" in folder frame. Inbox opens in a new window, without folder bar or top frame. Same applies for "Prefs", etc, they all open in a new window. Requires logout/login to fix (even the logout opens a new window) Running: Latest Ilohamail (0.8.12) PHP 4.2 RedHat Linux 7.2 Also confirmed via the Demo, with both POP3 and IMAP. ----- Original Message ----- From: "NGUYEN DINH Quoc-Huy" <sn...@nt...> To: <ilo...@li...> Sent: Thursday, April 01, 2004 2:32 PM Subject: [Ilohamail-users] Clicking on a link in a mail > Hi, > > OK my problem is solved! > > I noticed something else in the 0.8.12: > When you click on a link in a HTML mail, the location is loaded in the > mail frame instead > of opening a new window. > Is it good to filter the HTML file before echoing it by adding a > target=_blank to each <A> tags ? > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Ilohamail-users mailing list > Ilo...@li... > https://lists.sourceforge.net/lists/listinfo/ilohamail-users > |
From: Christoph G. <CTO@Goetze.Ch> - 2004-03-30 19:31:59
|
Hello. Know someone a patch to search in all folders at Ilohamail? The reason is that I seek sometimes a document that I save in a folder=20= of my account... and when I need it, I seek it in more then 1 session,=20= because I don't know where it is, at my "saved-mail-docs" or at=20 "server-howto" or I ssek something in "just-for-fun" and=20 "attachments"... Thanks, Christoph. PS: If someone know a "IlohaMail-Style-File-Management-Tool". please=20 send a Tip. I delete Horde, because it was more and more=20 "unmagementable"... q;=B0) |
From: NGUYEN D. Quoc-H. <sn...@nt...> - 2004-03-30 19:39:57
|
I can't pass the session to index.php, it just asks me to login again Brock Noland wrote: >Can't you just create a session just like Ilohamail and store in in the >same place (DB or FS). Then pass the session just like Ilohamail. That way >you will be completely integrated. > >On 30 Mar 2004, NGUYEN DINH Quoc-Huy wrote: > > >>Suppose my visitor is login in my site. He doesn't want to check mail >>yet, go somewhere in the site >>and then go in Ilohamail. So if i want to pass user/host/pass to >>ilohamail, I have to store them somewhere to >>keep them during the surf. >> >>Even though I keep them until he goes to Ilohamail. My site should post >>the user/host/pass for him. >>If he goes back to the site, surf again, and goes again to Ilohamail, my >>site should post the u/h/p again >>in clear text... >>Cuz, if I'm right, I can't go to an existing session by doing >>http://ilohamail.url/index.php?user=XXXXXX-XXX >>but I can go directly to http://...../contacts.php?user=XXXXXXX-XXX >>Every time I come to index.php, it asks for login/pass although the >>session is still opened. >> >>Ryo Chijiiwa wrote: >> >> >> >>>This comes up occasionally, particularly from people trying to integrate >>>IlohaMail into existing portal/CMS-type sites... >>> >>>I can't give you a HOWTO, but I can provide some background information >>>on how sessions are handled in IlohaMail, which may or may not help. >>> >>>When a user logs into IlohaMail, a session ID and random encryption key >>>are generated. The user's user name, host and password are encrypted >>>with this key, and stored in the backend. The session ID is passed >>>around as $user or $session in GET and POST variables, and is used to >>>retrieve the encrypted info. The encryption key is passed around as a >>>cookie, and is used to decrypt the encrypted information, which is then >>>used to access the mail server. That means the user/host/pass is >>>communicated in cleartext once, and only once, at the very beginning. >>>After logging out, the session info (i.e. encrypted data) is removed >>> >>> >>>from the backend. Encryption keys are handled slightly differently in >> >> >>>cases when cookies aren't enabled/supported, but that's a minor >>>implementation detail. >>> >>>To integrate this session authentication mechanism into exsiting >>>frameworks, you would have to have the user enter their email >>>user/host/pass upon initial login to the site, and then pass on to >>>IlohaMail, or otherwise have the credentials saved permanently in the >>>backend (which isn't recommended). >>> >>>Ryo >>> >>> >>> >>> >> >>------------------------------------------------------- >>This SF.Net email is sponsored by: IBM Linux Tutorials >>Free Linux tutorial presented by Daniel Robbins, President and CEO of >>GenToo technologies. Learn everything from fundamentals to system >>administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >>_______________________________________________ >>Ilohamail-users mailing list >>Ilo...@li... >>https://lists.sourceforge.net/lists/listinfo/ilohamail-users >> >> >> > > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials >Free Linux tutorial presented by Daniel Robbins, President and CEO of >GenToo technologies. Learn everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Ilohamail-users mailing list >Ilo...@li... >https://lists.sourceforge.net/lists/listinfo/ilohamail-users > > > |